ClawHub

GM3 Alertworthy Feed

v1.0.3

Read-only access to the GM3 Alertworthy feed, providing real-time token market data for analysis agents.

0· 1.3k·0 current·0 all-time
byalexattinger@bigbadman-lab
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Suspicious
medium confidence
Purpose & Capability
The name/description match the SKILL.md instructions: it is a read-only feed that returns token snapshots from a single GM3 API endpoint. There is no functionality unrelated to the stated purpose in the instructions.
!
Instruction Scope
The SKILL.md instructs the agent to call a single GET endpoint and to include an Authorization: Bearer gm3_key_... header. Instructions are otherwise limited and do not ask the agent to read local files or other secrets. However the doc does not specify the exact env var name or mechanism the agent should use to access the API key (it only states the API key should be stored as a secret), leaving behavior ambiguous.
Install Mechanism
No install spec and no code files are present; this is instruction-only, so nothing is written to disk or downloaded during install.
!
Credentials
The SKILL.md explicitly requires a GM3 Developer API key for Authorization, but the registry metadata lists no required env vars and no primary credential. That mismatch is disproportionate and ambiguous: the skill will need a secret at runtime but does not declare which environment variable or secret name it expects.
Persistence & Privilege
The skill does not request persistent/always-on presence and does not modify system or other skill configuration. Autonomous invocation is allowed (platform default) but is not combined with other high privileges.
What to consider before installing
This skill is small and its behavior (one read-only GET to https://api.gm3.fun/…) is plausible for the described purpose, but there are two issues to address before installing: - Metadata mismatch: The SKILL.md says a GM3 Developer API key is required (Authorization: Bearer gm3_key_…), yet the registry entry declares no required env vars or primary credential. Ask the publisher to declare the exact secret name (e.g., GM3_API_KEY) in requires.env and mark it as the primary credential. That makes the credential usage explicit and auditable. - Provenance and trust: The source/homepage are unknown. Because the skill needs a secret (an API key), only install it if you trust the publisher or can test it in a restricted environment. Confirm how the agent will retrieve the secret (platform secret store vs. prompting the user) and that the skill will only use the key for this endpoint. If the publisher updates the registry to explicitly declare the required env var/primary credential and you can verify the skill originates from a trusted source, the inconsistency is resolved and this skill is likely benign. Until then treat it as suspicious and prefer to test in a sandbox or request the missing metadata.

Like a lobster shell, security has layers — review code before you run it.

analyticsvk97b7rxkfqj23051g980ha5gcn80shxscryptovk97b7rxkfqj23051g980ha5gcn80shxslatestvk971hg9ndz87fv6v32z1jwhxvn80rjgvmarket-datavk97b7rxkfqj23051g980ha5gcn80shxs
1.3kdownloads
0stars
4versions
Updated 1mo ago
v1.0.3
MIT-0
alexattinger@bigbadman-lab
analyticscryptolatestmarket-data
Download

GM3 Alertworthy Feed

--

Overview

This skill provides read-only access to the GM3 Alertworthy feed.

It returns the current snapshot of alertworthy tokens, including valuation, flow, buyer distribution, and market structure signals. The skill is designed to be used by analysis agents that apply their own filtering and decision logic on top of the raw GM3 data.

This skill does not perform filtering, ranking, or trading actions.

Endpoint

GET
https://api.gm3.fun/functions/v1/gm3-api/v1/paid/alertworthy

Authentication

This skill requires a GM3 Developer API key.

Requests must include the following header:

Authorization: Bearer gm3_key_...

The API key should be stored as a secret and never exposed in client-side code.

Headers

Accept: application/json

Inputs

This endpoint does not accept input parameters.

Output

The response is a JSON object containing a data array of alertworthy token snapshots.

Each item may include fields such as:

  • mint
  • rank
  • fdv_usd (current FDV)
  • fdv_at_alert (FDV at first alert)
  • net_sol_inflow
  • buy_ratio
  • buy_count / sell_count
  • unique_buyers
  • capital_efficiency
  • market structure flags
  • timestamps

The exact fields returned are subject to change as the GM3 platform evolves.

Errors

  • 401 Unauthorized – Invalid or revoked API key, or entitlement expired
  • 429 Too Many Requests – Rate limited
  • 500 / 503 – Temporary server error

Notes

  • This skill is intended for analysis-only use.
  • Strategy logic, filtering, and decision-making should be implemented at the agent level.
  • No trading or execution functionality is provided by this skill.

Comments

Loading comments...