Immortal
PassAudited by ClawScan on May 1, 2026.
Overview
This skill is a straightforward crypto-risk reporting tool that makes disclosed HTTP calls to a Majestify API and does not show credential use, persistence, destructive behavior, or hidden local data access.
This looks safe to install for its stated purpose if you are comfortable with it contacting the Majestify crypto-health API. Review the endpoint you use, remember that results come from an external service, and do not let the classifications automatically drive real financial actions without human judgment.
Findings (2)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
The external API can see which assets are being assessed and its responses influence the reported risk classification.
The script sends the selected asset IDs and time window to an external API. This is disclosed and purpose-aligned, but users should be aware that requests and results depend on an outside service.
DEFAULT_API_BASE = "https://crypto-health-hub.onrender.com" ... url = f"{api_base}/api/metrics/{coin}?days={days}"Use the default or custom API endpoint only if you trust that provider, and avoid treating the output as the sole basis for financial decisions.
Installation metadata may not fully signal that running the skill requires Python and internet access.
The skill discloses runtime expectations in the README even though the registry requirements list no required binaries, packages, or environment variables. This is an under-declared metadata issue rather than hidden behavior.
Python 3.10+ ... httpx (optional) ... Internet access to the Majestify API
Confirm Python is available and that outbound network access to the Majestify API is acceptable before using the skill.