← Back to Skills Marketplace

vs-test

Name: vs-test
Author: valuescan-io

by ValueScan-ai · GitHub ↗ · v1.0.1 · MIT-0

cross-platform ⚠ suspicious

Downloads

Stars

Active Installs

Versions

Install in OpenClaw

/install vs-test

Description

ValueScan数据查询Skill。支持代币搜索、K线数据、主力资金流分析、链上数据查询等加密货币市场数据分析功能。

Usage Guidance

This skill implements ValueScan API calls and legitimately needs an API key and Secret for HMAC signing, but the package metadata failed to declare that. Before installing: (1) Confirm how the skill expects credentials — the SDK reads ~/.openclaw/credentials/valuescan.json, whereas registry metadata claims no config paths; decide whether you are comfortable storing keys there. (2) Only provide a keyspair with minimal privileges (rotate or revoke if unsure). (3) Verify the skill source and homepage (https://www.valuescan.ai) and prefer registering API keys via the official developer portal. (4) If you need stricter isolation, run the skill in a sandboxed agent or deny file-system access to the home directory. (5) Ask the publisher to correct registry metadata to explicitly declare required credentials and config paths, and/or change the SDK to accept credentials from declared env vars rather than an undeclared file.

Capability Analysis

Type: OpenClaw Skill Name: vs-test Version: 1.0.1 The skill bundle is a legitimate integration for the ValueScan cryptocurrency data API. It contains a Node.js SDK (vs_api_sign.js) that implements standard HMAC-SHA256 request signing and a comprehensive set of API reference definitions in the references/ directory. Credential handling is performed locally via ~/.openclaw/credentials/valuescan.json, and all network requests are directed to the official api.valuescan.io domain. No evidence of malicious intent, data exfiltration, or prompt injection was found.

Capability Tags

cryptorequires-walletcan-make-purchasesrequires-sensitive-credentials

Capability Assessment

⚠ Purpose & Capability

Name/description match a cryptocurrency data API and the code + references implement many ValueScan endpoints — that is coherent. However the registry metadata claims no required credentials or config paths while SKILL.md and the included SDK require API Key/Secret; this metadata omission is inconsistent and reduces transparency.

⚠ Instruction Scope

SKILL.md describes only ValueScan API usage (K-lines, fund flows, on-chain data). The included SDK code (script/sdk/vs_api_sign.js) reads credentials from a local file (~/.openclaw/credentials/valuescan.json) and performs signed POSTs to https://api.valuescan.io — the network calls are to the expected host. The concern is that the runtime instructions and SDK access a local credentials file which was not declared in the registry metadata; the skill therefore accesses local filesystem state (the credentials file) outside what the metadata advertised.

✓ Install Mechanism

No install spec (instruction-only + small SDK file). No remote downloads or extraction. The SDK uses only built-in Node modules (crypto/fs/url) and contains a small example; risk from install mechanisms is low.

⚠ Credentials

SKILL.md declares two required credentials (api_key and secret_key) and the SDK requires valuescanApiKey/valuescanSecretKey — these are proportionate for calling the API. But the registry metadata lists no required env vars and no config paths; the SDK instead expects a credential file at ~/.openclaw/credentials/valuescan.json. That mismatch is a proportionality/transparency problem: the skill needs secrets (normal) but fails to declare how it expects them to be provided (env vs config file) in the registry metadata.

✓ Persistence & Privilege

always is false and the skill does not request system-wide privileges. It reads a credential file in the user's home directory but does not modify other skills or system configs. Autonomous invocation is allowed (platform default) — combine this with the credential access mismatch when deciding trust.

How to Use

Make sure OpenClaw is installed (local or Docker)
Run the install command in chat: /install vs-test
After installation, invoke the skill by name or use /vs-test
Provide required inputs per the skill's parameter spec and get structured output

Version History

v1.0.1

vs-test 1.0.1 - Added detailed SKILL.md documentation, including API usage scenarios, endpoint descriptions, parameters, and integration guide. - SKILL.md provides a comprehensive reference for ValueScan cryptocurrency data analysis capabilities. - Outlines quick start instructions and detailed directory structure for easy onboarding and development. - Specifies authentication, parameter acquisition, and common use cases for end users.

Metadata

Slug vs-test

Version 1.0.1

License MIT-0

All-time Installs 0

Active Installs 0

Total Versions 1

Frequently Asked Questions

What is vs-test?

ValueScan数据查询Skill。支持代币搜索、K线数据、主力资金流分析、链上数据查询等加密货币市场数据分析功能。 It is an AI Agent Skill for Claude Code / OpenClaw, with 74 downloads so far.

How do I install vs-test?

Run "/install vs-test" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.

Is vs-test free?

Yes, vs-test is completely free, licensed under MIT-0. You can download, install and use it at no cost.

Which platforms does vs-test support?

vs-test is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).

Who created vs-test?

It is built and maintained by ValueScan-ai (@valuescan-io); the current version is v1.0.1.

More Skills