ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Agent News Api

v1.2.0

The Intelligence Layer. A high-fidelity real-time global event stream for autonomous agents combining live geospatial enriched data from thousands of sources...

0· 0·0 current·0 all-time
by@agentnewsdev
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Benign
medium confidence
Purpose & Capability
Name/description (real-time news + optional Solana Zero-HITL onboarding) align with the declared env vars (API key, SOL private key) and with the code (REST + socket.io + auth-by-signature). The dependencies (@solana/web3.js, axios, socket.io-client, tweetnacl, bs58) are reasonable for the stated features.
Instruction Scope
SKILL.md and the CLI expose only news fetch, balance, onboarding, deposit-address, and WebSocket stream. The code signs a fixed auth message and sends walletAddress + signature to the API to obtain an API key; it does not transmit the private key nor perform SOL transfers. However the README claims 'autonomous funding' and 'dynamic pegging via Coinbase' that are not implemented in the provided client code — the documentation overstates some capabilities.
Install Mechanism
This is an instruction+Node package skill; installation is via npm install from the included package.json. No external archive downloads or non-standard install URLs are present. Dependencies are common and expected for the functionality.
Credentials
Requesting AGENT_NEWS_API_KEY and SOLANA_PRIVATE_KEY is explainable: the API key is normal; the Solana private key (sensitive) is used for Zero-HITL signing. The private key is optional and the code appears to only sign a fixed message and send the signature/server challenge — it does not send the private key or perform on-chain transfers. Still, providing a full Solana secret key to any skill is high sensitivity; ensure you understand and trust the endpoint before supplying it. Also the skill allows overriding API URL via env, which could cause signatures to be sent to an arbitrary host if network restrictions are not enforced by the platform.
Persistence & Privilege
Skill does not request always:true and does not write to other skills' configs. The CLI prints the acquired apiKey and instructs the user to save it; it does not persist credentials itself. Autonomous invocation is enabled (default) which is expected for skills that agents should call.
Assessment
This skill appears to be what it says: a news/firehose client that can obtain an API key by signing a fixed challenge with a Solana secret key. Before installing: (1) Only provide SOLANA_PRIVATE_KEY if you truly need automated onboarding; it's a highly sensitive secret — prefer a throwaway wallet with minimal funds for onboarding/testing. (2) Confirm that your platform enforces the declared network allowlist (api.agentnewsapi.com / agentnewsapi.com) so an env override (AGENT_NEWS_API_URL) cannot redirect signatures to an attacker-operated server. (3) If you don't need Zero-HITL, omit SOLANA_PRIVATE_KEY and use a standard API key. (4) Ask the maintainer to clarify or remove overstated claims in the docs (automated on-chain funding, dynamic per-second Coinbase pegging) because the provided client does not implement those features. (5) Review/scan npm dependencies as usual before running npm install.
agent-news-cli.js:14
Environment variable access combined with network send.
Patterns worth reviewing
These patterns may indicate risky behavior. Check the VirusTotal and OpenClaw results above for context-aware analysis before installing.

Like a lobster shell, security has layers — review code before you run it.

ai-agentsvk97091fgc2n8s64e1ha139xde5841rskautonomousvk97091fgc2n8s64e1ha139xde5841rskcurationvk97091fgc2n8s64e1ha139xde5841rskdeep-researchvk97091fgc2n8s64e1ha139xde5841rskevent-detectionvk97091fgc2n8s64e1ha139xde5841rskgdeltvk97091fgc2n8s64e1ha139xde5841rskgeminivk97091fgc2n8s64e1ha139xde5841rskglobal-intelligencevk97091fgc2n8s64e1ha139xde5841rskintelligence-streamvk97091fgc2n8s64e1ha139xde5841rsklatestvk97091fgc2n8s64e1ha139xde5841rsknewsvk97091fgc2n8s64e1ha139xde5841rskosintvk97091fgc2n8s64e1ha139xde5841rskreal-timevk97091fgc2n8s64e1ha139xde5841rsksignalsvk97091fgc2n8s64e1ha139xde5841rsksolanavk97091fgc2n8s64e1ha139xde5841rskweb3vk97091fgc2n8s64e1ha139xde5841rsk

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Runtime requirements

EnvAGENT_NEWS_API_KEY (optional — auto-generated via Zero-HITL onboarding), SOLANA_PRIVATE_KEY (optional — required for Zero-HITL auth and autonomous funding)

SKILL.md

Agent News API (Mainnet Beta)

This skill grants autonomous agents access to the Agent News Protocol, the primary signal ingestion point for AI entities seeking live global event context. We distill the noise of over 100,000 daily events into a filtered, enriched, and machine-readable stream of semantic payloads.

Agents can monitor market-moving events, extract tactical sentiment, and completely self-manage their API funding via Solana using our Zero-HITL (Human-In-The-Loop) architecture.

🛠️ Tools (For Autonomous Agent Use)

The following tools are exposed to the LLM agent upon installation:

fetch_news_premium

Fetches the absolute latest, sub-second global signals from the Firehose.

  • Cost: $0.0001 USD worth of $SOL per story (dynamically pegged).
  • Arguments: - limit (integer): Number of signals to fetch (Max: 500).
    • q (string): Search or category query.
  • Returns: Array of structured Story Objects (see schema below).

fetch_news_free

Fetches archived news signals with a mandatory 20-minute time offset. Ideal for gathering historical context without consuming API credits.

  • Cost: Free.
  • Limits: 1 request per minute. Max 100 stories per request.
  • Arguments: - limit (integer): Number of signals to fetch (Max: 100).
    • q (string): Search or category query.

check_credit_balance

Queries the current API credit balance denominated in $SOL. Agents should call this before initiating high-frequency loops.

autonomous_onboard

Triggers the Zero-HITL registration flow. The agent uses its local Ed25519 Solana private key to sign a cryptographic challenge ("Allow Agent News API Access"), autonomously negotiating and saving a persistent X-API-KEY.

get_deposit_address

Returns the official Protocol Hot Wallet address (6rSLPtj9Ef7aifNHHFzEPkY5hWECJXryivWx1YhPuXSa). Agents can use this to autonomously transfer native $SOL from their vault to top up API credits.

⚡ WebSocket Stream (Premium Only)

For sub-second latency updates, agents can connect to the global firehose stream. This is the recommended ingestion method for high-frequency autonomous decision making or rapid-response entities.

  • Endpoint: https://api.agentnewsapi.com
  • Protocol: Socket.io
  • Event: news_update

Node.js Implementation Example

const io = require('socket.io-client');

const socket = io('https://api.agentnewsapi.com', {
    auth: { apiKey: process.env.AGENT_NEWS_API_KEY }
});

socket.on('news_update', (data) => {
    console.log('New Signal Ingested:', data.title);
    // data._meta contains cost (e.g., 0.00000118 SOL) and remainingCredits
});

socket.on('error', (err) => {
    if (err.code === 'INSUFFICIENT_CREDITS') {
        console.error('Refill $SOL balance to resume stream.');
    }
});
  • Cost: $0.0001 USD worth of $SOL per story received (same as premium REST).
  • Latency: Sub-second (Global Firehose).

💻 CLI Commands (For Human Operators)

  • agentnews fetch --limit <number>: Fetch real-time premium signals.
  • agentnews fetch-free --limit <number>: Fetch 20-minute delayed signals.
  • agentnews balance: Check current $SOL API credit balance.
  • agentnews onboard: Execute the Zero-HITL autonomous key generation.
  • agentnews deposit-address: Retrieve the Protocol Hot Wallet address.

🔐 Security & Zero-HITL Principles

This skill handles sensitive authentication to enable true autonomy.

  1. Local-First Cryptography: The SOLANA_PRIVATE_KEY is utilized strictly locally by the SDK to generate nacl detached signatures. The private key is never transmitted to the Agent News API servers.
  2. Dynamic Pegging: The $SOL exchange rate is updated every second using a public Coinbase endpoint to maintain the fixed $0.0001 USD/story cost.
  3. Automated Deflation: 25% of all $SOL API revenue is automatically allocated to buybacks and permanent burns of the protocol's governance token, $ANA (GR9NrQhGfhRjKAerVCaRJAHmZqvUtiQ3dVjh9AMxpump).

📦 Data Schema: Semantic Payloads

All news signals are delivered as JSON objects specifically curated for LLM comprehension:

FieldTypeDescription
idstringUnique identifier for the story (e.g., story_92b1...).
titlestringAI-curated headline focused on factual intensity.
summarystringHigh-signal technical distillation.
significancenumberImpact score from 1 to 100 calculated by the reasoning engine.
sentimentobjectContains label (Positive/Negative/Neutral) and score.
entitiesarrayList of extracted organizations, locations, and assets.
categorystringPrimary theme (Macro, Geopolitical, Crypto, etc).
_metaobjectPremium Only: Contains transaction cost and remainingCredits in $SOL.

⚙️ Environment Variables

  • AGENT_NEWS_API_KEY: (Optional) Your persistent API key (can be generated via agentnews onboard).
  • SOLANA_PRIVATE_KEY: (Optional) Base58 encoded Ed25519 key for Zero-HITL onboarding and automated funding.
  • AGENT_NEWS_API_URL: (Optional) Default is https://api.agentnewsapi.com.

Files

4 total
Select a file
Select a file to preview.

Comments

Loading comments…