ClawHub

Swaps Intel

Assess cryptocurrency addresses for risk signals, labels, and reputation across blockchains using Swaps Intelligence API data.

MIT-0 · Free to use, modify, and redistribute. No attribution required.
0 · 295 · 0 current installs · 0 all-time installs
bysupabank@w3arecom
MIT-0
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Suspicious
medium confidence
!
Purpose & Capability
The skill claims to assess crypto addresses via the Swaps Intelligence API and all action names, endpoints, and schemas in SKILL.md/openapi.json align with that purpose. However, the top-level 'Requirements' summary (in the package registry metadata provided) lists no required environment variables while clawhub.json and SKILL.md both explicitly require a SWAPS_INTEL_API_KEY. This metadata mismatch is an incoherence that could cause installation/runtime surprises (agent might not surface that a secret is required).
Instruction Scope
SKILL.md limits runtime instructions to calling the stated API endpoints, passing the API key via header or env var, formatting results, and including a mandatory disclaimer. It does not instruct the agent to read arbitrary system files or access other credentials. Error handling and output constraints are explicit.
Install Mechanism
This is an instruction-only skill with no install spec and no code files to execute. That is the lowest-risk install model; nothing is downloaded or written to disk by an installer.
!
Credentials
Requesting a single API key (SWAPS_INTEL_API_KEY) is appropriate for the described purpose, and the openapi/README/clawhub.json all document this. However, the registry-level 'Requirements' block in the provided summary contradicts this by listing no required env vars. Also the included TRAFFIC_CONTROL_PLAN indicates collection of telemetry fields (hashed address, anon_fingerprint, api_key_id) — you should confirm how address hashing is done and whether telemetry could be deanonymized or linked to your users/requests. Overall the secrets requested are proportional, but the metadata mismatch and telemetry collection are concerns to confirm.
Persistence & Privilege
The skill does not request persistent or elevated platform privileges (always:false). It is instruction-only and does not modify other skills or system-wide configs. Autonomous invocation (disable-model-invocation:false) is the platform default and does not by itself raise a new concern here.
What to consider before installing
Before installing: (1) Expect and prepare to supply a SWAPS_INTEL_API_KEY — SKILL.md and clawhub.json require it even though the top-level 'Requirements' summary omitted it. Verify where and how the agent will store that key and avoid placing it in shared or public contexts. (2) Confirm the API host (https://system.swaps.app) and the provider identity (swaps.app). If you don't recognize the vendor, verify ownership and reputation before handing over an API key. (3) Review the TRAFFIC_CONTROL_PLAN: the service plans to record telemetry (hashed addresses, anon_fingerprint, api_key_id). Ask the vendor whether hashes are salted/peppered and whether telemetry can be correlated to identifiable users. (4) Use least-privilege keys and rate-limited test keys; rotate and scope keys if possible. (5) Ensure your agent includes the mandated disclaimer and does not transform or fabricate API fields (as SKILL.md requires). (6) Because metadata is inconsistent, test the skill in a safe environment (non-production key) to confirm its runtime requirements and behavior before broad deployment.

Like a lobster shell, security has layers — review code before you run it.

Current versionv1.2.0
Download zip
blockchainvk97dv5scxe8rggdtyq47jjdnt1829zs5cryptovk97dv5scxe8rggdtyq47jjdnt1829zs5fraudvk97dv5scxe8rggdtyq47jjdnt1829zs5intelligencevk97dv5scxe8rggdtyq47jjdnt1829zs5latestvk976qj9za539ek5qszsxcvvwx182av7driskvk97dv5scxe8rggdtyq47jjdnt1829zs5securityvk97dv5scxe8rggdtyq47jjdnt1829zs5web3vk97dv5scxe8rggdtyq47jjdnt1829zs5

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

SKILL.md

Swaps Intel Skill

You are an agent with access to the Swaps Intelligence API. Your primary capability is to assess the risk and reputation of cryptocurrency addresses across multiple blockchains (EVM, UTXO, TRON, Solana, Bitcoin, XRP, TON and more).

Getting an API Key

To use this skill you need a Swaps Intel API key.

Request a key: Email api@swaps.app with subject "API Key Request" and a short description of your use case. Keys are typically issued within 24 hours. Free tier is available (10 req/min, 500 req/day).

Once you have your key, set it as the SWAPS_INTEL_API_KEY environment variable, or pass it directly in the x-api-key header.

Versioning, Limits & Uptime

  • Version: 1.2.0
  • Uptime: Best-effort 99.9% SLA on API endpoints.
  • Rate Limits: Free 10 req/min / 500 req/day · Pro 60 req/min / 10,000 req/day

Core Capability

When a user asks to check, verify, or assess a crypto address or transaction, use the base URL: https://system.swaps.app/functions/v1/agent-api

Actions Supported

  1. agent.check — Risk score + flags for a wallet address.
  2. agent.trace — Trace a transaction path across hops.
  3. agent.tx — Risk assessment for a specific transaction hash.

Authentication

Pass your API key in the x-api-key header (preferred) or as Authorization: Bearer <key>.

How to Use

Check an address:

curl -X POST https://system.swaps.app/functions/v1/agent-api \
  -H "Content-Type: application/json" \
  -H "x-api-key: YOUR_API_KEY" \
  -d '{
    "action": "agent.check",
    "payload": { "address": "0x1234..." }
  }'

Compatibility alias (also works):

curl -X POST https://system.swaps.app/functions/v1/agent-api/check_address_risk \
  -H "Content-Type: application/json" \
  -H "x-api-key: YOUR_API_KEY" \
  -d '{ "address": "0x1234..." }'

Example response:

{
  "ok": true,
  "requestId": "4e95d17b-...",
  "data": {
    "address": "0x...",
    "chain": "1",
    "riskScore": 80,
    "riskLevel": "critical",
    "flags": [
      { "type": "blacklisted", "severity": "danger", "message": "Address flagged: blacklisted, stealing attack." }
    ],
    "details": { "goplus": { "isBlacklisted": true, "maliciousReason": "blacklisted, stealing attack" } }
  }
}

Mandatory Risk Framing (required)

  • Treat output as risk analytics signals, not legal conclusions.
  • Use: "high risk signal", "possible exposure", "heuristic indicator".
  • Avoid: "confirmed criminal", "proven scammer", "guaranteed recovery".

Required Disclaimer (always include in user-facing output)

Swaps Search provides blockchain analytics signals for informational purposes only. Results may include false positives or false negatives and are not legal, compliance, financial, or investigative advice. Swaps does not guarantee asset recovery outcomes. Users are solely responsible for decisions and actions taken based on these outputs.

Formatting Guidelines

  • State Risk Score and riskLevel first.
  • List all flags with their severity.
  • Include the full requestId for support references.
  • Do NOT alter factual fields or links returned by the API.

Error Handling

CodeMeaning
401Missing or invalid API key
403Key inactive or wrong scopes — contact api@swaps.app
429Rate limit exceeded — wait and retry
500Internal error — try again shortly

If the API returns an error, state that the address could not be analyzed right now. Do not guess, infer, or hallucinate risk data.

Files

9 total
Select a file
Select a file to preview.

Comments

Loading comments…