ClawHub

Claw-Net

v1.0.5

Ask a question in plain English, get data from 13,000+ APIs in one call. Crypto prices, social data, market intelligence. Every response is cryptographically...

1· 112·0 current·0 all-time
by@1xmint
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Benign
medium confidence
Purpose & Capability
The skill’s name/description (query many APIs, orchestrate responses) matches the runtime instructions: all examples call https://api.claw-net.org and require CLAWNET_API_KEY. The requested credential is the single, expected item for this purpose.
Instruction Scope
Runtime instructions stay focused on calling ClawNet endpoints. Two items to note: (1) the MCP example shows an env var CLAWNET_BASE_URL and an npx/tsx command — that would run remote code if followed and is not declared in requires.env; (2) the x402 option implies wallet-based on-chain payments (agent wallet access), which is not spelled out as an explicit required credential. These are examples rather than mandatory actions, but the MCP example could lead to executing third-party code if used verbatim.
Install Mechanism
No install spec and no code files — this is instruction-only. That is the lowest-risk pattern since nothing is written to disk by the skill itself.
Credentials
Only CLAWNET_API_KEY is declared as required (primaryEnv), which is proportionate. Minor inconsistency: SKILL.md references CLAWNET_BASE_URL in the MCP example but that env var is not declared. Also consider that the x402 payment option could require a wallet or on-chain signing outside the declared env model, so understand how your agent/wallet would be invoked before enabling that flow.
Persistence & Privilege
always:false and no required config paths or persistent installation. The skill does not request elevated or always-on privileges.
Assessment
This skill looks like a straightforward client for a public API and only needs your CLAWNET_API_KEY. Before installing: (1) confirm the API domain (https://api.claw-net.org) and the homepage/repo URLs are legitimate and match the project you expect; (2) do not run the MCP npx/tsx example without auditing the referenced code — it will fetch and run third-party packages; (3) if you plan to use x402 (USDC) payment flows, understand how your agent/wallet will sign transactions and avoid granting persistent signing access to untrusted code; (4) give the API key least privilege, monitor usage, and be ready to revoke it if you see unexpected calls; and (5) inspect the referenced soma.json / cryptographic provenance endpoints if you need to validate the claimed data signing provenance.

Like a lobster shell, security has layers — review code before you run it.

attestationvk97evbjtfvq4cq5cq485rj8mc983a01wcryptovk97evbjtfvq4cq5cq485rj8mc983a01wdefivk97evbjtfvq4cq5cq485rj8mc983a01wlatestvk976kj5kph991q47f4e4hrxze983rgkgorchestrationvk97evbjtfvq4cq5cq485rj8mc983a01wsolanavk97evbjtfvq4cq5cq485rj8mc983a01wverificationvk97evbjtfvq4cq5cq485rj8mc983a01wx402vk97evbjtfvq4cq5cq485rj8mc983a01w

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Runtime requirements

EnvCLAWNET_API_KEY
Primary envCLAWNET_API_KEY

Comments