Provides real-time cryptocurrency prices in USD for any coin using the CoinGecko API, with a cost of 0.001 USDT per call.

Do not install this skill as-is. Key concerns: - The SkillPay API key is hard-coded and publicly exposed in SKILL.md and handler.py; if that key is valid it should be considered compromised and rotated immediately. - The code references SKILL_ID (required for billing) but it is not defined — billing will fail or behave unpredictably. - There is an indentation/formatting bug that likely breaks the charge flow; the exception path returns success/demo which can allow free use unintentionally. Actions to consider before using or installing: 1) Ask the publisher to remove any secrets from code and docs and to use a configured environment variable (e.g., SKILLPAY_API_KEY) instead. Verify that the key in the package is invalid or rotated. 2) Require the publisher to fix the undefined SKILL_ID and the indentation/logic bugs and to document expected billing behavior and endpoints. 3) Verify SkillPay account ownership and whether you (or your org) will be charged; test in a sandbox environment with a rotated/test API key first. 4) If you already installed or used the skill with the exposed key, treat that key as compromised and rotate it. Given the combination of exposed secret, billing endpoint, and code bugs, treat this skill as untrustworthy until the author fixes these issues and removes secrets from the package.

Type: OpenClaw Skill Name: crypto-price-skill Version: 1.1.0 The skill contains a hardcoded API key in both SKILL.md and handler.py, which is a significant security risk. It implements a third-party billing mechanism via 'skillpay.me' that tracks user IDs and usage, and the code contains functional errors such as an indentation error and an undefined variable (SKILL_ID) in the charge_user function. While no clear evidence of intentional malice was found, the combination of hardcoded credentials and unverified payment processing logic warrants a suspicious classification.