ClawHub

Perpulator

v1.0.0

Analyze perpetual futures positions directly in Claude Code — liquidation price, risk/reward, PnL, and probability-based trade plans. Powered by Perpulator.

0· 52·0 current·0 all-time
by@farisalahmad714
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
Capability signals
Crypto
These labels describe what authority the skill may exercise. They are separate from suspicious or malicious moderation verdicts.
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
Name/description (perpetual futures analysis) matches required resources: a single Perpulator API key and curl to call the Perpulator API at perpulator.vercel.app. No unrelated cloud credentials, binaries, or config paths are requested.
Instruction Scope
Instructions are narrowly scoped to parsing user-provided trade parameters and posting them to https://perpulator.vercel.app/api/v1/calculate. One noteworthy instruction: it tells the agent to run `echo $PERPULATOR_API_KEY` (which will print the raw key). That may leak the secret into agent output or logs; otherwise instructions do not access other files, env vars, or external endpoints.
Install Mechanism
No install spec and no code files — instruction-only skill. This is lowest-risk from an install perspective (nothing will be written to disk).
Credentials
Only a single credential is required (PERPULATOR_API_KEY), which is appropriate for an API-backed analysis service. No unrelated secrets or many environment variables are requested.
Persistence & Privilege
Skill does not request always:true or any elevated persistence or modification of other skills/configuration. It is user-invocable and allows autonomous invocation (platform default).
Assessment
This skill appears coherent for its stated purpose: it posts user-supplied trade parameters to the Perpulator API and returns the computed analysis. Before installing or enabling it, consider: 1) The skill will transmit your trade details (symbol, entry, stop, etc.) to perpulator.vercel.app — only proceed if you trust that service. 2) The SKILL.md tells the agent to `echo $PERPULATOR_API_KEY`, which will display your API key in the agent's output or logs; prefer setting a limited-scope or read-only key if supported, and avoid exposing your primary credentials in shared environments. 3) Verify the Perpulator homepage and that the API endpoint is legitimate (the domain matches the homepage here). 4) If you need stronger privacy, ask the skill owner to remove the explicit echo-check and instead have the agent silently test the key (e.g., attempt the API call and handle auth errors) or only prompt the user to confirm they set a key without printing it. If you want, I can suggest an edited SKILL.md that avoids echoing the key and provides safer key-check behavior.

Like a lobster shell, security has layers — review code before you run it.

latestvk9725ptxze76jd10ge5rhwavb584rqtc

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Runtime requirements

📊 Clawdis
Binscurl
EnvPERPULATOR_API_KEY
Primary envPERPULATOR_API_KEY

Comments