ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Dexscreener Openapi Skill

v1.0.0

Operate DexScreener public market data APIs through UXC with a curated OpenAPI schema, no-auth setup, and read-first guardrails.

0· 153·1 current·1 all-time
by@jolestar
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Suspicious
medium confidence
Purpose & Capability
Skill name, description, OpenAPI schema, and runtime instructions align with a read-only DexScreener integration. However, SKILL.md requires the 'uxc' tool to be installed and available in PATH while the registry metadata lists no required binaries — an undeclared runtime dependency. The included OpenAPI file and usage examples match the claimed operations.
Instruction Scope
Instructions are narrowly scoped to public read-only API calls through uxc/dexscreener-openapi-cli; they explicitly forbid write operations and wallet/trading actions and emphasize JSON parsing and rate-limit awareness. The skill requires network access to api.dexscreener.com and to a GitHub raw URL for the schema (both consistent with the purpose).
Install Mechanism
No install spec is present (instruction-only), so nothing will be written to disk by a packaged installer. The only script is a local validate.sh used for developer validation; it does not perform remote downloads or modify system configuration.
Credentials
The skill requests no environment variables or credentials, which is appropriate for public read-only APIs. Network access to the DexScreener API and the schema URL is required and justified by the skill's purpose.
Persistence & Privilege
The skill is not always-enabled and does not request any elevated platform privileges or attempts to modify other skills or system-wide agent settings. Autonomous invocation is allowed (default) but is not combined with other concerning indicators.
What to consider before installing
This skill appears to do what it says: read-only DexScreener queries via the 'uxc' OpenAPI tooling. Before installing, verify you have and trust the 'uxc' tool (SKILL.md requires it but the registry metadata does not declare it). The repo includes a validation script (scripts/validate.sh) that expects jq and ripgrep (rg) — those are developer/test tools and not required by the skill at runtime, but you should only run the script if you trust the package. Confirm you are comfortable allowing network access to https://api.dexscreener.com and the referenced raw.githubusercontent.com schema URL. If you want to reduce risk, run the skill in a constrained environment (network-restricted or read-only) and inspect or pin the exact uxc binary/source you will use.

Like a lobster shell, security has layers — review code before you run it.

latestvk9701znq6csjpk0sqnbb5g0w49837pba

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments