ClawHub

Crypto News Feed

v3.0.2

Reference tool for blockchain and crypto — covers intro, formulas, regulations and more. Quick lookup for Crypto News Feed concepts, best practices, and impl...

0· 384·0 current·0 all-time
by@bytesagain1
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
The name/description (crypto reference/news feed) match the provided artifacts: SKILL.md documents several read-only commands and the included script implements those commands as static heredoc outputs. There are minor metadata inconsistencies (registry version 3.0.2 vs SKILL.md 3.0.1 vs script VERSION 3.0.0) but these look like bookkeeping issues, not malicious behavior.
Instruction Scope
SKILL.md instructs the agent to provide local reference content and explicitly states no external API calls or network access. The script implements only local text output (cat heredocs) and a basic command dispatch; it does not read external files, environment variables, or make network calls. Small implementation oddity: the help heredoc is single-quoted ('HELPEOF'), so the $VERSION variable will not expand in the displayed help — a benign bug, not a security concern.
Install Mechanism
No install spec is provided and no binaries are installed. The skill is instruction-only plus a shell script; nothing is downloaded or written to disk by an installer.
Credentials
The skill declares no required environment variables, and the script does not access any credentials or environment-sensitive paths. No secret or unrelated credentials are requested.
Persistence & Privilege
always is false (default), user-invocable is true, and model invocation is allowed (normal). The skill does not request permanent presence or modify other skills or system-wide settings.
Assessment
This skill appears to be a harmless local reference implemented as a shell script: it prints static documentation for several crypto-related topics and does not perform network access or request credentials. Before installing, you may want to: 1) verify the few version mismatches if you need strict versioning; 2) review the script file to ensure no future updates add network calls or credential usage; and 3) prefer installing only from the upstream repository you trust. Because the skill can be invoked autonomously by the agent (the platform default), consider whether you want it enabled for automated runs—but combined with its lack of network/credential access, the risk is low.

Like a lobster shell, security has layers — review code before you run it.

chinesevk971mapysn8cymep3mvyqn4qz182pegrlatestvk976m9vt40659dcbxgzrymx5b983ghz4productivityvk9760bsrv89rwmmcz031zavzsx82s6hk

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments