valuescan-data-skill

This skill appears to implement a legitimate ValueScan API client, but there are important inconsistencies you should resolve before installing: - The SKILL.md and the included SDK require a ValueScan API Key and Secret and expect them in a local file: ~/.openclaw/credentials/valuescan.json. The registry metadata, however, lists no required credentials or config paths. Confirm with the publisher which credential mechanism is intended (env vars vs credential file). - If you proceed, store credentials only in a secure location (not shared accounts), and consider using separate API credentials with least privilege. Inspect the credentials file path and contents before creating it; the SDK reads this file and will throw if missing. - Review the included vs_api_sign.js yourself (it is short and uses only built-in Node modules) or request the publisher to explain the discrepancy in metadata. Verify the official dev portal (https://www.valuescan.ai/dev-portal/home/) and vet the API keys issuance process. - If you are uncomfortable storing secrets in the home credentials file, ask the publisher for an alternative (environment variables or platform secret storage) or for updated metadata that declares the required config path. If the publisher cannot explain or fix the metadata mismatch, treat the skill with caution (do not provide high-value/production credentials).