Nofa Backtest

The skill is internally consistent with a crypto backtesting API: it only describes calling a remote NOFA API, asks users to register for an API key, and has no extra env vars or installs — but it relies on a dev API host and instructs writing credentials to disk, so verify the remote service before trusting secrets.

This skill appears to do what it says (generate strategies and call a remote backtest/dry-run API) and has no local installers or extra env-var demands. Before installing or using it: (1) verify you trust the remote host (api-dev.reclaw.xyz) — it's a development URL and could behave differently than a production API; (2) avoid putting real exchange API keys or sensitive credentials into generated strategy payloads; the skill recommends saving the NOFA API key to ~/.config/nofa/credentials.json — ensure you are comfortable storing that file locally and that the host is trusted; (3) confirm the project/repository and homepage are legitimate (follow the repository URL in skill.json and the homepage) and review any server-side privacy / data-retention policies (backtest inputs and strategy logic will be sent to the remote API); (4) note the XRPL/x402 paid endpoints require payments — review those flows before enabling them. If you need higher assurance, ask the skill author for a production API host (not api-dev), a privacy/data-retention statement, or server-side source code to review.