Crypto News
PassAudited by VirusTotal on May 11, 2026.
Overview
Type: OpenClaw Skill Name: crypto-news Version: 1.0.0 The skill is designed to fetch crypto news from the BlockBeats API. It securely handles an API key from environment variables (`BLOCKBEATS_API_KEY`) and passes user-specified parameters (`NEWS_SIZE`, `NEWS_PAGE`, `NEWS_TYPE`) via environment variables to the `index.js` script. The script makes a standard HTTPS `fetch` request to a hardcoded domain (`api.theblockbeats.news`) and outputs formatted Markdown. There is no evidence of data exfiltration, malicious execution, persistence mechanisms, or prompt injection attempts in `SKILL.md` that would lead to harmful agent behavior. All actions are aligned with the stated purpose.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
The agent can make BlockBeats API requests using the configured API key when this skill is invoked.
The skill uses a provider API key from the environment and sends it to the BlockBeats API endpoint for authentication. This is disclosed and purpose-aligned, but users should recognize that the agent can use that configured credential.
const apiKey = process.env.BLOCKBEATS_API_KEY; ... headers: { 'Authorization': `Bearer ${apiKey}` }Use a revocable, least-privilege BlockBeats API key if available, and only configure the key if you are comfortable with this skill querying that service.