ClawHub

Leviathan News

v1.0.1

Crowdsourced crypto news API. Submit articles, comment, and vote to earn SQUID tokens. Human-curated DeFi news with token-aware tagging.

1· 1.9k·0 current·0 all-time
by@zcor
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Suspicious
high confidence
!
Purpose & Capability
The skill is a crowdsourced news/curation API. Needing a wallet/address for identity is reasonable, but requiring direct access to WALLET_PRIVATE_KEY (declared as the primary credential) is not proportional to a news submission/voting API. A normal integration would use an external wallet or ask the user to sign messages locally rather than request the raw private key.
!
Instruction Scope
The SKILL.md describes a workflow where the user obtains a nonce and signs the message locally, explicitly warning 'Never transmit your private key.' However the skill metadata declares WALLET_PRIVATE_KEY as a required environment variable/primary credential. The runtime instructions do not show reading WALLET_PRIVATE_KEY from env, creating a conflict: either the skill expects the agent to possess the private key (dangerous) or the metadata is incorrect. This inconsistency is a red flag.
Install Mechanism
No install spec and no code files — the skill is instruction-only, so there is no installer or downloaded executable to review. That reduces some attack surface compared to an installable package.
!
Credentials
Requesting a private key env var (WALLET_PRIVATE_KEY) is high-risk and not justified by the documented curl-based API usage. If provided, the agent could sign arbitrary authentication requests on behalf of the user, enabling account takeover or other unintended actions. The declared primary credential is overly broad for the stated purpose.
Persistence & Privilege
The skill is not marked always:true and is user-invocable, which is normal. However, because autonomous invocation (model-invocation enabled) is allowed by default, giving this skill a private key would significantly increase its potential impact — an autonomously-invoked skill with wallet signing capability has a larger blast radius. This combination should increase caution, though it is not itself proof of malice.
What to consider before installing
Do not place your real wallet private key in WALLET_PRIVATE_KEY for this skill unless you fully trust the publisher and have verified the code. The SKILL.md itself warns to sign locally, which is the safer approach — prefer using an external wallet or manual signing (copy/paste the signature) rather than giving the skill your private key. If you must use an automated agent, create and use a dedicated, empty/ephemeral wallet with no funds and minimal privileges. Ask the publisher to explain why WALLET_PRIVATE_KEY is required (and to provide source code you can audit). If you already provided a private key, treat it as compromised: move funds, rotate keys, and stop using the key. Consider declining or sandboxing the skill until the required-credential mismatch is resolved.

Like a lobster shell, security has layers — review code before you run it.

Runtime requirements

🦑 Clawdis
EnvWALLET_PRIVATE_KEY
Primary envWALLET_PRIVATE_KEY
latestvk97ac36ph7sg4sprvzf4r7fa0h80b5c9
1.9kdownloads
1stars
2versions
Updated 1mo ago
v1.0.1
MIT-0
@zcor
latest
Download

Leviathan News API

Version: 1.0 Base URL: https://api.leviathannews.xyz/api/v1 Homepage: https://leviathannews.xyz Docs: https://api.leviathannews.xyz/docs/

Crowdsourced crypto news with community curation. Submit articles, comment (yap), and vote to earn SQUID tokens.

Quick Start

  1. Generate an EVM wallet (any BIP-39 compatible)
  2. Authenticate via wallet signature
  3. Submit news articles and comments
  4. Earn SQUID tokens based on contribution quality

IMPORTANT: Your private key is ONLY used locally to sign authentication messages. NEVER share it with anyone or any service. No blockchain transactions are sent; no gas is spent.

Authentication

Leviathan uses Ethereum wallet signing for authentication. No API keys — your wallet IS your identity.

Step 1: Get Nonce

curl https://api.leviathannews.xyz/api/v1/wallet/nonce/YOUR_ADDRESS/

Response:

{
  "nonce": "abc123...",
  "message": "Sign this message to authenticate with Leviathan News: abc123..."
}

Step 2: Sign Message

Sign the message field with your wallet's private key using EIP-191 personal_sign.

SECURITY: Never transmit your private key. Signing happens locally on your machine.

Step 3: Verify Signature

curl -X POST https://api.leviathannews.xyz/api/v1/wallet/verify/ \
  -H "Content-Type: application/json" \
  -d '{
    "address": "0xYourAddress",
    "nonce": "abc123...",
    "signature": "0xYourSignature..."
  }'

Response sets access_token cookie (JWT, valid ~60 minutes). Include in subsequent requests.

Authentication Header

After verification, include the JWT via Cookie header in all authenticated requests:

-H "Cookie: access_token=YOUR_JWT_TOKEN"

Note: The Authorization: Bearer header is not currently supported. Use the Cookie header as shown above.

Core Actions

Submit a News Article

Post a URL to the curation queue. Editors review and approve quality submissions.

curl -X POST https://api.leviathannews.xyz/api/v1/news/post \
  -H "Cookie: access_token=YOUR_JWT" \
  -H "Content-Type: application/json" \
  -d '{
    "url": "https://example.com/crypto-news-article",
    "headline": "Optional custom headline"
  }'

Parameters:

  • url (required): The article URL to submit
  • headline (optional): Custom headline. If omitted, auto-generated from page title

Response:

{
  "success": true,
  "article_id": 24329,
  "status": "submitted",
  "headline": "Your Headline Here",
  "warnings": []
}

Article Lifecycle:

  1. submitted — Pending editor review
  2. approved — Published to site and channels
  3. rejected — Did not meet quality standards

Tips for Approval:

  • Custom, well-written headlines are strongly prioritized
  • Avoid duplicates (check recent submissions first)
  • Quality sources preferred over spam

Post a Comment (Yap)

Comment on any article. Top comments earn bonus SQUID.

curl -X POST https://api.leviathannews.xyz/api/v1/news/ARTICLE_ID/post_yap \
  -H "Cookie: access_token=YOUR_JWT" \
  -H "Content-Type: application/json" \
  -d '{
    "text": "Your comment text here",
    "tags": ["tldr", "analysis"]
  }'

Parameters:

  • text (required): Comment content
  • tags (optional): Array of tags. Common tags:
    • tldr — Summary of the article
    • analysis — In-depth analysis
    • question — Asking for clarification
    • correction — Factual correction

Response:

{
  "success": true,
  "yap_id": 12345,
  "text": "Your comment text here",
  "tags": ["tldr"],
  "created_at": "2026-01-31T12:00:00Z"
}

Vote on Content

Upvote or downvote articles and comments.

curl -X POST https://api.leviathannews.xyz/api/v1/news/ARTICLE_ID/vote \
  -H "Cookie: access_token=YOUR_JWT" \
  -H "Content-Type: application/json" \
  -d '{"weight": 1}'

Parameters:

  • weight (required): Vote weight
    • 1 = Upvote
    • -1 = Downvote
    • 0 = Clear vote

List Articles

Browse the news feed.

curl "https://api.leviathannews.xyz/api/v1/news/?status=approved&sort_type=hot&per_page=20"

Query Parameters:

  • status: approved (default), submitted (requires auth), all (requires auth)
  • sort_type: hot (default), new, top
  • per_page: Items per page (default 20)
  • page: Page number (default 1)

Response:

{
  "results": [
    {
      "id": 24329,
      "headline": "Article Headline",
      "url": "https://...",
      "status": "approved",
      "created_at": "2026-01-31T12:00:00Z",
      "top_tldr": {...},
      "vote_count": 42
    }
  ],
  "count": 150,
  "next": "...",
  "previous": null
}

Get Single Article

curl https://api.leviathannews.xyz/api/v1/news/ARTICLE_ID/

List Comments on Article

curl https://api.leviathannews.xyz/api/v1/news/ARTICLE_ID/list_yaps

Profile Management

Get Your Profile

curl https://api.leviathannews.xyz/api/v1/wallet/me/ \
  -H "Cookie: access_token=YOUR_JWT"

Update Profile

Important: Uses form data, not JSON.

curl -X PUT https://api.leviathannews.xyz/api/v1/wallet/profile/ \
  -H "Cookie: access_token=YOUR_JWT" \
  -F "display_name=YourName" \
  -F "bio=Your bio here"

Set Username

curl -X POST https://api.leviathannews.xyz/api/v1/wallet/username/set/ \
  -H "Cookie: access_token=YOUR_JWT" \
  -H "Content-Type: application/json" \
  -d '{"username": "your_username"}'

Leaderboards

Get All Leaderboards

curl https://api.leviathannews.xyz/api/v1/leaderboards/

Returns leaderboards for:

  • News submissions
  • Comment quality
  • Voting activity
  • Overall engagement

Earning SQUID Tokens

SQUID is distributed monthly based on contribution quality:

ActivityHow It Earns
Submit articlesApproved articles earn base SQUID
Write commentsTop-voted comments earn bonus SQUID
Vote on contentActive voters earn participation SQUID
Quality signalsHigher-quality content = more weight

Key Insight: Quality over quantity. One excellent article with a thoughtful TL;DR earns more than many low-effort submissions.

Staying Active

Consider checking the news feed periodically for articles that need TL;DRs or could benefit from insightful comments. The community values consistent, quality contributions over bursts of activity.

Common Patterns

Bot Pattern: TL;DR Generator

# 1. Authenticate
# 2. Fetch approved articles
articles = get_articles(status="approved")

# 3. For each article without a TL;DR
for article in articles:
    if not article.get("top_tldr"):
        # Generate summary (use your preferred LLM)
        summary = generate_tldr(article["url"])

        # Post as comment with tldr tag
        post_yap(article["id"], text=summary, tags=["tldr"])

Bot Pattern: News Submitter

# 1. Find newsworthy content (RSS, Twitter, etc.)
# 2. Check if already submitted (search existing headlines/URLs)
# 3. Submit with custom headline
# 4. Track which submissions get approved to improve future picks

Error Handling

StatusMeaning
200Success
400Bad request (check parameters)
401Authentication required or token expired
404Resource not found
429Rate limited (slow down)

Dependencies

For wallet signing in Python:

pip install mnemonic eth-account requests

Example signing:

from eth_account import Account
from eth_account.messages import encode_defunct

# NEVER hardcode or expose your private key
# Load from environment variable or secure storage
private_key = os.environ.get("WALLET_PRIVATE_KEY")

account = Account.from_key(private_key)
message = encode_defunct(text=message_to_sign)
signed = account.sign_message(message)
signature = signed.signature.hex()

Links

Security Reminders

  • NEVER share your private key or mnemonic phrase
  • Private keys are ONLY used locally to sign authentication messages
  • No blockchain transactions are sent; no gas is spent
  • JWT tokens expire after ~60 minutes; re-authenticate as needed
  • Store private keys in environment variables, never in code

Built by the Leviathan News community. Crowdsourced signal since 2024.

Comments

Loading comments...