Crypto Levels Analyzer
AdvisoryAudited by Static analysis on Apr 30, 2026.
Overview
No suspicious patterns detected.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Using the command-line modes may run code from the skill package on the user’s machine.
The documentation includes user-directed commands for running local Python scripts. This is expected for the skill’s analysis function, but it means installation/use may involve local code execution.
python3 scripts/analyze_quick.py SOL 177.70 2.31 60
Run the scripts only from the installed skill directory, avoid elevated privileges, and review local scripts if you plan to use command-line modes.
If a user supplies an over-permissioned API key, misuse of that key could affect the associated provider or exchange account.
The skill supports optional market-data provider API keys. This is purpose-aligned, but exchange/provider credentials should be scoped because some services can issue keys with broader account privileges.
export COINGECKO_API_KEY="your_key" export COINMARKETCAP_API_KEY="your_key" export BINANCE_API_KEY="your_key"
Use read-only or market-data-only keys where possible, never enable trading or withdrawal permissions for this skill, prefer environment variables, and apply IP restrictions if supported.
A local record of the analysis may remain on the machine after use.
Quick-mode analysis is documented as writing results to a local temporary JSON file. The content appears low sensitivity, but it is still a persistent local artifact.
分析结果会自动保存到 `/tmp/crypto_analysis_quick.json`
Delete the temporary file if you do not want analysis results left on disk, especially on shared systems.