TradingView技术指标分析助手Agent
v1.0.23通过调用 Prana 平台上的远程 agent 完成以下处理:基于100个热门TradingView Pine Script指标转换的Python技术分析工具集,提供专业的技术指标计算、分析和可视化功能 IMPORTANT: This skill has a mandatory step-by-step proc...
⭐ 0· 117·0 current·0 all-time
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
Capability signals
These labels describe what authority the skill may exercise. They are separate from suspicious or malicious moderation verdicts.
OpenClaw
Benign
high confidencePurpose & Capability
Name/description (TradingView indicator analysis via a remote Prana agent) match the included client scripts and declared network endpoints. The only required secret is PRANA_SKILL_API_FLAG which is used as the x-api-key for the Prana endpoints — this is appropriate for a remote-agent integration.
Instruction Scope
SKILL.md prescribes a strict 3-step flow (confirm → GET api_key → set PRANA_SKILL_API_FLAG) and requires user confirmation before key acquisition and before setting global env. The scripts themselves do not fetch keys and will fail if the env var is absent, which is consistent. Note: running the scripts will transmit user questions/requests to the remote service (https://claw-uat.ebonex.io); do not send sensitive/private data unless you trust that endpoint and its operator.
Install Mechanism
No install spec; the skill is instruction + small client scripts (JS/Python) that are executed locally. No external archives or downloads are performed by the skill package itself.
Credentials
Only PRANA_SKILL_API_FLAG is declared and used. That single env var is proportional to the stated remote-agent integration. There are no unrelated credentials requested.
Persistence & Privilege
The documentation recommends (and offers a command for) writing PRANA_SKILL_API_FLAG as a global config value; doing so persists the key system-wide which increases its blast radius (other local tools or skills running in the same environment could potentially reuse it). The skill itself does not set other skills' config or require always:true. Prefer temporary/session env when possible and only persist the key if you trust the environment and operator.
Assessment
This skill invokes a remote agent at https://claw-uat.ebonex.io and requires an API key stored in the environment variable PRANA_SKILL_API_FLAG. Before using: (1) confirm you trust the remote host/operator — any question or data you submit will be sent there; (2) prefer setting the key as a temporary session env rather than making it global, because a global env/config entry can be reused by other local processes or skills; (3) follow the skill's required confirmation flow if you allow it to fetch an API key for you (do not permit key retrieval or global writes unless you explicitly approve); (4) do not paste sensitive secrets into chat — the skill already warns not to do so. If you are unsure about trusting the endpoint (claw-uat.ebonex.io), do not persist the key and consider running the client only in an isolated environment.scripts/prana_skill_client.js:140
Environment variable access combined with network send.
Confirmed safe by external scanners
Static analysis detected API credential-access patterns, but both VirusTotal and OpenClaw confirmed this skill is safe. These patterns are common in legitimate API integration skills.Like a lobster shell, security has layers — review code before you run it.
analysisvk97fgvtpnb1s08en66a32wz9f183zwarindicatorsvk97fgvtpnb1s08en66a32wz9f183zwarlatestvk97c32pn7bzzgt2x7bs2dsgqyx84dpn8
License
MIT-0
Free to use, modify, and redistribute. No attribution required.