ClawHub

Noya Agent

v1.0.13

Interact with the Noya AI agent for crypto trading, prediction markets, token analysis, and DCA strategies via curl. Use when the user wants to trade tokens,...

0· 689·0 current·0 all-time
byAli Hajeh@ali-hajeh
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
The name/description (crypto trading, prediction markets, DCA) aligns with the actual behavior: all network calls go to the documented API endpoints via curl, and the script parses streaming responses. Required binaries (curl, jq) and the single required env var (NOYA_API_KEY) are appropriate for the described functionality.
Instruction Scope
The SKILL.md and the included bash script limit actions to sending messages to the Noya API and parsing returned JSON chunks; they do not read unrelated system files. Two minor inconsistencies: (1) the script documents NOYA_BASE_URL as an optional override (and the script uses it), but NOYA_BASE_URL is not declared in requires.env; (2) the script's usage comment mentions a different default host (agent.noya.ai) while the actual default BASE_URL is https://safenet.one. The SKILL.md also instructs placing the API key into ~/.openclaw/openclaw.json (explicitly saving the key into agent config), which is a functional instruction but has security/privacy implications (storing a long-lived secret in plaintext config).
Install Mechanism
There is no installer or remote download; this is an instruction-only skill with one small helper script included. No third-party packages or external downloads are requested, so install risk is low.
Credentials
Only NOYA_API_KEY is required (declared as primary credential), which is appropriate. The script also accepts an optional NOYA_BASE_URL (not declared), and SKILL.md instructs storing the API key in the OpenClaw config file (~/.openclaw/openclaw.json). Storing full API keys in plaintext config increases risk; the SKILL.md recommends using short-lived keys but does not enforce them.
Persistence & Privilege
The skill does not request always:true and does not modify other skills or global agent settings beyond an example of adding its own entry to openclaw.json. It runs only when invoked by the user or the agent (normal behavior).
Assessment
This skill appears to do what it says: it sends messages to Noya's REST API and prints the streamed output. Before installing: (1) verify you trust the Noya service (agent.noya.ai / safenet.one) and the skill owner because the skill will be able to act on your behalf with the NOYA_API_KEY; (2) prefer creating a short-lived, limited-scope API key and revoke it if unused; (3) avoid storing full API keys in shared or world-readable config files — if you must store the key in ~/.openclaw/openclaw.json, ensure the file is permission-restricted; (4) confirm the base URL you intend to use (script defaults to https://safenet.one, but docs also reference agent.noya.ai) and set NOYA_BASE_URL if needed; and (5) be cautious when approving any agent 'interrupt' prompts that would execute swaps, bridges, or sends — always check transaction details before replying Yes. If you need higher assurance, contact the service directly to confirm endpoints and key management practices or inspect network traffic when first using the skill.

Like a lobster shell, security has layers — review code before you run it.

latestvk97afq89axtx5bk1d3mm1ckv4s81cv5j

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Runtime requirements

🤖 Clawdis
Binscurl, jq
EnvNOYA_API_KEY
Primary envNOYA_API_KEY

Comments