ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Coinank Openapi Skill

v1.0.0

call coinank openapi to get data

0· 397·1 current·1 all-time
by@a4205586
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
Name/description state: call CoinAnk OpenAPI. Declared requirement: COINANK_API_KEY. Files are OpenAPI JSONs for CoinAnk endpoints. All requested resources (OpenAPI files + API key) align with the stated purpose.
Instruction Scope
SKILL.md limits actions to: index/read {baseDir}/references/*.json, validate parameters against those OpenAPI files, and make curl requests to https://open-api.coinank.com with apikey header. It does not instruct reading other system files or calling other external endpoints.
Install Mechanism
No install spec and no code files — instruction-only. Nothing is downloaded or written to disk by the skill itself, minimizing install-time risk.
Credentials
Only one env var is required (COINANK_API_KEY) and it is the primary credential used to authenticate to the CoinAnk API, which matches the skill's purpose. No unrelated secrets or config paths are requested.
Persistence & Privilege
always is false and the skill does not request persistent system privileges or configuration changes. Autonomous invocation is allowed by platform default but is not combined with other concerning privileges.
Assessment
This skill appears coherent: it needs your CoinAnk API key to call CoinAnk endpoints and uses only the included OpenAPI specs. Before installing, confirm you trust coinank.com and that the API key you provide has only the necessary read privileges (avoid providing a more-privileged key). Consider rotating the key if you stop using the skill. Because the skill can make network requests to the CoinAnk domain, do not supply high-privilege or multi-service credentials; verify any returned data before acting on it.

Like a lobster shell, security has layers — review code before you run it.

latestvk97ddncdwg9sek7btb2rkrrwcs821pnx

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Runtime requirements

EnvCOINANK_API_KEY
Primary envCOINANK_API_KEY

Comments