查看每日热门山寨代币
v1.0.0生成加密货币早报PDF,包含行业动态、FDV排名、热点赛道和风险提示。数据来源于CoinGecko API。
⭐ 0· 335·0 current·0 all-time
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Suspicious
medium confidencePurpose & Capability
The declared purpose (generate a daily altcoin PDF report from CoinGecko) matches the code's main behavior: fetch data and produce an HTML report. However there are inconsistencies: SKILL.md requires two separate curl requests due to API limits, but fetch-data.sh uses a single combined request; SKILL.md says 'read news from the knowledge base', while generate-report.py embeds static/hardcoded news. Also SKILL.md enumerates a specific top-10 list with duplicate SOL and a particular ordering; the code derives the top-10 dynamically, which may produce different output than the doc expects.
Instruction Scope
SKILL.md instructs multiple runtime actions that are not implemented in code: splitting API requests into two, reading today's news from the knowledge base, opening a browser and exporting HTML to PDF, and sending the PDF to Feishu via a 'message tool'. generate-report.py only writes HTML to /tmp/早报.html and does not perform PDF conversion or delivery. This mismatch grants the agent or integrator broad discretion to implement missing steps, which should be reviewed before allowing autonomous invocation.
Install Mechanism
No install spec and no external binary downloads. The skill is instruction + two small scripts that run locally. The only outbound network call is curl to api.coingecko.com and the Python code reads/writes /tmp files—no hidden downloads or archive extraction detected.
Credentials
The skill does not request environment variables, secrets, or config paths. The SKILL.md mentions sending to Feishu but does not request any Feishu credentials; as implemented, no credentials are required by the included files. If you enable delivery to Feishu, you should expect to provideFeishu credentials separately and verify how they are stored.
Persistence & Privilege
The skill does not request persistent presence (always: false). There is no code that modifies other skills or system-wide settings. Autonomous invocation is allowed by platform default but does not combine with elevated privileges or credential access in the provided files.
What to consider before installing
What to check before installing or running: 1) Implementation vs instructions: the scripts fetch data and produce an HTML file, but they do not split API calls, do not read a news knowledge base, do not convert HTML to PDF, and do not send anything to Feishu — you (or the agent runtime) will need to implement PDF export and delivery. 2) Data accuracy & formatting: SKILL.md enforces FDV-only display, specific price formatting, and color rules; verify the code's rounding/units meet those rules (the code currently formats FDV as B or M in some places but uses a fixed B for the top-10). 3) Delivery: if you want automatic Feishu posting, ensure the integration is added intentionally and that credentials are provided securely (do not hardcode tokens in skill files). 4) Network scope: the skill calls only api.coingecko.com; this is expected, but ensure your environment's curl/python runtime won't be repurposed to exfiltrate other data. 5) Testing: run the scripts in a sandbox to confirm outputs (HTML, values, FDV units) match your requirements. Because there are multiple inconsistencies between the documentation and the code, treat this as untrusted until you confirm the missing behaviors and delivery method.Like a lobster shell, security has layers — review code before you run it.
latestvk9715j9jjkw4wtt5h6585hmdys81sjc8
License
MIT-0
Free to use, modify, and redistribute. No attribution required.