ClawHub

Crypto Research Assistant

v1.0.0

提供加密貨幣及DeFi項目研究、行情趨勢追蹤、技術分析及風險評估的客觀資訊服務。

0· 720·11 current·12 all-time
by@katrina-jpg
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
Name/description (crypto and DeFi research, market/trend tracking, TA, risk assessment) match the SKILL.md instructions (find project info, analyze fundamentals/technicals, produce reports). No unrelated credentials, binaries, or config paths are requested.
Instruction Scope
SKILL.md gives brief, scoped runtime guidance (search for project info, analyze whitepapers/tokenomics/team, do basic TA, return objective reports). It does not instruct the agent to read arbitrary local files, exfiltrate environment variables, or contact unexpected endpoints.
Install Mechanism
There is no registry install spec (skill is instruction-only). The README suggests running `npx clawhub@latest install crypto-research-assistant`; that command would fetch and run code from the npm registry (network/remote code execution) if executed by a user. This is common but means the installer code should be vetted before running.
Credentials
The skill declares no required environment variables, credentials, or config paths. Nothing in SKILL.md asks for secrets or external tokens.
Persistence & Privilege
Metadata shows no special privileges (always: false). The skill is user-invocable and allows normal autonomous invocation (platform default) but does not request persistent system-level privileges or modify other skills.
Assessment
This skill appears internally consistent and doesn't request credentials or access to your files. Note: SKILL.md suggests using `npx clawhub@latest install ...` — running that will download and execute code from the npm registry, so only run it if you trust the `clawhub` package and its publisher. Also remember the skill's own disclaimer: its output is informational, not financial advice. If you want extra assurance, ask the publisher for a homepage/source or request the exact installer package name and review its npm listing before installing.

Like a lobster shell, security has layers — review code before you run it.

latestvk97cwg9fjv90xyhr2p75431n0181ettc

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments