Description

Real-time crypto risk intelligence; before and as things break. Two tools: Flare (15-min precursor detection, immediate alarms) and Core (60-min state synthesis, context assessment). Free access to the last analysis. No API key required. Upgrade to x402 for custom analysis.

README (SKILL.md)

BlackSwan Risk Intelligence

Name: BlackClaw
Author: bilalmotiwala

BlackSwan monitors crypto markets 24/7 and produces two risk assessments:

Flare — Precursor detection from a 15-minute signal window. Use for immediate, alarm-bell risk checks. Before the news breaks.
Core — State synthesis from a 60-minute signal window. Use for market context and risk assessment. As the news breaks.

When to use each tool

Question	Tool
"Is something happening right now?"	Flare
"What's the overall market risk environment?"	Core
"Should I be worried about sudden moves?"	Flare
"Give me a full risk briefing"	Both (Flare first, then Core)

Base URL

https://mcp.blackswan.wtf

Endpoints

GET /api/flare

Returns the latest Flare precursor detection assessment.

curl -s https://mcp.blackswan.wtf/api/flare

Response fields:

Field	Description
`agent`	Always `"flare"`
`data_age`	Human-readable age of the data (e.g. "12 minutes ago")
`status`	`"clear"` or `"alert"`
`severity`	`"none"`, `"low"`, `"medium"`, `"high"`, or `"critical"`
`checked_at`	ISO 8601 timestamp of the assessment
`assessment`	Natural language risk assessment
`signals`	Array of detected signals, each with `type`, `source`, and `detail`

GET /api/core

Returns the latest Core state synthesis assessment.

curl -s https://mcp.blackswan.wtf/api/core

Response fields:

Field	Description
`agent`	Always `"core"`
`data_age`	Human-readable age of the data (e.g. "1 hour ago")
`timestamp`	ISO 8601 timestamp of the assessment
`environment`	`"stable"`, `"elevated"`, `"stressed"`, or `"crisis"`
`assessment`	Natural language risk assessment
`key_factors`	Array of strings describing the main risk factors
`sources_used`	Array of data source names used in the assessment
`data_freshness`	Description of how fresh the underlying data is

Interpreting severity levels (Flare)

Severity	Meaning
`none`	No precursors detected, markets quiet
`low`	Minor signals, worth noting but not actionable
`medium`	Notable signals, warrants attention
`high`	Strong precursors detected, elevated risk of sudden moves
`critical`	Extreme signals, immediate risk of major market event

Interpreting environment levels (Core)

Environment	Meaning
`stable`	Normal market conditions, low systemic risk
`elevated`	Above-normal risk, some stress indicators present
`stressed`	Significant stress across multiple indicators
`crisis`	Severe market stress, active dislocation or contagion

Error handling

HTTP Status	Meaning
`200`	Success, response contains full assessment
`502`	Agent output failed validation — format may have changed
`503`	No recent agent runs — system may be starting up
`500`	Unexpected server error

On non-200 responses, the body is {"error": "..."} with a human-readable message.

Complete risk check pattern

To get a full picture, call both endpoints:

curl -s https://mcp.blackswan.wtf/api/flare
curl -s https://mcp.blackswan.wtf/api/core

Present Flare results first (immediate risks), then Core (broader context).

Usage Guidance

This skill appears to be a simple client for the BlackSwan risk API and does not request secrets, but there are a few red flags to check before installing: 1) Confirm the correct project name — the registry lists 'BlackClaw' while the SKILL.md and homepage reference 'BlackSwan' (possible packaging mistake or copy/paste). 2) Verify the external endpoint (https://mcp.blackswan.wtf) and the GitHub repo (https://github.com/blackswanwtf/blackswan-mcp) yourself — ensure the service is reputable and you’re comfortable the agent calling it. 3) Ensure curl is available or acceptable to be used at runtime (SKILL.md notes it as a required binary). If you need stronger assurance, ask the publisher for the canonical repository link and a brief explanation of the naming mismatch, or run the skill in an isolated environment/network before granting it access to sensitive workflows.

Capability Analysis

Type: OpenClaw Skill Name: blackswan Version: 1.0.0 The skill bundle is benign. It provides instructions for an AI agent to fetch crypto risk intelligence data from `https://mcp.blackswan.wtf` using `curl`. There is no evidence of data exfiltration, malicious execution, persistence mechanisms, or prompt injection attempts against the agent. The `SKILL.md` clearly defines the purpose and the `curl` commands are standard GET requests to a specific, stated endpoint, without any high-risk flags.

Capability Assessment

⚠ Purpose & Capability

The SKILL.md describes a simple network client for a crypto risk API (Flare/Core), which is coherent with the stated purpose. However, the packaged skill name in the registry is 'BlackClaw' while the SKILL.md and homepage reference 'BlackSwan' (blackswan-mcp). Also the SKILL.md metadata requires the 'curl' binary but the registry metadata lists no required binaries. These inconsistencies suggest sloppy packaging or a copy/paste error and should be clarified before trusting the skill.

ℹ Instruction Scope

Runtime instructions are narrowly scoped: they direct the agent to call two public HTTP endpoints on https://mcp.blackswan.wtf and present results. The instructions do not ask the agent to read local files, access environment variables, or contact other external endpoints. The main risk is that the agent will send requests to an external, non-mainstream domain — expected for this type of skill but worth verifying the service's trustworthiness.

✓ Install Mechanism

There is no install spec and no code files (instruction-only), which limits on-disk risk. This is the lowest-risk install pattern. Note: SKILL.md lists a runtime dependency on curl (metadata: requires bins: ["curl"]) whereas the registry metadata earlier said no required binaries — an internal inconsistency to confirm.

✓ Credentials

The skill requests no environment variables, no credentials, and no config paths. That is proportionate for a read-only public API client and reduces risk of secret exfiltration.

✓ Persistence & Privilege

The skill is not marked always:true and is user-invocable (normal). It does not request persistent privileges or system-wide configuration changes.

Version History

v1.0.0

- Initial release of BlackSwan (now blackclaw) skill for real-time crypto risk intelligence. - Provides two main tools: Flare (15-min precursor detection) and Core (60-min market context analysis). - No API key is required for the latest analysis; upgrade available for custom requests. - Detailed API endpoints with sample commands and response formats. - Clear documentation on interpreting risk levels and error handling.

Metadata

Slug blackswan

Version 1.0.0

License —

All-time Installs 7

Active Installs 7

Total Versions 1

Frequently Asked Questions

What is BlackClaw?

Real-time crypto risk intelligence; before and as things break. Two tools: Flare (15-min precursor detection, immediate alarms) and Core (60-min state synthesis, context assessment). Free access to the last analysis. No API key required. Upgrade to x402 for custom analysis. It is an AI Agent Skill for Claude Code / OpenClaw, with 1825 downloads so far.

How do I install BlackClaw?

Run "/install blackswan" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.

Is BlackClaw free?

Yes, BlackClaw is completely free (open-source). You can download, install and use it at no cost.

Which platforms does BlackClaw support?

BlackClaw is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).

Who created BlackClaw?

It is built and maintained by bilalmotiwala (@bilalmotiwala); the current version is v1.0.0.

More Skills

BlackClaw