Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Benign
high confidencePurpose & Capability
The skill claims to fetch realtime crypto prices from Binance via the ccxt library and the included agent.py does exactly that (fetch_ticker against SYMBOL/USDT). However, the registry metadata and SKILL.md do not declare the Python runtime or the ccxt dependency, so the manifest is incomplete even though the behavior is consistent with the stated purpose.
Instruction Scope
SKILL.md limits actions to extracting a symbol and running agent.py; the script only performs a public API call to Binance and returns a formatted price. It does not read local files, environment variables, or send data to unexpected endpoints.
Install Mechanism
There is no install spec (instruction-only), which minimizes install-time risk. The included agent.py expects the ccxt Python package and a Python interpreter (shebang points to a specific venv path). Lack of an explicit dependency/install step may cause runtime failures but is not itself malicious.
Credentials
The skill requests network access but no environment variables, credentials, or config paths. Using public ticker endpoints does not require API keys, so the requested permissions are proportionate.
Persistence & Privilege
The skill is not always-enabled and uses normal autonomous invocation defaults. It doesn't request persistent system-wide changes or access to other skills' configs.
Assessment
This skill appears coherent and does what it says: it calls Binance via ccxt to return public ticker prices and does not request credentials. Before installing, ensure the agent environment has a compatible Python interpreter and the ccxt package (pip install ccxt) — the SKILL.md/manifest do not list this. Note the script's shebang points to a specific venv path which may not exist on your host; running in an isolated environment or verifying the code is recommended. Also confirm you are comfortable granting network access since the skill makes outbound API calls to Binance.Like a lobster shell, security has layers — review code before you run it.
latestvk97b3bdkrgkkaqvdxywaqx7gcx81bsw9
License
MIT-0
Free to use, modify, and redistribute. No attribution required.