ClawHub

cpbox-news-search

v1.0.0

USE FOR news search. Returns news articles with title, URL, description, age, thumbnail. Supports freshness and date range filtering, SafeSearch filter and G...

0· 79·0 current·0 all-time
byspringmint@sprintmint
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Benign
medium confidence
Purpose & Capability
The name/description (news search) matches the instructions: HTTP endpoints on cpbox.io returning news results and filters. The payment-related references (x402) are consistent with a pay-per-use API.
Instruction Scope
SKILL.md is documentation-only and instructs the agent to call cpbox.io endpoints and to follow an EIP-712 signing flow (x402). It does not instruct reading unrelated local files or env vars, but it does rely on a client-side payment/signing step (wallet/keys) which the user must manage locally.
Install Mechanism
No install spec or bundled code — instruction-only. References to running `npx @springmint/x402-payment` are documentation for the user rather than an installer included in the skill.
Credentials
The skill declares no required environment variables, credentials, or config paths. The only credential-like concern is the payment signature (EIP-712), which the docs state should remain on the user's machine; this is proportionate to a paid API.
Persistence & Privilege
always:false and no install means the skill does not request persistent or elevated platform privileges.
Assessment
This skill appears internally consistent: it documents how to call a paid news API and how to complete payment. Before installing/using it, verify the legitimacy of the domains (https://www.cpbox.io and https://www.cppay.finance) and the GitHub prerequisites link, confirm pricing and refund policy, and ensure any private keys/wallets used for EIP‑712 signing remain under your control (don’t paste private keys into untrusted tools). If you plan to automate payment signing, review the x402 client code (from an official source) and run it in a trusted environment. If you need higher assurance, ask the publisher for a homepage, repository, or contact to validate the package provenance.

Like a lobster shell, security has layers — review code before you run it.

latestvk971kgnmfpkd5m21dk2r7p9xns838y9w

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments