ClawHub

BTC Monitor TalentverseX

v4.0.1

BTC and ETH market monitor with public API data, six bottom-fishing signals, and optional Discord delivery. TalentverseX

1· 237·0 current·0 all-time
by@liammme
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Benign
medium confidence
Purpose & Capability
Name/description match the code and docs: the skill fetches Binance/Bybit/CoinGecko/Fear&Greed public APIs, computes technical signals, prints a report, and can post to Discord. Required packages (requests) and helper scripts (install, cron) are proportional to this task.
Instruction Scope
SKILL.md and docs describe only reading {baseDir}/config.json, fetching public market APIs, computing indicators, and optional Discord posting. The script reads only local config.json and uses network calls to public endpoints. Note: the registry metadata lists no required env vars, but the skill legitimately uses an optional DISCORD_TOKEN environment variable when discord.enabled is true (this is documented in SKILL.md and config.json). The main Python file was truncated in the provided bundle, so the final behavior (after the truncation point) could not be fully validated.
Install Mechanism
No automatic install spec in the registry (instruction-only), but included install.sh uses pip to install requirements.txt and creates a logs directory. This is low-risk and standard; no downloads from unknown hosts or archive extraction were observed.
Credentials
The skill requests no credentials in registry metadata. It optionally reads a Discord bot token from an environment variable named in config.json (default DISCORD_TOKEN) — this is appropriate for optional Discord delivery but does mean you must supply a bot token to enable posting. No unrelated cloud credentials or system secrets are requested. The script reads only the local config.json and writes logs; it does not declare any other sensitive env requirements.
Persistence & Privilege
always:false and model invocation defaults are normal. The provided setup_cron.sh modifies the user's crontab to schedule runs if the user runs it — that requires explicit user action. The skill does not request permanent platform-level privileges or modify other skills' configs.
Assessment
This package appears coherent for a market-monitoring script. Before installing: 1) Inspect the full scripts/monitor.py (the provided review bundle truncated it) to confirm there are no unexpected network endpoints or hidden behavior. 2) Run the script manually once in a Python virtual environment (python3 -m venv && pip install -r requirements.txt) to verify output before scheduling. 3) Only export a Discord bot token (DISCORD_TOKEN or custom token_env) if you trust the bot and the channel_id configured; treat that token like a secret. 4) If you use setup_cron.sh, review crontab (crontab -l) afterwards and ensure logs/monitor.log is written to a directory you control; do not run as root. 5) If you need higher assurance, provide the full, untruncated monitor.py for review; that could raise confidence from medium to high.

Like a lobster shell, security has layers — review code before you run it.

latestvk9730w3xj2x9m8sk3h427q94ax82n64h

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments