ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Cross-Asset Intelligence

v1.0.2

Cross-asset financial analysis API combining crypto and traditional markets. BTC vs S&P500/NASDAQ/Nikkei225/DAX correlation, cross-market risk score (0-100),...

0· 109·0 current·0 all-time
bySuga@sugacrypto

Install

OpenClaw Prompt Flow

Install with OpenClaw

Best for remote or guided setup. Copy the exact prompt, then paste it into OpenClaw for sugacrypto/cross-asset-intelligence.

Previewing Install & Setup.
Prompt PreviewInstall & Setup
Install the skill "Cross-Asset Intelligence" (sugacrypto/cross-asset-intelligence) from ClawHub.
Skill page: https://clawhub.ai/sugacrypto/cross-asset-intelligence
Keep the work scoped to this skill only.
After install, inspect the skill metadata and help me finish setup.
Use only the metadata you can verify from ClawHub; do not invent missing requirements.
Ask before making any broader environment changes.

Command Line

CLI Commands

Use the direct CLI path if you want to install manually and keep every step visible.

OpenClaw CLI

Bare skill slug

openclaw skills install cross-asset-intelligence

ClawHub CLI

Package manager switcher

npx clawhub@latest install cross-asset-intelligence
Security Scan
Capability signals
CryptoRequires walletCan make purchases
These labels describe what authority the skill may exercise. They are separate from suspicious or malicious moderation verdicts.
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Suspicious
medium confidence
Purpose & Capability
The skill claims to provide paid cross-asset analysis via an x402 micropayment API. Requesting a wallet private key to sign micropayments is technically coherent with that purpose, but the registry metadata lists no required env vars or primary credential while SKILL.md explicitly instructs storing WALLET_SIGNING_KEY — an inconsistency in declared vs. actual requirements.
!
Instruction Scope
The runtime instructions tell the agent to automatically pay per request using a wallet private key and to make HTTP GET calls to an external endpoint (https://x402.bankr.bot/...). That grants the skill the ability to trigger external network calls that will consume funds whenever invoked. The SKILL.md does not provide controls or limits the agent should apply (e.g., spend caps, explicit user confirmation per payment), increasing the risk of unintended charges.
Install Mechanism
This is an instruction-only skill with no install spec and no code files; nothing is written to disk and no packages are pulled in by an installer, which minimizes supply-chain risk.
!
Credentials
SKILL.md requires a single highly sensitive secret (WALLET_SIGNING_KEY, a 32-byte private key). That is proportionate to an API design that signs on-chain micropayments, but the manifest did not declare this credential (primaryEnv is absent). Storing a raw private key in an env var is risky; if the agent or any component makes requests autonomously, that key could be used to drain funds. The skill's guidance to use a dedicated limited-funds wallet is appropriate but optional and unenforced.
!
Persistence & Privilege
The skill is not 'always' included, but model invocation is allowed (platform default). Combined with an agent-held wallet key and automatic per-request payments, autonomous invocation increases blast radius: the agent could make repeated paid requests without explicit user confirmation. The skill does not instruct explicit spend limits, user prompts, or rate-limiting.
What to consider before installing
Before installing: (1) Confirm the registry metadata is corrected to declare WALLET_SIGNING_KEY (ask the author why it was omitted). (2) Do NOT supply your main wallet private key — create a dedicated wallet with a small capped balance for this skill. (3) Prefer signing flows that use an external signer or constrained approvals rather than plaintext private keys in env vars; avoid storing keys in unencrypted .env files. (4) Ask the author how payments are signed, whether the service can request/execute payments without explicit user confirmation, and whether there are spend caps or per-call confirmation options. (5) If you cannot verify the endpoint operator (x402.bankr.bot) and audit the payment flow, avoid giving the agent any private key or running this skill autonomously.

Like a lobster shell, security has layers — review code before you run it.

latestvk978bzcf3qcbs58qcjyp6gmw5x84ezgg
109downloads
0stars
3versions
Updated 2w ago
v1.0.2
MIT-0
Suga@sugacrypto
latest
Download

Cross-Asset Intelligence API

AI-powered cross-market financial analysis. Crypto + traditional finance in one API.

What This Skill Does

Connects your agent to 22 paid analysis endpoints spanning 6 domains:

  1. BTC-Equity Correlation — Pearson correlation between BTC and stock indices
  2. Cross-Market Risk Score — Composite 0-100 score from BTC volatility, VIX, bonds, macro
  3. Crypto News Impact — Top 3 market-moving stories ranked by impact
  4. Macro Environment — Fed rate, CPI, unemployment, GDP, yields with AI analysis
  5. Token Safety — SAFE/CAUTION/DANGER verdict for any ERC-20 contract
  6. Daily Briefing — All-in-one cross-asset market snapshot

Payment

All endpoints use x402 micropayments (USDC on Base). Your agent's wallet pays automatically per request. No API key, no subscription, no signup.

TierPrice RangeAI ModelSpeed
quick$0.001-0.002None (pure math)<500ms
insight$0.03-0.06Claude Haiku<5s
analysis$0.08-0.20Claude Sonnet<10s
pro$0.80-1.00Claude Opuscached 2h

Setup

Your agent needs a funded wallet (USDC on Base). Set your wallet's private key as an environment variable:

  • Variable name: WALLET_SIGNING_KEY
  • Format: hex (32-byte private key)
  • Recommended: Use a dedicated agent wallet with limited funds — not your main wallet

Store the value in .env (gitignored) or a secret manager. Never share or commit it.

Usage

All endpoints are accessible via HTTP GET through Bankr x402 Cloud:

Base URL: https://x402.bankr.bot/0x98ee945dfa6bb8e9ed9f9b6ae56eb82bcc82f0aa/

Quick examples

# BTC vs S&P500 correlation (30 days)
GET /correlation-quick?index=sp500&period_days=30

# Cross-market risk score
GET /risk-score-quick

# Token safety check
GET /token-safety-quick?chain=ethereum&address=0x...

# Daily market briefing
GET /daily-briefing-quick

# With AI analysis (Claude Sonnet)
GET /correlation-analysis?index=nasdaq&period_days=90&lang=ja

Available endpoints

Correlation: correlation-quick, correlation-insight, correlation-analysis, correlation-pro

  • Params: index (sp500/nasdaq/nikkei225/dax), period_days (7/14/30/90), lang (en/ja)

Risk Score: risk-score-quick, risk-score-insight, risk-score-analysis, risk-score-pro

  • Params: lang (en/ja)

Top News: top-news-insight, top-news-analysis, top-news-pro

  • Params: lang (en/ja)

Macro Report: macro-report-insight, macro-report-analysis, macro-report-pro

  • Params: lang (en/ja)

Token Safety: token-safety-quick, token-safety-insight, token-safety-analysis, token-safety-pro

  • Params: chain (ethereum/base/etc), address (contract address), lang (en/ja)

Daily Briefing: daily-briefing-quick, daily-briefing-insight, daily-briefing-analysis, daily-briefing-pro

  • Params: lang (en/ja)

Response Format

All responses include:

  • Core analysis data (correlation coefficients, risk scores, news items, etc.)
  • upgrade_available — links to higher-tier analysis with pricing
  • meta.data_sources — transparency on where data comes from
  • meta.data_freshness — timestamp of underlying data
  • disclaimer — not financial advice

Why This Over Raw Data APIs

  • Cross-asset analysis — BTC vs stock indices, not just crypto or just stocks
  • AI judgment included — not raw numbers, but interpreted analysis
  • 4 pricing tiers — from $0.001 machine-readable data to $0.80 institutional reports
  • x402 native — no API key dance, just pay and get data
  • Bilingual — English and Japanese output

Differentiators

  • Only x402 API offering crypto × traditional finance cross-asset AI analysis
  • Historical data analysis capabilities expanding
  • Claude Opus institutional-grade reports at pro tier
  • Sub-second quick tier for automated monitoring and alerts

Security & Privacy

This skill contains no executable code. It is a pure markdown description of an external API. All data processing happens server-side on secured infrastructure. No local files are read, written, or executed.

Comments

Loading comments...