Noya Agent
WarnAudited by ClawScan on May 10, 2026.
Overview
The skill is coherent for Noya crypto use, but it has high-impact trading authority and an endpoint override that could send the API key somewhere unexpected.
Install only if you trust Noya and are comfortable giving this skill an API key tied to crypto trading. Use a short-lived key, avoid setting NOYA_BASE_URL, verify every trade or transfer before confirming, and delete old sessions or threads when finished.
Findings (6)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
A mistaken prompt, misunderstood confirmation, or compromised API key could lead to unwanted trades, transfers, or financial loss.
The skill is explicitly designed to request financial actions that can move assets, place market bets, or create trading strategies through a remote agent.
- Swap, bridge, or send tokens (cross-chain supported) - Trade on Polymarket or Rain prediction markets - Set up or manage DCA (dollar-cost averaging) strategies
Use only with limited funds or a test account, verify every transaction detail before confirming, and do not let an agent send a generic "Yes" unless the user has reviewed the exact action.
If NOYA_BASE_URL is set accidentally or maliciously to another host, the Noya API key could be disclosed to that host.
The script sends the Noya API key to whatever base URL is supplied through NOYA_BASE_URL, with no validation that it is the official HTTPS service.
BASE_URL="${NOYA_BASE_URL:-https://safenet.one}"
...
-H "x-api-key: ${NOYA_API_KEY}"Do not set NOYA_BASE_URL unless you fully trust the endpoint; the script should validate HTTPS and restrict the host or clearly warn before sending the key.
Users may trust the skill more than they should because the security section understates the environment-based endpoint override.
This safety statement is incomplete because the helper script also reads NOYA_BASE_URL and can send requests, including the API key, to an overridden base URL.
- All API calls use HTTPS. Only `NOYA_API_KEY` is read from the environment.
Update the documentation to disclose NOYA_BASE_URL, require HTTPS, and warn that changing the base URL changes where the API key is sent.
A DCA strategy could keep affecting funds after the immediate conversation if the user does not understand its schedule and cancellation behavior.
The response handler expects DCA strategy operations, which are persistent trading instructions. The artifacts do not fully describe limits, future execution approval, or stopping conditions.
setup_dca_strategy|view_dca_strategy|list_dca_strategies|modify_dca_strategy|delete_dca_strategy
Before enabling DCA, require explicit user review of amount, asset, cadence, duration, maximum spend, and cancellation instructions.
Portfolio details, trading requests, and other sensitive conversation data may persist in the Noya service and influence later interactions.
The service stores chat/session history remotely, and the skill also documents thread/message retrieval and deletion endpoints.
POST /api/chat/completions ... Maintains message history per session in Redis.
Avoid sending unnecessary sensitive information, use separate thread IDs for separate tasks, and delete threads or sessions when no longer needed.
Users have less independent evidence about who authored the helper script and whether future updates match a reviewed source.
The registry metadata does not identify the source repository or provenance, which matters more for a skill that can interact with financial accounts.
Source: unknown
Prefer installing only if you trust the publisher and can verify the script against an official Noya source.