exchange-rate
PassAudited by ClawScan on May 1, 2026.
Overview
This currency exchange skill is coherent and purpose-aligned, with only minor notes that it runs a local Bun script and sends currency query details to a disclosed exchange-rate API.
This appears safe for ordinary exchange-rate lookup. Before installing, note that it expects Bun to run a local script and will send the requested currencies, amount, and date to the disclosed Frankfurter/ECB exchange-rate API.
Findings (3)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Installing or using the skill may run local TypeScript code to answer exchange-rate questions.
The skill is not purely instructional; it expects the agent/user to execute an included local Bun script. This is central to the stated exchange-rate purpose and the source code is included.
Run `bun scripts/exchange.ts --help` in this skill directory.
Use it from the skill directory, ensure Bun is an expected runtime, and keep the script limited to the included exchange-rate commands.
Currency codes, amounts, and requested dates may be sent to the Frankfurter exchange-rate service.
The code sends exchange-rate requests to a single disclosed external API endpoint, which matches the skill description and does not require credentials.
export const API_BASE_URL = "https://api.frankfurter.dev/v1";
Avoid using unusually sensitive transaction details as query amounts if that would be private; otherwise this network use is expected for the skill.
The skill may fail or require manual setup if Bun is not already installed.
The registry requirements do not declare a required runtime, while the skill instructions and shebang use Bun. This is an under-declared setup dependency, not evidence of hidden behavior.
Required binaries (all must exist): none
The publisher should declare Bun as a required runtime or provide an install spec; users should install Bun only from a trusted source if needed.