ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Crypto Holdings Monitor

加密货币持仓监控工具。支持多钱包地址监控、实时价格查询、持仓统计。

MIT-0 · Free to use, modify, and redistribute. No attribution required.
0 · 16 · 0 current installs · 1 all-time installs
by@SxLiuYu
MIT-0
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Suspicious
high confidence
!
Purpose & Capability
The SKILL.md advertises multi-wallet address monitoring, holdings/statistics, profit calculation, and scheduled alerts. The shipped script only stores wallet addresses in ~/.crypto-portfolio.json, prints stored addresses, and fetches USD prices from CoinGecko. It does not query blockchain balances, compute holdings or profits, or implement scheduled reporting. Also _meta.json mentions python3 as a required binary while the registry summary showed no required binaries—this metadata mismatch is incoherent.
!
Instruction Scope
Runtime instructions tell the agent/user to run python3 scripts/portfolio.py for add/view/refresh/report; that matches the code. However SKILL.md documents optional environment variables (BTC_COST, ETH_COST, etc.) and features (holdings,收益计算,定时播报) that the script does not actually use or implement, which is misleading. The script only contacts CoinGecko (api.coingecko.com) — no other external endpoints.
Install Mechanism
No install spec is present (instruction-only with a bundled Python script). This is low-risk from an installation perspective — nothing is downloaded at install time.
Credentials
The skill declares no required credentials or config paths and the code does not request secrets. SKILL.md lists optional COST environment variables for profit calculation, but the script does not read them. No unexplained credentials are requested.
Persistence & Privilege
always is false and the skill does not request persistent system-wide privileges. It writes a single user file (~/.crypto-portfolio.json) to store wallet addresses, which is consistent with local state for this kind of tool.
What to consider before installing
This package is inconsistent: it promises wallet balance monitoring, profit calculation, and scheduled alerts, but the code only saves wallet addresses locally and fetches price data from CoinGecko. Before installing or using it, review the script yourself. Note it will create/modify ~/.crypto-portfolio.json (which will contain any wallet addresses you add). The tool contacts api.coingecko.com (no API keys required). Because the source and homepage are unknown, consider running it in an isolated environment or sandbox, or inspect/modify the code to implement the missing features (balance queries and profit calculations) before trusting it with production data. If you expected automatic on-chain balance fetching, this skill does not provide that — it may be incomplete or poorly maintained rather than malicious, but treat it with caution.

Like a lobster shell, security has layers — review code before you run it.

Current versionv1.0.0
Download zip
latestvk974zzn2rdtqwe5snhnvh3cbsx831d7n

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

SKILL.md

Crypto Portfolio Tracker 💰

追踪你的加密货币持仓,支持多钱包地址和实时价格查询。

功能

  • 📊 支持多钱包地址监控(ETH, BTC, SOL 等)
  • 💵 实时 USDC/USD 价格查询
  • 📈 持仓统计和占比分析
  • 💰 收益计算(按买入价)
  • 🔔 定时播报持仓变化

使用方法

添加钱包地址

python3 scripts/portfolio.py add 0x...

查看持仓

python3 scripts/portfolio.py view

刷新价格

python3 scripts/portfolio.py refresh

完整报告

python3 scripts/portfolio.py report

配置

环境变量(可选):

# 添加成本价(可选,用于计算收益)
export BTC_COST=45000
export ETH_COST=3000
export SOL_COST=100

示例

# 添加钱包
python3 scripts/portfolio.py add 0x742d35Cc6634C0532925a3b844Bc9e7595f0eB1E

# 查看持仓
python3 scripts/portfolio.py view

Files

3 total
Select a file
Select a file to preview.

Comments

Loading comments…