Coinank Openapi Skill
AdvisoryAudited by Static analysis on Apr 30, 2026.
Overview
No suspicious patterns detected.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
When you ask for CoinAnk data, the agent may run curl requests to CoinAnk using the parameters needed for the data request.
The skill explicitly directs the agent to make outbound curl requests to CoinAnk. This matches the stated purpose, but it is still network/tool use that may consume API quota and send query parameters to the provider.
Allowed to make network requests to: https://open-api.coinank.com ... 使用 curl 执行请求。
Install only if you are comfortable with the agent making user-directed CoinAnk API calls; review requested symbols, endpoints, and request sizes if quota or privacy matters.
Your CoinAnk API key can be used by the agent to access the CoinAnk API and may consume your account's permitted API access.
The skill requires a CoinAnk API key from the environment and uses it as the API authentication header. This is expected for the CoinAnk integration and no unrelated credential use is shown.
requires: { env: ["COINANK_API_KEY"] } ... Auth: 从环境变量 `COINANK_API_KEY` 中获取 apikey 注入 Header。Use a dedicated CoinAnk API key if possible, keep it in a secure environment variable, and rotate or revoke it if you no longer use the skill.