crypto skill
ReviewAudited by ClawScan on May 10, 2026.
Overview
The skill is a coherent read-only crypto data API, but it asks users to send a long-lived bearer token to an unknown raw-IP HTTP server.
Only use this skill if you trust the operator and are comfortable sending queries and a service-specific token to the listed server. Prefer waiting for HTTPS, a domain-backed service, explicit credential metadata, and revocable tokens; verify any crypto/KOL information independently before acting on it.
Findings (4)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Someone on the network path could capture the API token and consume or abuse the user's quota/account for this service.
The skill requires a long-lived bearer token and directs it to a plaintext HTTP raw-IP service. Authentication is disclosed and purpose-aligned, but the token is not protected in transit and could be reused if intercepted.
**认证方式**: Bearer Token ... Token有效期:1年 ... **Base URL**: `http://88.222.241.169`
Do not reuse any other secret as this token. Prefer an HTTPS domain, short-lived/revocable tokens, and an explicit credential declaration before configuring it.
Users have limited assurance that they are connecting to the intended service, and responses could be tampered with on the network path.
The only declared API server is a raw IP address over HTTP. This is not local code installation, but it gives users little provenance or transport assurance for the service they are trusting.
"servers": [{ "url": "http://88.222.241.169", "description": "生产服务器" }]Ask the maintainer for a stable HTTPS domain, public service provenance, and clear documentation of who operates the API.
Contract addresses or token interests entered by the user may be visible to the listed third-party services.
The documented workflow intentionally sends contract-address lookups to multiple external providers, including a Jina AI proxy for GMGN. This is disclosed and central to the purpose, but it expands where user queries are sent.
DexScreener直接访问 ... GMGN via Jina AI ... Binance Web3
Avoid querying sensitive or unpublished token information through the external providers unless you are comfortable sharing those lookups.
The agent may surface unverified trading narratives or community content that should not be treated as authoritative advice.
The skill retrieves community chat summaries and KOL content. That content is purpose-aligned, but it is third-party social/market text that could be opinionated, inaccurate, or unsafe to treat as instructions.
飞书群聊AI总结 - 查询各大KOL群组的每日聊天总结 ... 二级KOL数据 - 获取专业KOL的代币分析和推荐
Treat returned chat/KOL content as untrusted data, verify with independent sources, and do not allow returned text to override the user's instructions.