ClawHub

Token Profiler

v1.0.1

One API call replaces CoinGecko + DexScreener + GoPlus + on-chain queries. Enriched token data from 5 sources, clean JSON, under 3 seconds. Free, no key needed.

0· 316·0 current·0 all-time
byDev 2 - SentienLabs@vswarm-ai
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
The name/description promise (aggregate CoinGecko, DexScreener, GoPlus, on‑chain) aligns with the SKILL.md: the agent is instructed to call a single network endpoint which claims to provide those aggregated fields. No unrelated binaries, env vars, or install steps are requested.
Instruction Scope
Runtime instructions only tell the agent to call the specified HTTPS endpoint with a token address or name and return JSON. This stays within the advertised scope, but it does instruct the agent to transmit user-provided token identifiers to an external service (verdictswarm-production-7460.up.railway.app), which has privacy implications.
Install Mechanism
There is no install spec or code to download — lowest-risk model for code execution. The skill is instruction-only and relies on outbound network access to the declared endpoint.
Credentials
The skill requests no environment variables, no credentials, and no config paths. That is proportional to its purpose (a plain network API call).
Persistence & Privilege
always is false and the skill does not request persistent system presence or modify other skills. Autonomous invocation is permitted (platform default) but not combined with other elevated privileges.
Assessment
This skill appears internally consistent: it just calls a third‑party API and returns JSON. Before installing, consider: (1) Trust and privacy — the endpoint (verdictswarm-production-7460.up.railway.app) is hosted on Railway and the skill has no homepage or source link, so you don't know who will receive token queries or how logs are stored; avoid sending any private keys, wallet seeds, or other secrets (the skill does not request them, but the endpoint will see whatever you send). (2) Data sensitivity — queries with internal or non‑public addresses could be logged by the service; test with public tokens first. (3) Availability and limits — the skill advertises a free tier with limits; confirm rate and SLA if you rely on it. (4) If you need stronger guarantees, request the skill author/source code or use an audited provider or self-hosted aggregator. If you want me to, I can attempt to fetch the endpoint's TLS/WHOIS info or suggest alternative, audited token-data providers.

Like a lobster shell, security has layers — review code before you run it.

cryptovk97ewfq767jf0w74kbnzyd1ct9824z1adatavk97ewfq767jf0w74kbnzyd1ct9824z1adefivk97ewfq767jf0w74kbnzyd1ct9824z1alatestvk97ewfq767jf0w74kbnzyd1ct9824z1amarket-datavk97ewfq767jf0w74kbnzyd1ct9824z1asolanavk97ewfq767jf0w74kbnzyd1ct9824z1atoken-datavk97ewfq767jf0w74kbnzyd1ct9824z1a

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments