ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Coinank Openapi Skill

v1.0.0

call coinank openapi to get data

0· 408·1 current·1 all-time
by@a4205586
Security Scan
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
Name/description state: call CoinAnk OpenAPI. Declared requirement: COINANK_API_KEY. Files are OpenAPI JSONs for CoinAnk endpoints. All requested resources (OpenAPI files + API key) align with the stated purpose.
Instruction Scope
SKILL.md limits actions to: index/read {baseDir}/references/*.json, validate parameters against those OpenAPI files, and make curl requests to https://open-api.coinank.com with apikey header. It does not instruct reading other system files or calling other external endpoints.
Install Mechanism
No install spec and no code files — instruction-only. Nothing is downloaded or written to disk by the skill itself, minimizing install-time risk.
Credentials
Only one env var is required (COINANK_API_KEY) and it is the primary credential used to authenticate to the CoinAnk API, which matches the skill's purpose. No unrelated secrets or config paths are requested.
Persistence & Privilege
always is false and the skill does not request persistent system privileges or configuration changes. Autonomous invocation is allowed by platform default but is not combined with other concerning privileges.
Assessment
This skill appears coherent: it needs your CoinAnk API key to call CoinAnk endpoints and uses only the included OpenAPI specs. Before installing, confirm you trust coinank.com and that the API key you provide has only the necessary read privileges (avoid providing a more-privileged key). Consider rotating the key if you stop using the skill. Because the skill can make network requests to the CoinAnk domain, do not supply high-privilege or multi-service credentials; verify any returned data before acting on it.

Like a lobster shell, security has layers — review code before you run it.

Runtime requirements

EnvCOINANK_API_KEY
Primary envCOINANK_API_KEY
latestvk97ddncdwg9sek7btb2rkrrwcs821pnx
408downloads
0stars
1versions
Updated 5h ago
v1.0.0
MIT-0
@a4205586
latest
Download

权限声明

SECURITY MANIFEST:

- Allowed to read: {baseDir}/references/*.json

- Allowed to make network requests to: https://open-api.coinank.com

工作流 (按需加载模式)

当用户提出请求时,请严格执行以下步骤:

  1. 目录索引:首先扫描 {baseDir}/references/ 目录下的所有文件名,确定哪些 OpenAPI 定义文件与用户需求相关。
  2. 精准读取:仅读取选定的 .json 文件,分析其 pathsparametersrequestBody。其中paths内是一个对象,对象的key就是path
  3. 构造请求:使用 curl 执行请求。
    • Base URL: 统一使用 https://open-api.coinank.com(或从 JSON 的 servers 字段提取)。
    • Auth: 从环境变量 COINANK_API_KEY 中获取 apikey 注入 Header。
    • 如果参数有endTime,尽量传入最新的毫秒级时间戳
    • OpenAPI文档内的时间戳都是示例.如果用户没有指定时间,请使用最新的时间和毫秒级时间戳

注意事项

  • 禁止全量加载:除非用户请求涉及多个领域,否则禁止同时读取多个 JSON 文件。
  • 参数校验:在发起请求前,必须根据 OpenAPI 定义验证必填参数是否齐全。

Comments

Loading comments...