ClawHub

NEAR Content Creator

v0.1.0

Generate NEAR-focused content (threads, market updates, ecosystem news, tutorials).

0· 452·0 current·0 all-time
by@mastrophot
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
Name/description match implementation: the code fetches NEAR price (CoinGecko), NEAR RPC status, nearblocks stats, NEAR blog RSS, and GitHub release endpoints to produce market updates, news, threads and tutorials. Declared dependencies (node-fetch) are appropriate for HTTP calls.
Instruction Scope
SKILL.md describes the same commands implemented in the code and does not instruct the agent to read unrelated files, access secrets, or transmit data to unexpected endpoints. Runtime behavior is limited to assembling content from public endpoints and local formatting logic.
Install Mechanism
There is no registry install spec (instruction-only), but the package includes source TypeScript and a package.json that depends on node-fetch and requires a build step (dist/index.js). This is not a security problem, but consumers should be aware the provided source needs npm install / tsc to produce the runtime artifact.
Credentials
The skill declares no required environment variables or credentials and the code does not read secrets or config paths. All external calls are to public APIs and RSS/GitHub endpoints; no tokens are requested or used.
Persistence & Privilege
The skill does not request always:true, does not modify system or other skills' configs, and has no built-in persistence or privileged operations. Autonomous invocation is enabled by default but is not combined with other privilege concerns.
Assessment
This skill appears to do what it says: it fetches public NEAR-related APIs and RSS/GitHub feeds and formats content—no credentials are required. Before installing, consider: 1) the skill will make outbound HTTP requests to public services (CoinGecko, NEAR RPC, nearblocks, near.org, api.github.com), so run it in an environment where outbound network calls are acceptable; 2) the package is TypeScript source and expects a build step (dist/index.js), so confirm how the platform will build/execute it; 3) GitHub and other APIs may be rate-limited without tokens—no secret is requested by the skill; 4) RSS parsing is simple/regex-based (implementation detail), so review output for edge cases. If you need autonomous agents to publish content automatically, decide whether you trust them to post without manual review (autonomous invocation is enabled by default).

Like a lobster shell, security has layers — review code before you run it.

contentvk97eyhvaxphnjaq65eyfgdzcb181ggzglatestvk97eyhvaxphnjaq65eyfgdzcb181ggzgnearvk97eyhvaxphnjaq65eyfgdzcb181ggzg

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments