📦 FeedOracle Compliance Intelligence — 合规风险评分

v1.2.3

为受监管代币市场提供MiCA合规证据与稳定币风险评分，集成27个MCP工具，所有响应采用ES256K签名，确保数据可信、不可篡改，适用于机构级合规审计与实时监控。

0· 304·0 当前·0 累计

by @feedoracle

安全数据分析 API工具云服务

下载技能包

最后更新

2026/3/14

安全扫描

VirusTotal

无害

查看报告

OpenClaw

安全

high confidence

NULL

评估建议

This skill appears to do what it says: it calls feedoracle.io endpoints and returns signed evidence. Before installing, confirm you are comfortable with queries being sent to an external service (feedoracle.io). Do not include PII or sensitive conversation history in user questions, agent registration, or audit entries — the skill documents that such data should not be sent but will accept whatever the agent/user supplies. If you require strict prevention of autonomous calls, either change platf...

详细分析 ▾

✓ 用途与能力

Name/description match the runtime behavior: it queries feedoracle.io MCP endpoints for MiCA/stablecoin evidence. Declared required binary (curl) and optional FEEDORACLE_API_KEY align with the described API-based workflow. No unrelated credentials, binaries, or config paths are requested.

ℹ 指令范围

SKILL.md clearly restricts what is sent: read-only tools send only a token symbol, ai_query sends only the explicit question text, and user-initiated tools (kya_register, audit_log) send agent metadata or decision text. This scope is appropriate for the stated purpose. Caveat: because this is instruction-only, accidental inclusion of PII or conversation context in user-supplied questions or decision text remains possible — the skill relies on the agent (and user) to follow the guidance.

✓ 安装机制

No install spec or downloaded code — instruction-only skill. This is the lowest-risk install posture; nothing is written to disk by the skill package itself.

✓ 凭证需求

No required environment variables are declared. An optional FEEDORACLE_API_KEY is documented for higher rate limits, which is proportionate to the advertised tiers. There are no unexplained SECRET/TOKEN requirements.

ℹ 持久化与权限

Skill metadata uses default platform settings (user-invocable true, disable-model-invocation false) which permit autonomous invocation, but the SKILL.md repeatedly instructs the agent not to auto-invoke and to call the tool only on explicit user requests. This is a minor inconsistency between runtime guidance and platform invocation defaults — not itself malicious, but worth confirming with host policy or turning off autonomous invocation if you require enforced user-only calls.

安全有层次，运行前请审查代码。

运行时依赖

无特殊依赖

版本

latestv1.2.32026/3/12

NULL

● 无害

安装命令

点击复制

官方npx clawhub@latest install feedoracle-compliance

镜像加速npx clawhub@latest install feedoracle-compliance --registry https://cn.longxiaskill.com

数据来源：ClawHub ↗ · 中文优化：龙虾技能库