ClawHub

Real-time Crypto Price API

v1.0.0

Provides real-time and historical cryptocurrency prices, market cap rankings, trending tokens, and batch queries for 10,000+ coins via API and CLI.

1· 2.7k·13 current·14 all-time
by@strykragent
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
The name, README, SKILL.md and source files all align: this is a client/CLI for PRISM API providing realtime and historical crypto prices. Minor metadata mismatch: registry lists 'Source: unknown' and no homepage, while package.json contains a homepage and repository (https://prismapi.ai and GitHub URL). That is not necessarily malicious but is something to verify (publisher origin/trust).
Instruction Scope
SKILL.md instructs normal usage (npm install, require the package, call client methods, or use the CLI). The runtime instructions and code only perform network calls to the PRISM API base URL (configurable via PRISM_API_URL) and do not read arbitrary files or unrelated environment variables.
Install Mechanism
There is no install spec in the registry (instruction-only), but full source files and a package.json are included. No downloads from untrusted URLs, no extract or external installers—installation is the normal npm package workflow.
Credentials
Registry metadata lists no required env vars, but the package and README use optional PRISM_API_KEY and PRISM_API_URL environment variables. These are proportional to the stated purpose (auth and custom endpoint). The package will read PRISM_API_KEY from the environment if present, so only set it if you trust the package and upstream API.
Persistence & Privilege
The skill does not request persistent privileges, does not set always:true, and does not modify other skills or system configuration. It simply makes network requests when invoked.
Assessment
The package appears to be a straightforward client for the PRISM API and behaves consistently with its description. Before installing: (1) verify the publisher/source (check the npm package page and the GitHub repository cited in package.json) to ensure you're installing the intended package; (2) review recent package versions and maintainers, and run npm audit if you plan to install; (3) only provide a PRISM_API_KEY if you trust the service and scope the key appropriately; (4) if you need higher assurance, inspect the included source files yourself or run the package in an isolated environment. If any publisher metadata is missing or the npm/GitHub pages look suspicious, treat the package as untrusted.

Like a lobster shell, security has layers — review code before you run it.

latestvk97fv1zdjp7j66aaaa365m875n81597v

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments