ClawHub

Mempool Space Openapi Skill

v1.0.0

Operate mempool.space public Bitcoin and Lightning explorer APIs through UXC with a curated OpenAPI schema, no-auth setup, and read-first guardrails.

0· 110·1 current·1 all-time
by@jolestar
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
Name/description, included OpenAPI schema, and example operations all align with a read-only mempool.space explorer skill. Minor mismatch: the SKILL.md runtime prerequisites require the uxc binary and network access, but the registry metadata lists no required binaries — the skill will not function without uxc present, so the manifest should declare that dependency for clarity.
Instruction Scope
SKILL.md instructs only read operations against mempool.space via uxc and explicitly forbids broadcasts/internal/admin routes. It references a curated OpenAPI schema (also included under references) and network access to mempool.space; there are no instructions to read unrelated files, environment variables, or exfiltrate data to unexpected endpoints.
Install Mechanism
No install spec (instruction-only), so nothing is written to disk during install. The repository includes a validation script (scripts/validate.sh) for CI that requires jq and rg, but that script is for author-time validation rather than runtime execution.
Credentials
The skill declares no environment variables, no credentials, and no config paths — appropriate for a public read-only explorer. There are no hidden env accesses in SKILL.md or included files.
Persistence & Privilege
The skill is not always-enabled (always:false) and is user-invocable; autonomous invocation is allowed (the default) but the skill does not request extra privileges or attempt to modify other skills or system-wide settings.
Assessment
This skill appears coherent and read-only, but before installing, verify: (1) you have the uxc binary available on PATH (SKILL.md depends on it though the registry metadata doesn't list it); (2) you are comfortable allowing the agent to make network requests to https://mempool.space/api; (3) the schema URL used in the examples points to raw.githubusercontent.com — consider using the bundled local schema file (references/mempool-space-public.openapi.json) or auditing that remote URL before allowing runtime fetches to avoid unexpected schema changes; (4) the included scripts/validate.sh are for repository validation and require jq and ripgrep (rg) only if you run validation locally. No credentials are requested by the skill. If you need stronger assurance, review references/mempool-space-public.openapi.json to confirm the exact endpoints exposed and that no write or internal routes are present.

Like a lobster shell, security has layers — review code before you run it.

latestvk970zwh0rvms3vx5kntf86hmjx836jqe

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments