ClawHub

Dexie

v1.0.0

Track Chia DEX offers, tokens, pairs, prices, and platform stats using Dexie.space API via CLI or chat commands.

2· 1.5k·0 current·0 all-time
by@koba42corp
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
The skill's files (index.js, lib/api.js, cli.js, README, SKILL.md) implement a Dexie.space API client and CLI for offers, assets, pairs, and stats. No unrelated binaries, env vars, or credentials are requested. The declared purpose (tracking DEX activity) aligns with the code and docs.
Instruction Scope
SKILL.md instructs the agent to forward user queries to handleCommand and shows the same CLI/Telegram commands the code implements. The runtime instructions do not ask the agent to read unrelated files or secrets, nor to transmit data to endpoints other than the Dexie API (https://api.dexie.space/v1).
Install Mechanism
No platform-level install spec was declared, but the repo includes an install.sh and package.json. install.sh runs 'npm install --production' and the package depends only on axios (resolved from the public npm registry). This is a typical Node install pattern and low risk; users should be aware npm install will fetch packages from the public registry and npm link will create global CLI symlinks.
Credentials
The skill requires no environment variables, no API keys, and no config paths. That is proportional for a public-read API client. No sensitive credential names are requested.
Persistence & Privilege
Skill flags show always=false and normal model invocation (disable-model-invocation=false). The skill does not request permanent system-wide changes. The only persistence-related action recommended by README/install.sh is npm link to expose a CLI, which is standard and limited in scope.
Assessment
This package appears to be a straightforward client for the public Dexie.space API. Before installing, consider: 1) review the repository URL and author (package.json points to a GitHub repo) to confirm trust in the upstream source; 2) the skill will make outbound HTTP requests to https://api.dexie.space/v1 — only install if you trust that API and its operator; 3) installing runs 'npm install' which fetches dependencies from the public npm registry (standard but worth noting); 4) npm link will create global 'dex'/'dexie' CLI commands on your system; 5) there are minor code issues (e.g., paginate's result.success/structure checks may be buggy) but they look like quality issues rather than malicious behavior. If you need higher assurance, verify the GitHub repository history, check package integrity (lockfile), and run the code in an isolated environment first.

Like a lobster shell, security has layers — review code before you run it.

latestvk9701jfccy37ynmtt6ey4w8w81804t4n

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments