ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Agent News Api

v1.2.2

A set of free and premium AI enriched global news streams for agents, provided by agentnewsapi.com. Powered by $ANA on Solana.

1· 10·0 current·0 all-time
by@agentnewsdev
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Pending
View report →
OpenClawOpenClaw
Suspicious
medium confidence
Purpose & Capability
Name/description align with included code and network hosts (api.agentnewsapi.com). Requested env vars (AGENT_NEWS_API_KEY, SOLANA_PRIVATE_KEY) and npm dependencies (@solana/web3.js, tweetnacl, bs58, socket.io-client, axios) are coherent with a Solana-based API + signing + WebSocket feed. Minor inconsistency: registry metadata claims 'No install spec / instruction-only' while SKILL.md and package.json include an npm install/packaged CLI and libs.
!
Instruction Scope
Runtime instructions and code perform local signing of a challenge using SOLANA_PRIVATE_KEY and POST the signature to /api/keys/autonomous to obtain an API key — the private key itself is not sent. However the skill exposes an explicit deposit address and guides autonomous agents to 'self-manage' funding, which has direct financial implications. The code loads dotenv (which can pull env from .env files), and SKILL.md's language about 'saving a persistent X-API-KEY' is slightly misleading (the CLI returns the key but does not persist it to disk).
Install Mechanism
Installation is via npm (SKILL.md lists `npm install` and package.json declares standard npm dependencies). No remote arbitrary downloads observed. The registry-level claim of 'no install spec' conflicts with the presence of package.json and an install step — this mismatch is a concern about packaging accuracy but not an active code-hosting risk.
!
Credentials
Required envs are limited and relevant, but SOLANA_PRIVATE_KEY — even if optional — is a high-value credential: any code that can access it can sign transactions. The skill claims the private key is never transmitted and uses it only to sign a message; the code reflects that. Still, granting a skill a wallet key is a high privilege that should be limited to an expendable wallet with minimal funds. The skill also reads .env if present (dotenv).
Persistence & Privilege
The skill is not always-enabled and does not request system-wide persistence. It stores an acquired apiKey in memory (client.apiKey) but does not write configuration or modify other skills. SKILL.md wording about 'negotiating and saving a persistent X-API-KEY' could be misread as automatic disk persistence — the code only returns the key to stdout and asks the user to save it.
What to consider before installing
This skill generally does what it says (news + Solana-based onboarding), but pay attention to the financial and credential implications before installing: - Only provide SOLANA_PRIVATE_KEY if you fully trust the publisher; prefer using a dedicated, low-value wallet for onboarding/funding. The private key allows local signing and therefore could be used (if code changed) to sign transactions. - The skill instructs agents to deposit SOL to a protocol hot-wallet address — transferring funds is irreversible; do not fund it unless you trust the service and understand the economics. - The package installs npm dependencies. Verify the package source (repository, publisher identity, git history) before installing and consider running it in a sandboxed environment. - The registry metadata and SKILL.md disagree about install behavior; that mismatch indicates sloppy packaging — ask the publisher to clarify the install process and whether the skill persists any keys to disk. - If you decide to proceed, rotate keys after use and monitor any wallet you fund. If you are uncomfortable with giving any private key, decline SOL onboarding and use the free delayed endpoints (which the client supports unauthenticated).
agent-news-cli.js:14
Environment variable access combined with network send.
Patterns worth reviewing
These patterns may indicate risky behavior. Check the VirusTotal and OpenClaw results above for context-aware analysis before installing.

Like a lobster shell, security has layers — review code before you run it.

ai-agentsvk97091fgc2n8s64e1ha139xde5841rskautonomousvk97091fgc2n8s64e1ha139xde5841rskautonomous-agentsvk970zv6mbs5q3cj1xnfptsrrh184259bcurationvk97091fgc2n8s64e1ha139xde5841rskdeep-researchvk97091fgc2n8s64e1ha139xde5841rskevent-detectionvk97091fgc2n8s64e1ha139xde5841rskevent-firehosevk970zv6mbs5q3cj1xnfptsrrh184259bgdeltvk97091fgc2n8s64e1ha139xde5841rskgeminivk97091fgc2n8s64e1ha139xde5841rskgeospatialvk970zv6mbs5q3cj1xnfptsrrh184259bglobal-intelligencevk970zv6mbs5q3cj1xnfptsrrh184259bglobal-newsvk970zv6mbs5q3cj1xnfptsrrh184259bintelligence-streamvk97091fgc2n8s64e1ha139xde5841rsklatestvk970zv6mbs5q3cj1xnfptsrrh184259bllm-nativevk970zv6mbs5q3cj1xnfptsrrh184259bmachine-readablevk970zv6mbs5q3cj1xnfptsrrh184259bnewsvk970zv6mbs5q3cj1xnfptsrrh184259bosintvk97091fgc2n8s64e1ha139xde5841rskreal-timevk97091fgc2n8s64e1ha139xde5841rskreal-time-signalsvk970zv6mbs5q3cj1xnfptsrrh184259bsemantic-telemetryvk970zv6mbs5q3cj1xnfptsrrh184259bsignalsvk97091fgc2n8s64e1ha139xde5841rsksolanavk97091fgc2n8s64e1ha139xde5841rskweb3vk97091fgc2n8s64e1ha139xde5841rskworld-newsvk970zv6mbs5q3cj1xnfptsrrh184259bzero-hitlvk970zv6mbs5q3cj1xnfptsrrh184259b

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Runtime requirements

EnvAGENT_NEWS_API_KEY (optional — auto-generated via Zero-HITL onboarding), SOLANA_PRIVATE_KEY (optional — required for Zero-HITL auth and autonomous funding on premium endpoints)

SKILL.md

Agent News API (Mainnet Beta)

This skill grants autonomous agents access to the Agent News API, the premier signal ingestion point for AI entities seeking live global event context. We distill the noise of over 100,000 daily events into a filtered, enriched, and machine-readable stream of semantic payloads containing high signal metadata such as entities and locations.

Agents can monitor market-moving events, extract tactical sentiment, and completely self-manage their API funding via Solana using our Zero-HITL (Human-In-The-Loop) architecture.

🛠️ Tools (For Autonomous Agent Use)

The following tools are exposed to the LLM agent upon installation:

fetch_news_premium

Fetches the absolute latest, sub-second global signals from the Firehose.

  • Cost: $0.0001 USD worth of $SOL per story (dynamically pegged).
  • Arguments: - limit (integer): Number of signals to fetch (Max: 500).
    • q (string): Search or category query.
  • Returns: Array of structured Story Objects (see schema below).

fetch_news_free

Fetches archived news signals with a mandatory 20-minute time offset. Ideal for lower criticality information gathering tasks.

  • Cost: Free.
  • Limits: 1 request per minute. Max 100 stories per request.
  • Arguments: - limit (integer): Number of signals to fetch (Max: 100).
    • q (string): Search or category query.

check_credit_balance

Queries the current API credit balance denominated in $SOL. Agents should call this before initiating high-frequency loops.

autonomous_onboard

Triggers the Zero-HITL registration flow. The agent uses its local Solana private key to sign a cryptographic challenge ("Allow Agent News API Access"), autonomously negotiating and saving a persistent X-API-KEY.

get_deposit_address

Returns the official Protocol Hot Wallet address (6rSLPtj9Ef7aifNHHFzEPkY5hWECJXryivWx1YhPuXSa). Agents can use this to transfer native $SOL from their wallets to top up API credit.

⚡ WebSocket Stream (Premium Only)

For sub-second latency updates, agents can connect to the global firehose stream. This is the recommended ingestion method for high-frequency autonomous decision making or rapid-response entities.

  • Endpoint: https://api.agentnewsapi.com
  • Protocol: Socket.io
  • Event: news_update

Node.js Implementation Example

const io = require('socket.io-client');

const socket = io('https://api.agentnewsapi.com', {
    auth: { apiKey: process.env.AGENT_NEWS_API_KEY }
});

socket.on('news_update', (data) => {
    console.log('New Signal Ingested:', data.title);
    // data._meta contains cost (e.g., 0.00000118 SOL) and remainingCredits
});

socket.on('error', (err) => {
    if (err.code === 'INSUFFICIENT_CREDITS') {
        console.error('Refill $SOL balance to resume stream.');
    }
});
  • Cost: $0.0001 USD worth of $SOL per story received (same as premium REST).
  • Latency: Sub-second (Global Firehose).

💻 CLI Commands (For Human Operators)

  • agentnews fetch --limit <number>: Fetch real-time premium signals.
  • agentnews fetch-free --limit <number>: Fetch 20-minute delayed signals.
  • agentnews balance: Check current $SOL API credit balance.
  • agentnews onboard: Execute the Zero-HITL autonomous key generation.
  • agentnews deposit-address: Retrieve the Protocol Hot Wallet address.

🔐 Security & Zero-HITL Principles

This skill handles sensitive authentication to enable true autonomy.

  1. Local-First Cryptography: The SOLANA_PRIVATE_KEY is utilized strictly locally by the SDK to generate nacl detached signatures. The private key is never transmitted to the Agent News API servers.
  2. Dynamic Pegging: The $SOL exchange rate is updated every second using a public Coinbase endpoint to maintain the fixed $0.0001 USD/story cost.
  3. Automated Deflation: 25% of all $SOL API revenue is automatically allocated to buybacks and permanent burns of the protocol's governance token, $ANA (GR9NrQhGfhRjKAerVCaRJAHmZqvUtiQ3dVjh9AMxpump).

📦 Data Schema: Semantic Payloads

All news signals are delivered as JSON objects specifically curated for LLM comprehension:

FieldTypeDescription
idstringUnique identifier for the story (e.g., story_92b1...).
titlestringAI-curated headline focused on factual intensity.
summarystringHigh-signal technical distillation.
significancenumberImpact score from 1 to 100 calculated by the reasoning engine.
sentimentobjectContains label (Positive/Negative/Neutral) and score.
entitiesarrayList of extracted organizations, locations, and assets.
categorystringPrimary theme (Macro, Geopolitical, Crypto, etc).
_metaobjectPremium Only: Contains transaction cost and remainingCredits in $SOL.

⚙️ Environment Variables

  • AGENT_NEWS_API_KEY: (Optional) Your persistent API key (can be generated via agentnews onboard).
  • SOLANA_PRIVATE_KEY: (Optional) Base58 encoded Ed25519 key for Zero-HITL onboarding and automated funding.
  • AGENT_NEWS_API_URL: (Optional) Default is https://api.agentnewsapi.com.

Files

4 total
Select a file
Select a file to preview.

Comments

Loading comments…