TradingView技术指标分析助手Agent
v1.0.22通过调用Prana平台上的远程 agent 执行 TradingView 技术指标相关的分析与计算,并将结果返回给调用方
⭐ 0· 95·0 current·0 all-time
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Benign
medium confidencePurpose & Capability
Name/description claim: run TradingView indicator analysis via Prana remote agent. What is requested/installed: a single env var PRANA_SKILL_API_FLAG and HTTP calls to claw-uat.ebonex.io endpoints. The included scripts implement exactly that flow (invoke /api/claw/agent-run, poll /api/claw/agent-result, fetch /api/v2/api-keys). No unrelated credentials, binaries, or config paths are requested.
Instruction Scope
SKILL.md instructs the agent to obtain an api_key via GET /api/v2/api-keys (if missing), persist it as environment variable PRANA_SKILL_API_FLAG using an OpenClaw config command, and then call agent-run/agent-result/skill-purchase-history-url. The instructions do not request unrelated files or system secrets, but they do direct persistent modification of environment configuration and rely on an unauthenticated GET to obtain a token (the doc states this may be allowed by the platform). Confirm that fetching and persisting the token is acceptable for your environment.
Install Mechanism
No install spec; scripts are included but no downloads or extracted archives. The JS/Python clients are simple HTTP clients that run locally. This is low-risk from an installation code-fetch perspective.
Credentials
Only one env var (PRANA_SKILL_API_FLAG) is required, which matches the skill's use of x-api-key in requests. This is proportionate to the stated purpose. However, the SKILL.md recommends writing this token as a global persistent environment variable; storing a platform token globally increases blast radius if the token scope is broad. Also the skill fetches the api_key from a public endpoint (per docs) rather than requiring user-provided credentials — verify the token's scope and intended sharing model before persisting.
Persistence & Privilege
always:false (not force-included) and model invocation not disabled (normal). The notable persistence action is the recommendation to set a global OpenClaw environment variable (openclaw config set env.PRANA_SKILL_API_FLAG) to reduce repeated handshakes. That is a deliberate persistent change the user must approve; the skill does not auto-write environment variables itself in the provided code, but SKILL.md instructs the operator to do so.
Assessment
This skill appears to do what it says: it calls a Prana/Claw agent to run TradingView indicator analysis and uses a single API key read from PRANA_SKILL_API_FLAG. Before enabling: 1) Verify the remote host (https://claw-uat.ebonex.io) — note 'uat' suggests a test environment; confirm you intended to use that endpoint or a production URL. 2) Confirm the api_key issuance semantics and scope: understand whether the token is shared or user-scoped and what permissions it grants. 3) Prefer session-scoped or per-agent tokens rather than writing a global env var if you want to limit persistence/blast radius; if you must persist it, store it in a secure secret store and avoid logging it. 4) Confirm with stakeholders that writing a global OpenClaw env var is acceptable and that the skill's data flow to the remote agent complies with privacy/compliance rules. If you need higher assurance, ask the publisher for production endpoints, token scoping documentation, and audit logs for agent-run calls.scripts/prana_skill_client.js:111
Environment variable access combined with network send.
Confirmed safe by external scanners
Static analysis detected API credential-access patterns, but both VirusTotal and OpenClaw confirmed this skill is safe. These patterns are common in legitimate API integration skills.Like a lobster shell, security has layers — review code before you run it.
analysisvk97fgvtpnb1s08en66a32wz9f183zwarindicatorsvk97fgvtpnb1s08en66a32wz9f183zwarlatestvk97d0gnrxbgexysh04jcgm94a183znxv
License
MIT-0
Free to use, modify, and redistribute. No attribution required.