Crypto News
PassAudited by ClawScan on May 10, 2026.
Overview
This skill coherently fetches BlockBeats crypto news using a disclosed API key, with no evidence of hidden persistence, destructive actions, or unrelated data access.
Before installing, make sure you trust the BlockBeats API endpoint and are comfortable providing BLOCKBEATS_API_KEY. The code appears limited to fetching and displaying news, but the API key should still be treated as a sensitive credential.
Findings (1)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
The agent can make BlockBeats API requests using the configured API key when this skill is invoked.
The skill uses a provider API key from the environment and sends it to the BlockBeats API endpoint for authentication. This is disclosed and purpose-aligned, but users should recognize that the agent can use that configured credential.
const apiKey = process.env.BLOCKBEATS_API_KEY; ... headers: { 'Authorization': `Bearer ${apiKey}` }Use a revocable, least-privilege BlockBeats API key if available, and only configure the key if you are comfortable with this skill querying that service.