CoinMeta-Skill

Fetch latest cryptocurrency newsflashes and market updates using CoinMeta API with keyword search and pagination support.

MIT-0 · Free to use, modify, and redistribute. No attribution required.

⭐ 0 · 37 · 0 current installs · 0 all-time installs

byCoinMeta@semithin

MIT-0

Security Scan

VirusTotal

Benign

View report →

OpenClaw

Suspicious

medium confidence

Purpose & Capability

The SKILL.md describes a straightforward CoinMeta news API integration that legitimately needs an API key and an HTTP client (curl). However, the registry-level metadata provided with the skill lists no required env vars or binaries while the SKILL.md frontmatter declares primaryEnv: COINMETA_API_KEY and requires curl. This mismatch is an inconsistency between what the skill says it needs at runtime and what the registry claims.

✓

Instruction Scope

The instructions are narrowly scoped: they show POST requests to CoinMeta endpoints, indicate use of X-Api-Key header, parsing rules (strip HTML, convert timestamps), and simple error handling. The instructions do not ask to read local files, other environment variables, or send data to unexpected endpoints.

Install Mechanism

There is no install spec (instruction-only), which is low risk. However, the SKILL.md lists curl as a required binary while the registry metadata does not — another registry vs. runtime inconsistency. No archive downloads or external installers are present.

Credentials

The integration legitimately requires a COINMETA_API_KEY which will be sent to api.coinmeta.com / www.coinmeta.com via header X-Api-Key. That is proportionate for the stated purpose, but the registry metadata failing to declare this required credential is a red flag. Also note the SKILL.md uses two hostnames (api.coinmeta.com and www.coinmeta.com); you should verify which is correct and trustworthy before supplying keys.

✓

Persistence & Privilege

The skill does not request persistent/always-on inclusion (always: false), has no install steps that write to disk, and does not ask to modify other skills or system-wide settings. Autonomous invocation is allowed by default (normal) but combined with the credential requirement means the agent could call the external API when invoked.

What to consider before installing

This skill appears to do what it claims (fetch crypto news) and will send an API key to CoinMeta endpoints. However, the published registry metadata omits the required COINMETA_API_KEY and the declared dependency on curl, which is an inconsistency you should resolve before trusting it. Recommendations: - Confirm the skill's source and verify the owner/trustworthiness of CoinMeta (check official docs for api.coinmeta.com / www.coinmeta.com). - Treat COINMETA_API_KEY as sensitive: do not reuse high-privilege or broadly-scoped credentials. Create a limited API key for testing if possible. - Ask the publisher to correct registry metadata so required env vars and binaries are explicit. - Test with a throwaway or low-privilege key first, and monitor outgoing requests (network logs) to confirm only the expected endpoints are contacted. - If you cannot verify the publisher or the service domain, avoid supplying real secrets.

Like a lobster shell, security has layers — review code before you run it.

Current versionv1.0.1

Download zip

latestvk97c9ethkt1cve8knxjmrgdy3d83pxq3

License

MIT-0

Free to use, modify, and redistribute. No attribution required.

Termshttps://spdx.org/licenses/MIT-0.html

SKILL.md

CoinMeta API

Query cryptocurrency newsflash data.

Base URL: https://api.coinmeta.com Auth: Header X-Api-Key: $COINMETA_API_KEY Response format: {"code": 200, "data": [...], "msg": "success"} — code 200 = success

Newsflash List

Endpoint: POST https://api.coinmeta.com/open/v1/newsflash/list

curl example:

curl -s -X POST -H "Accept:*/*" \
  -H "X-Api-Key: ${COINMETA_API_KEY}" \
  -H "Content-Type: application/json" \
  -d '{"page":1,"size":10}' \
  "https://api.coinmeta.com/open/v1/newsflash/list"

Request params:

Param	Type	Description
page	int	Page number, default 1
size	int	Page size, default 10

Response fields:

Field	Type	Description
id	int	Newsflash ID
views	int	View count
title	string	Title
content	string	Content (HTML)
createdAt	int	Unix timestamp

Keyword Search

Endpoint: POST https://www.coinmeta.com/open/v1/newsflash/search

curl -s -X POST -H "Accept:*/*" \
  -H "X-Api-Key: ${COINMETA_API_KEY}" \
  -H "Content-Type: application/json" \
  -d '{"page":1,"size":10,"keyword":"btc"}' \
  "https://www.coinmeta.com/open/v1/newsflash/search"

Request params:

Param	Type	Description
page	int	Page number, default 1
size	int	Page size, default 10
keyword	string	Search keyword, required

Output format:

📰 Crypto Newsflash · Page [N]

1. [Title]
   Views: [views] · [Time]
   [Summary...]

2. [Title]
   Views: [views] · [Time]
   [Summary...]
...

Parsing rules:

createdAt is Unix timestamp, convert to readable time
content contains HTML tags, strip tags to display plain text

Error Handling

code	msg	Description
401	Missing API key	API key not set, set COINMETA_API_KEY environment variable
401	Invalid API key	API key invalid, please verify
422	Parameter error	Invalid request params, check page/size
!= 200	Other	Request failed, display msg content
network error	-	Prompt to retry

Files

1 total

Select a file

Select a file to preview.

Comments

Loading comments…