No API key, instant access. Binance and CoinGecko use our data. AI reads 20+ crypto media outlets in real time and ranks every article by importance. Market...
Security Analysis
medium confidenceThe skill's stated purpose (AI-ranked crypto news) aligns with what it requires and does: an instruction-only skill that uses curl to fetch data from an external news API; no unrelated binaries, installs, or credentials are requested.
Name/description promise (ranked crypto news, multi-language feeds, breaking headlines) is consistent with a skill that issues HTTP requests to an external news provider. The only required binary is curl, which is proportionate for making HTTP calls. No environment variables, config paths, or unrelated tools are requested.
The SKILL.md is instruction-only and appears to instruct the agent to call the provider's APIs (ns3.ai / docs.ns3.ai). That is within scope for a news feed skill. However the provided excerpt is truncated; I cannot verify every instruction line. Pay attention to any lines that would instruct the agent to collect local files, read environment vars, or include sensitive user data in requests—those would be out of scope. Also note that queries and context will be sent to an external service when the skill runs.
No install spec and no archives or third‑party packages are declared. Instruction-only skills that rely on existing curl are low-risk from an install perspective.
The skill declares no required credentials, no config paths, and no secret env vars. That matches the claim 'No API key'. There is no request for unrelated credentials or system secrets in the metadata.
always is false and the skill is user-invocable (normal). It does not request permanent system presence or to modify other skills. It can be invoked autonomously by the agent (platform default), which is expected for skills.
Guidance
This skill appears coherent for providing ranked crypto news and only requires curl. Before installing, consider: (1) the skill will send user queries and any provided context to an external API (ns3.ai) — do not submit private secrets (private keys, exchange API secrets, or personally identifying files) through it; (2) review ns3.ai's privacy policy and docs to understand what data they collect, store, and share; (3) verify the provider's claims (Binance/CoinGecko citations) if that matters for trust; (4) if you plan to use it in automated workflows, decide whether to allow autonomous invocation (default) or require manual invocation to limit automatic exfiltration of sensitive context. If you want a deeper check, provide the full, untruncated SKILL.md so I can confirm there are no instructions that read local files or environment variables beyond what's declared.
Latest Release
v1.0.6
- Documentation link updated from /ns3-rss to /ns3-api for clarity and accuracy. - Expanded purpose and philosophy section: clarified classification logic, added new "Similar Past Cases" insight, and made Level 1/2 criteria more explicit. - Coverage section now includes explicit mention of security incidents (hacks, exploits, bridge failures). - Improved explanation and explicit phrasing throughout for fact/analysis separation and classification process. - Description order streamlined for consistency (API key mention moved forward). - No functional or API changes; update is documentation and phrasing only.
Popular Skills
Published by @assembleai-crypto on ClawHub
