ClawHub

Open Exchange Rate

v1.0.0

Get real-time exchange rates and currency conversion using free public ExchangeRate-API. No API key required. Use when users ask for current exchange rates,...

0· 68·0 current·0 all-time
by@alone86136
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
Name/description match the included scripts: all three Python scripts call the public ExchangeRate API (open.er-api.com) to list currencies, fetch rates, and convert amounts. There are no unrelated environment variables, binaries, or configuration paths requested.
Instruction Scope
SKILL.md instructs the agent to run the bundled Python scripts. The scripts only perform HTTPS GET requests to the declared API and print results; they do not read local files, access unrelated environment variables, or transmit data to unexpected endpoints.
Install Mechanism
There is no install spec (instruction-only with bundled scripts). The Python scripts use the third-party 'requests' library, but no dependency/instruction is provided to ensure 'requests' is available. This is an operational note (may fail if runtime lacks requests) rather than a security risk.
Credentials
The skill requires no environment variables, credentials, or config paths. The code does not attempt to access secrets or unrelated services.
Persistence & Privilege
always is false and the skill does not request elevated or persistent system presence. It does not modify other skills or system-wide configuration.
Assessment
This skill appears to do exactly what it claims: call the public open.er-api.com endpoints and print results. Before installing: (1) be aware the scripts make outbound HTTPS requests to a third-party API (they will reveal the currency symbols/queries you request to that API); (2) ensure your runtime has Python and the 'requests' library available or add that dependency; (3) review outbound-network policies if you restrict agents from reaching external services. No secrets are requested and no suspicious behavior was found.

Like a lobster shell, security has layers — review code before you run it.

latestvk9703e4bn5qy762pnjhngy3tc583h5rm

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments