← Back to Skills Marketplace

coinank-openapi

Name: coinank-openapi
Author: annata

by annata · GitHub ↗ · v1.0.2

cross-platform ⚠ suspicious

550

Downloads

Stars

Active Installs

Versions

Install in OpenClaw

/install coinank-openapi

Description

call coinank openapi to get data

README (SKILL.md)

权限声明

SECURITY MANIFEST:

- Allowed to read: {baseDir}/README.md, {baseDir}/references/*.json

- Allowed to make network requests to: https://open-api.coinank.com

工作流 (按需加载模式)

当用户提出请求时，请严格执行以下步骤：

检查API密钥：首先检查环境变量 COINANK_API_KEY 是否存在。如果不存在，提示用户设置API密钥。
阅读README：仔细阅读README.md
目录索引：扫描 {baseDir}/references/ 目录下的所有文件名，确定哪些 OpenAPI 定义文件与用户需求相关。
精准读取：仅读取选定的 .json 文件，分析其 paths、parameters 和 requestBody。其中paths内是一个对象,对象的key就是path
构造请求：使用 curl 执行请求。
- Base URL: 统一使用 https://open-api.coinank.com（或从 JSON 的 servers 字段提取）。
- Auth: 从环境变量 COINANK_API_KEY 中获取 apikey 注入 Header。
- 如果参数有endTime,尽量传入最新的毫秒级时间戳
- OpenAPI文档内的时间戳都是示例.如果用户没有指定时间,请使用最新的时间和毫秒级时间戳

注意事项

禁止全量加载：除非用户请求涉及多个领域，否则禁止同时读取多个 JSON 文件。
参数校验：在发起请求前，必须根据 OpenAPI 定义验证必填参数是否齐全。
错误处理：当请求失败时，向用户显示友好的提示信息，并记录详细的错误日志。
API密钥配置：用户需要自行设置环境变量 COINANK_API_KEY，例如：export COINANK_API_KEY="your_api_key"

Usage Guidance

This skill appears to do what it says: it will read the included OpenAPI JSON files and README and then call https://open-api.coinank.com using the COINANK_API_KEY you supply (sent in the HTTP header). Before installing, confirm you trust coinank.com and are comfortable exposing the API key to that external service. Use a key with minimal privileges if possible and rotate or revoke the key if you stop using the skill. Note that the skill may log request errors (check where agent logs are stored) — avoid putting high-privilege or unrelated secrets into the same environment.

Capability Analysis

Type: OpenClaw Skill Name: coinank-openapi Version: 1.0.2 The `SKILL.md` instructs the AI agent to construct `curl` commands for API interaction. While the network requests are restricted to a specific domain (`https://open-api.coinank.com`), the instructions do not explicitly detail input sanitization for user-provided parameters (e.g., `symbol`, `exchange`, `endTime`, `size`) when building these `curl` commands. This creates a potential shell injection vulnerability if the AI agent's execution environment does not adequately sanitize user input before executing shell commands, allowing for unauthorized command execution. However, there is no clear evidence of intentional malicious behavior such as data exfiltration to unauthorized endpoints or persistence mechanisms within the skill bundle.

Capability Assessment

✓ Purpose & Capability

Name/description (coinank-openapi) match the declared requirement (COINANK_API_KEY) and the included OpenAPI reference files; allowed network host is the CoinAnk OpenAPI URL. There are no unrelated env vars, binaries, or install steps requested.

✓ Instruction Scope

SKILL.md restricts runtime actions to checking COINANK_API_KEY, reading README.md and selected OpenAPI JSON files under references/, validating parameters, and issuing curl requests to https://open-api.coinank.com with the apikey header. It does not instruct reading unrelated system files or sending data to other endpoints. It does ask to 'log detailed errors' but does not specify writing to sensitive system paths.

✓ Install Mechanism

No install spec — instruction-only skill. No downloads or package installs are declared, which is the lowest-risk install profile.

✓ Credentials

Only one credential is required (COINANK_API_KEY) and it is declared as the primary credential. That credential is appropriate and necessary for calling the CoinAnk API. No other sensitive env vars or cross-service keys are requested.

✓ Persistence & Privilege

always is false and the skill does not request persistent system-wide privileges or modifications. It does not require enabling itself permanently or altering other skills' configurations.

How to Use

Make sure OpenClaw is installed (local or Docker)
Run the install command in chat: /install coinank-openapi
After installation, invoke the skill by name or use /coinank-openapi
Provide required inputs per the skill's parameter spec and get structured output

Version History

v1.0.2

- Initial release with full repository added, including configuration, hooks, and references. - Updated SKILL.md to improve workflow: now checks for API key and provides user guidance if missing. - Enhanced error handling and user messaging for failed requests. - Added permission to read README.md and included instructions to read it during the workflow. - Clarified instructions for API key configuration and parameter validation.

v1.0.1

Version 1.0.1 of coinank-openapi

v1.0.0

Initial release of coinank-openapi skill. - Enables data retrieval from Coinank OpenAPI. - Requires a COINANK_API_KEY environment variable for authentication. - Securely reads OpenAPI JSON definitions from local references. - Constructs requests to https://open-api.coinank.com using file-based API definitions. - Ensures only necessary OpenAPI files are loaded and required parameters are validated before requests.

Metadata

Slug coinank-openapi

Version 1.0.2

License —

All-time Installs 2

Active Installs 2

Total Versions 3

Frequently Asked Questions

What is coinank-openapi?

call coinank openapi to get data. It is an AI Agent Skill for Claude Code / OpenClaw, with 550 downloads so far.

How do I install coinank-openapi?

Run "/install coinank-openapi" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.

Is coinank-openapi free?

Yes, coinank-openapi is completely free (open-source). You can download, install and use it at no cost.

Which platforms does coinank-openapi support?

coinank-openapi is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).

Who created coinank-openapi?

It is built and maintained by annata (@annata); the current version is v1.0.2.

More Skills