abe-exchange-rates
PassAudited by VirusTotal on May 10, 2026.
Overview
Type: OpenClaw Skill Name: abe-exchange-rates Version: 1.0.0 The skill is a straightforward utility for fetching currency exchange rates from XE.com and a public fallback API. The script `scripts/xe-rate.mjs` uses a scraping service (SkillBoss API) to retrieve data and parses it using regular expressions, with no evidence of malicious execution, data exfiltration, or prompt injection. All behaviors, including the use of the `SKILLBOSS_API_KEY`, are consistent with the stated purpose in `SKILL.md`.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Using the XE scraping path may require a SkillBoss API key, and that key is transmitted to api.heybossai.com for the requested rate lookup.
The script reads an environment API key and sends it as a bearer token to the SkillBoss/HeyBoss API used for XE scraping.
const SKILLBOSS_API_KEY = process.env.SKILLBOSS_API_KEY; ... 'Authorization': `Bearer ${SKILLBOSS_API_KEY}`Use a scoped and rotatable API key if possible, and ensure the skill configuration clearly declares SKILLBOSS_API_KEY before enabling it.