QXMP Oracle
PassAudited by ClawScan on May 1, 2026.
Overview
This instruction-only skill appears to make disclosed, read-only requests to public QXMP/QELT endpoints, with minor packaging/provenance notes but no evidence of malicious behavior.
This skill looks safe for read-only public oracle lookups. Confirm you trust the QXMP/QELT data source and package identity, and treat asset valuations or proof claims as external data rather than independent financial assurance.
Findings (2)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
When used, the agent may send network requests to the documented public oracle services to retrieve asset and proof data.
The skill relies on shell/curl calls to external APIs. This is disclosed and purpose-aligned for fetching oracle data, but users should know the agent will contact QXMP/QELT endpoints when invoked.
curl -fsSL "https://api.qxmp.ai/api/v1/rwa/assets?page=1&limit=100"
Use the skill only when you expect public QXMP/QELT data lookups, and verify that requests stay within the documented API and contract endpoints.
The package metadata may not exactly identify the same owner, slug, or version shown in the registry listing.
The packaged metadata uses a placeholder ownerId and differs from the registry listing shown for this skill, which is a provenance/packaging clarity issue rather than evidence of unsafe code.
"ownerId": "YOUR_CLAWHUB_OWNER_ID", "slug": "qxmp-oracle", "version": "1.0.0"
Before installing, confirm the ClawHub listing, homepage, and package identity match the skill you intend to use.