ClawHub

Crypto Tools

v1.0.0

Access crypto data, monitor portfolios, detect scams, and navigate exchanges with real-time APIs and security tools.

5· 3.3k·30 current·33 all-time
byIván@ivangdavila
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
The name/description match the provided instructions and supporting docs: price data, on‑chain queries, scam detection, portfolio CSV exports, and gas calculations are all documented. No unrelated privileges, binaries, or credentials are requested.
Instruction Scope
SKILL.md and subsidiary files give concrete API endpoints, curl examples, contract checks, and CSV templates. The instructions do not instruct the agent to read local files, environment variables, or to contact hidden/unknown endpoints. Templates explicitly forbid giving investment advice.
Install Mechanism
No install spec and no code files — this is instruction-only, so nothing is written to disk and there is no package download risk.
Credentials
The skill declares no required env vars or credentials. The docs reference public APIs (some optional/paid APIs like CoinMarketCap, Binance) that may need API keys to increase rate limits; asking for read‑only API keys would be reasonable if later needed. Watch for any future prompts from the agent requesting private keys, exchange trading keys, or seed phrases — those would be disproportionate and unsafe.
Persistence & Privilege
always is false and model invocation is allowed (default). The skill does not request permanent presence or modifications to other skills or system settings.
Assessment
This skill appears coherent and instruction-only, but follow these precautions before installing/using it: 1) Never share seed phrases or private keys — the skill should never ask for them. 2) If asked for exchange API credentials, provide read-only keys only (no withdrawal/trading permissions). 3) Confirm any API keys requested are only for the public services documented (CoinGecko, CoinMarketCap, Etherscan, etc.) and not sent to unknown endpoints. 4) Keep autonomous invocation enabled only if you trust the agent to operate without prompting; consider disabling or limiting autonomous use if you want manual approval for actions that access your accounts. 5) If you plan to aggregate real accounts/wallets, test first with small or empty accounts and prefer read-only methods (public addresses, explorer APIs).

Like a lobster shell, security has layers — review code before you run it.

latestvk97cwshny9k14kvb1tchec8r4n8120gh

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments