Crypto Interactive Research Framework - CIRF
PassAudited by VirusTotal on May 12, 2026.
Overview
Type: OpenClaw Skill Name: cirf Version: 0.1.2 The OpenClaw AgentSkills skill bundle is a well-structured and highly transparent framework for AI-assisted crypto research. All instructions, including those in `SKILL.md` and various `.md` and `.yaml` files, are consistently aligned with the stated purpose of conducting research and managing project workspaces. There is no evidence of data exfiltration, malicious execution, persistence mechanisms, obfuscation, or suspicious supply chain practices. The `SECURITY.md` file explicitly details the framework's required permissions (file read/write within its own directories, web search/fetch for public data) and explicitly denies malicious behaviors, which is consistent with the content of all other files.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
The agent may create local workspace files and send search queries or requested URLs to web-search/fetch providers while conducting research.
The skill expects the agent to write research outputs locally and use web research tools; this is aligned with the research purpose but is still meaningful tool authority.
"File System Access - WRITE" ... "workspaces/{project-id}/outputs/**/*.md" ... "Network Access - WebSearch" ... "Network Access - WebFetch"Use collaborative mode for sensitive topics, avoid including private data in searches, and review generated workspace files before reusing or sharing them.
Future research runs may be influenced by saved workspace settings, prior requirements, notes, or outputs.
The workspace template explicitly stores session variables and workflow history for later reuse, which is useful for continuity but can carry forward stale or user-supplied context.
"After conversation compact, agents restore context from this cache" ... "PERSISTENCE: Survives conversation compacts"
Review workspace.yaml and saved outputs periodically, and clear or edit old workspace state when switching topics or after sensitive research.
Users have less registry-level provenance information for confirming that the prompt files match the intended upstream project.
The registry metadata does not provide a verified source or homepage, although the skill is instruction-only and no executable install mechanism is present.
Source: unknown; Homepage: none
Verify the package against the declared project source before installing if provenance matters for your workflow.