ClawHub

Crypto Interactive Research Framework - CIRF

v0.1.2

Interactive crypto deep-research framework with human-AI collaboration for superior research outcomes

1· 1.6k·1 current·1 all-time
by@kudodefi
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
Name/description (crypto research framework) match the actual content: YAML/Markdown personas, workflows, and guides. The skill requests no environment variables, no binaries, and no installs — consistent with an instruction-only framework. Network access (WebSearch/WebFetch) and file read/write under a workspaces/ directory are coherent with conducting up-to-date research and saving outputs.
Instruction Scope
SKILL.md and related files instruct the agent to read framework files (framework/*) and core-config.yaml and to create/write per-project workspaces (workspaces/{project-id}/outputs/). This is within the purpose, but it grants the agent broad discretion to 'manage workspaces' and 'research proactively' (including WebSearch/WebFetch). The safety of those actions depends on the platform's sandboxing — the skill itself does not ask for or reference system-level secrets or unrelated paths.
Install Mechanism
No install specification and no code files — instruction-only. Nothing is downloaded or written by an installer, which minimizes supply-chain risk.
Credentials
The skill declares no required environment variables, no credentials, and no config paths outside its repository. The requested permissions described in SECURITY.md (read framework files, write to workspaces/, network access for public data) are proportionate to the research use case.
Persistence & Privilege
always:false and normal model invocation behavior. The framework instructs the agent to create and write workspace files within the project directory (local persistence of outputs), which is expected. There are no instructions to modify other skills, create background services, or persist across system restarts.
Assessment
This framework appears internally consistent and readable, but before installing: (1) review the framework files yourself (they're plain YAML/MD) to confirm there are no unexpected endpoints, (2) run agents only in an environment that restricts filesystem access to the project directory (so the agent can't read unrelated system files), (3) be aware the skill expects network access for public WebSearch/WebFetch — ensure your platform's network policy is acceptable, (4) if you store sensitive data, do not place it under the workspaces/ directory used by the framework, and (5) prefer interactive (collaborative) mode rather than autonomous mode unless you trust the agent and sandboxing. Overall the skill is coherent with its stated purpose; remaining risk is operational (sandbox & network controls), not an internal inconsistency.

Like a lobster shell, security has layers — review code before you run it.

latestvk9742h6yv8h41hwqqwt9mksrt980ta1z

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments