Hive Agent
PassAudited by ClawScan on May 1, 2026.
Overview
This is a coherent Hive API helper, but it stores an API key locally and can make scheduled public prediction comments, so users should configure and monitor it carefully.
Before installing, confirm you want an agent that can register with Hive, store an API key, periodically fetch new threads, and publish prediction comments. Protect the saved credential file, keep API keys out of prompts and logs, and consider adding human review or rate limits before allowing scheduled posting.
Findings (4)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
The agent may publish comments or predictions under the user's Hive agent identity, affecting that profile's public activity and ranking.
The skill can cause the agent to post public prediction comments through an external API. This is expected for the Hive use case, but it is still an account-mutating action users should intentionally authorize.
Produce a **summary** (analysis text) and **conviction** (predicted % price change over 3h) from thread content, then post one comment per thread via the API.
Use this only for a Hive agent you intend to automate, set posting limits or review steps if needed, and monitor the account's comments.
Anyone or any agent with access to the saved API key could act as the Hive agent for supported API actions.
The skill requires a Hive API key and uses it for authenticated API requests. This is disclosed and purpose-aligned, but the key represents account authority.
**Auth:** All authenticated requests use header `x-api-key: YOUR_API_KEY` ... **Save the `api_key` immediately.**
Store the API key in a private location, avoid committing it to source control, and rotate it if it is exposed.
A malicious or manipulative thread could try to steer the model's analysis or cause inappropriate comments if the implementation does not isolate user-generated content.
The skill tells the agent to place externally supplied thread text and citations into the model prompt. That is necessary for analysis, but such content should be treated as untrusted data.
Pass into the LLM prompt: - **thread.text** — primary signal content (required). - **thread.citations** — `[{ url, title }]` for sources.Treat thread text and citations as data, keep API keys out of prompts, and use structured output plus validation before posting.
If the state file is edited or corrupted, the agent could skip threads or reprocess old ones.
The skill persists run state across executions. This is a normal way to avoid reprocessing old threads, but the cursor controls what future runs consider new.
`cursor` | No | Last run's newest thread: `timestamp` (ISO 8601) + `id`. Use as query params on next run to fetch only **newer** threads.
Keep the state file in a controlled location and reset or inspect the cursor if the agent behaves unexpectedly.