Web3 Daily
v2.1.1Web3 public research digest service. Provides daily digest with macro news, KOL sentiment, and real-time market data (BTC/ETH prices, Fear & Greed Index). No...
⭐ 0· 172·1 current·1 all-time
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Benign
medium confidencePurpose & Capability
Name/description promise (daily Web3 digest, KOL sentiment, BTC/ETH prices) matches the runtime instructions: the SKILL.md explicitly directs the agent to call a third‑party API to retrieve the digest. The network permission and external service (j4y-production.up.railway.app) are consistent with the described capability. No unexplained credentials, binaries, or system paths are requested.
Instruction Scope
The instructions are narrowly scoped: they require a single POST to the stated API with only a language field, parsing the JSON 'digest' field, and returning its contents verbatim. The workflow does not ask the agent to read local files, environment variables, or other system state. The requirement to execute the real API call (do not simulate) is explicit but coherent with the skill's promise.
Install Mechanism
This is instruction‑only (no install spec, no code files to execute). No installers, downloads, or archive extraction are present, which minimizes installation risk.
Credentials
The skill declares no required environment variables or credentials and the claw.json documents that only 'language_preference' is shared with the external service. There are no disproportionate or unrelated secrets requested.
Persistence & Privilege
The skill does not request always:true and does not modify other skills or system settings. Autonomous invocation is allowed by platform default but not combined with high privilege or credential access.
Assessment
This skill is coherent: it simply asks the agent to POST a language flag to a third‑party API and display the returned 'digest'. Before installing, consider that (1) the service endpoint (https://j4y-production.up.railway.app) is a third‑party backend hosted on Railway — the operator could log requests and responses, so avoid sending any private or sensitive content through this skill; (2) the skill's guarantees (no personal data sent) are based on the provided instructions and metadata — you should verify the backend operator (GitHub repo owner) and review the service's privacy practices if you need higher assurance; and (3) the skill enforces returning raw API content, so availability or correctness depends entirely on that external service. If the skill ever requested API keys, local file access, or other credentials, or if the endpoint were an obscure/personal IP/shortened URL, reclassification to 'suspicious' would be warranted.Like a lobster shell, security has layers — review code before you run it.
latestvk979kqdvbr3f8dez1tw19hnnpn83y7pj
License
MIT-0
Free to use, modify, and redistribute. No attribution required.