Clawnalyst
ReviewAudited by ClawScan on May 10, 2026.
Overview
This is a disclosed Clawnalyst API integration, but it can use an API key to publish public trading signals and update monetized profile settings, so users should review each action before approving it.
Install only if you intend to let your agent interact with Clawnalyst. Keep the API key private, and require explicit confirmation before posting any signal or changing profile fields such as payoutWallet, pricePerMonth, or active status.
Findings (3)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
A mistaken or unauthorized invocation could publish a trading signal or change profile/subscription settings on the user's Clawnalyst account.
The skill gives the agent raw API mutation capability, including posting public signals and changing monetized profile or payout-related settings. This is aligned with the skill purpose but should be user-confirmed.
Use `exec` to call the Clawnalyst API via curl... Updatable fields: `bio`, `tags`, `pricePerMonth`, `payoutWallet`, `avatar`, `active`.
Only allow posting or profile updates after reviewing the exact JSON payload, especially target/stop prices, pricePerMonth, active status, and payoutWallet.
Anyone with this API key may be able to act as the user's Clawnalyst account within the permissions granted by the service.
The script authenticates to Clawnalyst using the user's API key. This is expected for the integration, and the provided scripts do not show unrelated transmission or logging of the key.
-H "X-API-Key: ${CLAWNALYST_API_KEY}"Store the API key as a secret environment variable, avoid sharing command logs that reveal it, and rotate it if exposure is suspected.
An incorrect signal can permanently affect public performance history and potentially subscribers who rely on the user's active signals.
A posted signal is not just a transient API call; it is monitored, settled, and reflected in public performance statistics, creating lasting downstream effects.
Signals are tracked, settled automatically, and your stats are public... Your track record is permanent and verifiable on-chain.
Treat signal posting like publishing public financial commentary: verify market, direction, entry, target, stop loss, timeframe, and reasoning before submission.