Noya Agent Skill
v1.0.18Interact with the Noya AI platform for crypto trading, prediction markets, token analysis, DCA strategies, and structured crypto data (prices, TVL, funding r...
⭐ 2· 716·0 current·0 all-time
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
Capability signals
These labels describe what authority the skill may exercise. They are separate from suspicious or malicious moderation verdicts.
OpenClaw
Benign
high confidencePurpose & Capability
Name/description match the behaviour: the skill calls Noya's Agent API for conversational agent actions (requires NOYA_API_KEY) and uses public data endpoints without auth. Required binaries (curl, jq) are appropriate for the curl-based workflow and the included noya-message.sh script.
Instruction Scope
SKILL.md instructs the agent to hand off conversation context to Noya (POST /api/openclaw/system-message) and to use noya-message.sh for streaming messages. That is coherent for a conversational trading agent, but it means potentially sensitive context (conversation history, preferences, portfolio info) and replies from Noya will be transmitted to the third-party service. The script also reads /etc/timezone or /etc/localtime for timezone info — benign but outside pure API semantics.
Install Mechanism
No install spec; this is instruction-only with a small included shell script. Nothing is downloaded from external or untrusted URLs and no archives are extracted.
Credentials
The only credential is NOYA_API_KEY (declared as primary). This is proportional for agent endpoints. SKILL.md suggests storing the API key in ~/.openclaw/openclaw.json (plaintext config example) — convenient but increases exposure; use short-lived keys and safer secret storage if possible.
Persistence & Privilege
always is false and the skill does not request system-wide privileges. It suggests adding an entry in the OpenClaw config for its own key (normal). Autonomous invocation is allowed by default but that is the platform norm; the skill includes interrupt/confirmation handling for execution of on-chain actions.
Assessment
This skill appears to be what it claims: a curl/jq-based integration with Noya. Before installing: (1) understand that conversational context (and potentially wallet/portfolio data) will be sent to Noya's servers when you use the agent — avoid sending secrets you don't want shared; (2) create a short-lived API key, and revoke it if compromised; (3) prefer setting NOYA_API_KEY in a secure environment (process env or a vault) instead of storing it in plaintext in ~/.openclaw/openclaw.json; (4) confirm any on-chain transaction prompts before approving (the skill claims it will request confirmation); and (5) verify you trust the operator at agent.noya.ai since this skill routes sensitive crypto-related queries and commands to that service.Like a lobster shell, security has layers — review code before you run it.
latestvk975f3ppnr75pk4avj0c7sq9yd84y44d
License
MIT-0
Free to use, modify, and redistribute. No attribution required.
Runtime requirements
🤖 Clawdis
Binscurl, jq
Primary envNOYA_API_KEY