ClawHub

CoinFound-Skill

v1.0.1

Read-only CoinFound RWA data skill backed by a bundled endpoint catalog and schema snapshots.

1· 105·0 current·0 all-time
by@darrenluo
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
Name/description, bundled catalog, schema snapshots, CLI scripts, and Python code all match a read-only RWA data reader. Required binaries (python3/python) are appropriate and no unrelated credentials or system paths are requested.
Instruction Scope
SKILL.md instructs reading bundled files and running the provided fetch script. The runtime code performs GET requests only to the CoinFound base URL and returns normalized/display data as described. The probe scripts can perform live probes and optionally write snapshots, which is documented and separate from the read flow.
Install Mechanism
No install spec is provided (instruction-only). The bundle includes Python source and CLI scripts but does not fetch external installers or archives during 'installation', so there is no remote install risk in the manifest.
Credentials
The skill requests no environment variables or credentials. The code performs unauthenticated GETs to the documented CoinFound API endpoints; requesting no secrets is proportionate to the stated read-only purpose.
Persistence & Privilege
always is false and the skill does not request persistent platform privileges. Probe code can write snapshot files only when explicitly invoked with the write option; it does not modify other skills or global agent settings.
Assessment
This bundle is consistent with a read-only data reader: it will run Python scripts and make unauthenticated GET requests to https://api.coinfound.org/api/kakyoin using the bundled catalog and snapshots. The probe CLI can perform live probes and — only if you run it with the snapshot-write option — persist snapshot files into the bundle directory. No credentials or extra environment variables are requested. If you install this skill, verify you trust the CoinFound domain and are comfortable allowing the agent to perform outbound HTTPS GETs; consider running it in a restricted environment if you need to limit network access.

Like a lobster shell, security has layers — review code before you run it.

latestvk970crskab6n5f159a4k9zdbzx83j3d4

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Runtime requirements

Any binpython3, python

Comments