blockbeats--skill
Security checks across static analysis, malware telemetry, and agentic risk
Overview
This skill appears to be a straightforward BlockBeats API helper that uses curl and a BlockBeats API key to fetch crypto news and market data.
Before installing, confirm you are comfortable letting the skill use your BlockBeats API key to make read-only market and news data requests. Check your provider quota or billing terms, but the supplied artifacts do not show suspicious behavior.
Static analysis
No static analysis findings were reported for this release.
VirusTotal
VirusTotal findings are pending for this skill version.
Risk analysis
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Using the skill may make several BlockBeats API requests per query, which could affect API quota, rate limits, or billing depending on the user's BlockBeats plan.
The skill directs the agent to invoke curl for multiple external API calls. This is tool use, but it is clearly documented and aligned with the skill's market-data purpose.
Execute the following four requests in parallel: ... curl -s -H "api-key: $BLOCKBEATS_API_KEY"
Use a BlockBeats API key intended for this purpose and monitor API usage or costs if your plan has limits.
The agent can use the configured BlockBeats API key to access the provider's data service while performing the documented queries.
The skill requires a BlockBeats API credential. This is expected for the declared API integration and no artifact evidence shows credential leakage or unrelated use.
**Auth**: All requests require Header `api-key: $BLOCKBEATS_API_KEY`
Provide only the required BlockBeats API key, avoid sharing broader credentials, and rotate the key if you no longer use the skill.