ClawHub

crypto briefing

v1.0.0

Generate crypto market briefing reports with latest news, price analysis, trend predictions, sentiment analysis, and Fear & Greed Index. Use when user asks f...

0· 356·1 current·1 all-time
byrocinsky@csyr
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Suspicious
medium confidence
Purpose & Capability
Name and description match the behavior: fetching prices, F&G index, news and producing a briefing. Minor inconsistency: SKILL.md instructs the agent to prefer CoinMarketCap for price and F&G, while the included script fetches prices from CoinGecko and F&G from alternative.me. Both are plausible data sources, but the mismatch should be clarified.
!
Instruction Scope
SKILL.md mandates visiting five specific external news sites (foresightnews.pro, panewslab.com, theblockbeats.info, techflowpost.com, odaily.news) and insists none may be skipped. This is within the stated purpose (collecting news) but forces the agent to navigate arbitrary third‑party domains with a specific browser profile (profile=openclaw). That rigid 'MUST visit ALL 5' requirement increases risk: visiting untrusted sites can leak IP, headers, or profile cookies and may expose the agent to malicious content. The instructions do not mention respecting robots.txt, rate limits, or validating content authenticity.
Install Mechanism
No install spec; skill is instruction-driven with a small helper script. No packages are downloaded or written to disk by an installer, which is lower risk.
Credentials
Skill does not request environment variables or credentials (proportionate). However, it requires using a browser with profile=openclaw, which could expose stored cookies, auth tokens, or identifying headers if that profile is not isolated. The included script performs outbound network requests to public APIs (CoinGecko, alternative.me) — expected, but network access is required.
Persistence & Privilege
Skill does not request always:true or any elevated persistence. It is user-invocable and does not declare system-wide changes or privileged modifications.
What to consider before installing
This skill appears to do what it says (collect prices, Fear & Greed index, and news), but take precautions before installing: 1) Review and vet the five mandatory news domains — if you don't trust them, do not allow the browser to visit them. 2) Ensure the browser profile used (profile=openclaw) is isolated and does not contain personal cookies, saved logins, or sensitive headers, since the skill requires navigating third-party sites. 3) Note the SKILL.md prefers CoinMarketCap but the included script uses CoinGecko and alternative.me — confirm which data source you want and consider editing the script if necessary. 4) Be aware that visiting external sites can leak IP and other metadata; run the skill in a sandboxed environment or behind a proxy if privacy is a concern. 5) If you need stronger assurances, request the author to (a) make the list of news sources configurable, (b) remove the absolute 'MUST visit ALL 5' requirement, and (c) document any risk mitigations (robots.txt, timeouts, sanitization).

Like a lobster shell, security has layers — review code before you run it.

latestvk9792hnj6h8j4f65019tg4gw3h81zk95

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments