ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Exchange Rate

v0.1.0

Use when users need to query daily currency exchange rates between two currencies.

0· 427·0 current·0 all-time
by@jaceymarvin99
Security Scan
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Suspicious
medium confidence
!
Purpose & Capability
The skill's name/description match its behavior (fetching exchange rates). However the manifest declares no required binaries or credentials while the included script clearly depends on curl and jq and performs network requests to a specific API host. Omitting those binary requirements is an incoherence.
Instruction Scope
SKILL.md instructs the agent to run scripts/exchange_rate.sh which issues an outbound HTTPS request to https://60s.viki.moe/v2/exchange-rate. The instructions do not warn about the network call or disclose the full API host, nor do they document expected JSON schema. The script does not read local files or secrets.
Install Mechanism
No install spec is provided (instruction-only plus a script). Nothing is written to disk by an installer; risk is limited to running the included script.
Credentials
The skill declares no environment variables or credentials and the script does not request secrets. This is proportional. However the script makes outbound calls to an external API (unknown origin) which may expose query parameters; no credential access is requested.
Persistence & Privilege
The skill is not always-enabled and does not request elevated or persistent privileges. It does not modify other skills or system-wide settings.
What to consider before installing
This skill appears to implement an exchange-rate lookup but has two practical red flags: (1) the included shell script requires curl and jq even though the manifest lists no required binaries — verify those tools will be available or update the skill declaration; (2) the script calls an undocumented third-party API (https://60s.viki.moe). Before installing or running it, review and validate that API endpoint (owner, privacy policy, reliability). If you plan to run the script, do so in a sandboxed environment, inspect the script thoroughly, and consider replacing the remote API with a known/trusted provider (or adding explicit configuration options).

Like a lobster shell, security has layers — review code before you run it.

latestvk97dhm8nng4879fwpreh2masjn81w3t9
427downloads
0stars
1versions
Updated 7h ago
v0.1.0
MIT-0
@jaceymarvin99
latest
Download

Exchange Rate Skill

This skill helps AI agents fetch daily currency exchange rates from the 60s API.

When to Use This Skill

Use this skill when users:

  • Ask for current exchange rates between two currencies.
  • Want to know the value of one currency in another.
  • Need the latest currency conversion rate.

How to Use

Execute the associated scripts/exchange_rate.sh script to fetch the exchange rate.

./scripts/exchange_rate.sh [options]

Options

  • --currency, -c <currency>: Optional. The base currency ISO 4217 code. Defaults to CNY.
  • --target, -t <target>: Optional. The target currency ISO 4217 code. Defaults to USD. If set to AAA, it returns all available exchange rates for the base currency.

Return Values

The script outputs the exchange rate value of the target currency relative to 1 unit of the base currency. If the target is AAA, it outputs the full JSON response containing all rates. If the target currency is not found, an error message is returned.

Usage Examples

# Get the exchange rate from CNY to USD (default)
./scripts/exchange_rate.sh

# Get the exchange rate from EUR to JPY
./scripts/exchange_rate.sh --currency EUR --target JPY

# Get all exchange rates for GBP
./scripts/exchange_rate.sh -c GBP -t AAA

Comments

Loading comments...