Crypto & Stock Market Data Pro
PassAudited by VirusTotal on May 11, 2026.
Overview
Type: OpenClaw Skill Name: guanjia-crypto-market-data Version: 1.0.0 The skill provides a suite of tools for retrieving cryptocurrency and stock market data via a centralized API (api.igent.net). The implementation uses standard Node.js built-in modules (https, fs, path) with no external dependencies, and the logic for token management and data retrieval in scripts like api_client.js and get_crypto_price.js is transparent and consistent with the stated functionality.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Your market lookup terms are sent to the skill's external market-data provider.
All tools make GET requests to an external provider, sending user-supplied market queries such as tickers, coin IDs, and search terms. This is disclosed and purpose-aligned, but it is a data boundary users should notice.
const BASE_URL = process.env.API_BASE_URL || 'https://api.igent.net/api'; ... const { status, body } = await _httpRequest(parsed.toString(), headers);Use this for public market identifiers and avoid sending private portfolio or account information unless you trust the provider.
A temporary service token may remain on disk after use.
The client automatically obtains a provider token, stores it locally, and reuses it as an API authentication header. This matches SKILL.md's disclosure and does not use user credentials, but it creates a persistent local token file.
const TOKEN_FILE = path.join(__dirname, '.token'); ... fs.writeFileSync(TOKEN_FILE, JSON.stringify(data)); ... 'X-API-Token': token
If you stop using the skill or want to reset access, delete the generated scripts/.token file.
The package identity/version may be confusing when comparing the installed artifact to the registry listing.
The bundled metadata differs from the registry-provided owner, slug, and version. This does not indicate malicious runtime behavior in the provided code, but it is a provenance inconsistency.
"ownerId": "kn7514q7g1cz1cjgh8aryp988980qjsk", "slug": "crypto-market-data", "version": "1.0.2"
Verify the publisher and version if provenance matters for your environment.