ClawHub

Fear Greed

v1.1.2

Embeddable Fear & Greed Index for crypto dashboards. Real-time sentiment gauge. Drop-in React/HTML components. Works with AI agents, Claude, Cursor.

1· 3.1k·5 current·5 all-time
byNext Frontier AI@nextfrontierbuilds
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Suspicious
medium confidence
!
Purpose & Capability
The description advertises drop-in React/HTML components and a distributable widget, but the bundle does not include any React/JS component files or widget code — only a shell script (scripts/fear-greed.sh), SKILL.md, and skill.json. The SKILL.md shows embed snippets that load assets from cdn.strykr.com and widgets.strykr.com, so the package appears to rely on external CDN-hosted assets rather than providing them. That mismatch between claimed deliverables and actual contents is incoherent and should be verified with the author.
Instruction Scope
Runtime instructions are narrowly scoped: they call the included shell script which performs a single HTTP GET to PRISM_URL and formats the result. The SKILL.md references external endpoints (strykr-prism.up.railway.app, cdn.strykr.com, widgets.strykr.com). The script only uses PRISM_URL and does not read other files or environment variables, nor does it exfiltrate local data — however it assumes availability of curl and jq (not declared in registry).
Install Mechanism
There is no install specification (instruction-only) and no downloads or archive extraction. The only executable is the included shell script. This lowers install-time risk.
Credentials
No credentials or secret environment variables are required. The only configurable variable is PRISM_URL (defaulting to https://strykr-prism.up.railway.app). That is proportionate for a widget that queries a public API.
Persistence & Privilege
The skill does not request always:true or modify other skills or system configuration. It is user-invocable and can be invoked autonomously (platform defaults) but has no elevated persistence or privileges.
What to consider before installing
This skill will fetch sentiment from an external PRISM endpoint and print or return JSON — it does not include the promised React/JS widget files in the package and instead references external CDNs. Before installing/using: 1) Verify the external domains (strykr-prism.up.railway.app, cdn.strykr.com, widgets.strykr.com) and the repository/author to confirm you trust those hosts; 2) Be aware the included script requires curl and jq on PATH (not declared); 3) If you expected local, drop-in components, know that assets will be loaded from third-party CDNs (which can change behavior or collect usage data); 4) Inspect or run the shell script in a sandbox before allowing an agent to execute it; and 5) If you need stronger assurance, ask the publisher for the actual React/JS source and a canonical homepage or release host (GitHub release or official domain).

Like a lobster shell, security has layers — review code before you run it.

latestvk97bv712sga94ax3zp7r2k0abd80he81

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments