Fear Greed
PassAudited by ClawScan on May 1, 2026.
Overview
This appears to be a straightforward crypto sentiment widget that uses disclosed Strykr-hosted market-data and widget endpoints, with minor dependency and provenance notes but no evidence of malicious behavior.
This looks low-risk as a market-data widget. Before installing or embedding it, confirm you trust the Strykr API/CDN endpoints and ensure curl and jq are available if you plan to run the shell script.
Findings (2)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
If a user embeds the hosted widget, changes, outages, or compromise at the external provider could affect what displays or runs in their dashboard.
The documentation discloses external Strykr-hosted API and widget assets. This is aligned with an embeddable real-time market widget, but dashboards using the hosted script or iframe depend on remotely served code/content.
PRISM_URL=https://strykr-prism.up.railway.app ... <script src="https://cdn.strykr.com/fear-greed.js"></script> ... src="https://widgets.strykr.com/fear-greed?theme=dark&variant=gauge"
Use the hosted widget only if you trust the provider. For production dashboards, consider self-hosting or pinning assets where available and applying normal browser protections such as CSP.
The command may fail or behave differently on systems without the expected tools, and installers may not preflight these dependencies.
The script relies on local curl and jq binaries, while the registry metadata declares no required binaries. This is a dependency declaration gap rather than hidden behavior.
DATA=$(curl -s "$PRISM_URL/market/fear-greed") VALUE=$(echo "$DATA" | jq -r '.value // 50')
Declare curl and jq as required binaries or document them clearly in setup instructions.