← 返回 Skills 市场
a4205586

Coinank Openapi Skill

作者 a4205586 · GitHub ↗ · v1.0.0
cross-platform ⚠ suspicious
447
总下载
0
收藏
1
当前安装
1
版本数
在 OpenClaw 中安装
/install coinank-openapi-skill
功能描述
call coinank openapi to get data
使用说明 (SKILL.md)

权限声明

SECURITY MANIFEST:

- Allowed to read: {baseDir}/references/*.json

- Allowed to make network requests to: https://open-api.coinank.com

工作流 (按需加载模式)

当用户提出请求时,请严格执行以下步骤:

  1. 目录索引:首先扫描 {baseDir}/references/ 目录下的所有文件名,确定哪些 OpenAPI 定义文件与用户需求相关。
  2. 精准读取:仅读取选定的 .json 文件,分析其 pathsparametersrequestBody。其中paths内是一个对象,对象的key就是path
  3. 构造请求:使用 curl 执行请求。
    • Base URL: 统一使用 https://open-api.coinank.com(或从 JSON 的 servers 字段提取)。
    • Auth: 从环境变量 COINANK_API_KEY 中获取 apikey 注入 Header。
    • 如果参数有endTime,尽量传入最新的毫秒级时间戳
    • OpenAPI文档内的时间戳都是示例.如果用户没有指定时间,请使用最新的时间和毫秒级时间戳

注意事项

  • 禁止全量加载:除非用户请求涉及多个领域,否则禁止同时读取多个 JSON 文件。
  • 参数校验:在发起请求前,必须根据 OpenAPI 定义验证必填参数是否齐全。
安全使用建议
This skill appears coherent: it needs your CoinAnk API key to call CoinAnk endpoints and uses only the included OpenAPI specs. Before installing, confirm you trust coinank.com and that the API key you provide has only the necessary read privileges (avoid providing a more-privileged key). Consider rotating the key if you stop using the skill. Because the skill can make network requests to the CoinAnk domain, do not supply high-privilege or multi-service credentials; verify any returned data before acting on it.
功能分析
Type: OpenClaw Skill Name: coinank-openapi-skill Version: 1.0.0 The skill bundle is classified as suspicious due to a high risk of shell injection vulnerability. The `SKILL.md` explicitly instructs the AI agent to "使用 curl 执行请求" (execute request using curl). While the target domain `https://open-api.coinank.com` is whitelisted, many API parameters defined in the `references/*.openapi.json` files are user-controlled strings (e.g., `symbol`, `exchange`, `interval`, `sortBy`, `amount`, `search`). If the AI agent constructs the `curl` command by directly interpolating these user-controlled inputs without proper shell escaping, an attacker could inject arbitrary shell commands, leading to remote code execution on the host system. This represents a critical vulnerability, even though the skill bundle itself does not contain explicit malicious payloads.
能力评估
Purpose & Capability
Name/description state: call CoinAnk OpenAPI. Declared requirement: COINANK_API_KEY. Files are OpenAPI JSONs for CoinAnk endpoints. All requested resources (OpenAPI files + API key) align with the stated purpose.
Instruction Scope
SKILL.md limits actions to: index/read {baseDir}/references/*.json, validate parameters against those OpenAPI files, and make curl requests to https://open-api.coinank.com with apikey header. It does not instruct reading other system files or calling other external endpoints.
Install Mechanism
No install spec and no code files — instruction-only. Nothing is downloaded or written to disk by the skill itself, minimizing install-time risk.
Credentials
Only one env var is required (COINANK_API_KEY) and it is the primary credential used to authenticate to the CoinAnk API, which matches the skill's purpose. No unrelated secrets or config paths are requested.
Persistence & Privilege
always is false and the skill does not request persistent system privileges or configuration changes. Autonomous invocation is allowed by platform default but is not combined with other concerning privileges.
如何使用
  1. 确保已安装 OpenClaw(本地或 Docker 部署)
  2. 在对话框中输入安装命令:/install coinank-openapi-skill
  3. 安装完成后,直接呼叫该 Skill 的名称或使用 /coinank-openapi-skill 触发
  4. 根据 Skill 的参数说明提供必要输入,即可获得结构化输出
版本历史
v1.0.0
Initial release of coinank-openapi-skill. - Allows secure access to coinank OpenAPI via https://open-api.coinank.com. - Requires environment variable COINANK_API_KEY for authentication. - Reads relevant OpenAPI JSON files on-demand from the `{baseDir}/references/` directory. - Validates required parameters against OpenAPI definitions before making requests. - Constructs requests using curl, with special handling for timestamps and headers. - Includes clear security and access restrictions for files and network access.
元数据
Slug coinank-openapi-skill
版本 1.0.0
许可证
累计安装 1
当前安装数 1
历史版本数 1
常见问题

Coinank Openapi Skill 是什么?

call coinank openapi to get data. 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件,目前累计下载 447 次。

如何安装 Coinank Openapi Skill?

在 OpenClaw 或 Claude Code 对话框中运行命令「/install coinank-openapi-skill」即可一键安装,无需额外配置。

Coinank Openapi Skill 是免费的吗?

是的,Coinank Openapi Skill 完全免费(开源免费),可自由下载、安装和使用。

Coinank Openapi Skill 支持哪些平台?

Coinank Openapi Skill 跨平台运行,可在任意部署了 OpenClaw / Claude Code 的环境中使用(cross-platform)。

谁开发了 Coinank Openapi Skill?

由 a4205586(@a4205586)开发并维护,当前版本 v1.0.0。

推荐 Skills
self-improving agent
Captures learnings, errors, and corrections to enable continuous improvement. Use when: (1) A command or operation fails unexpectedly, (2) User corrects Clau...
⬇ 463283 · by pskoett
Skill Vetter
Security-first skill vetting for AI agents. Use before installing any skill from ClawdHub, GitHub, or other sources. Checks for red flags, permission scope, and suspicious patterns.
⬇ 259410 · by spclaudehome
Polymarket
Query Polymarket prediction markets. Check odds, find trending markets, search events, track price movements.
⬇ 232503 · by joelchance
Self-Improving + Proactive Agent
Self-reflection + Self-criticism + Self-learning + Self-organizing memory. Agent evaluates its own work, catches mistakes, and improves permanently. Use when...
⬇ 200423 · by ivangdavila
Github
Interact with GitHub using the `gh` CLI. Use `gh issue`, `gh pr`, `gh run`, and `gh api` for issues, PRs, CI runs, and advanced queries.
⬇ 191113 · by steipete
ontology
Typed knowledge graph for structured agent memory and composable skills. Use when creating/querying entities (Person, Project, Task, Event, Document), linkin...
⬇ 190156 · by oswalpalash

💬 留言讨论