Antalpha Airdrop Hunter
v1.3.0Elite Web3 airdrop strategist with S/A/B grading, scam shields, and guided hunting workflow; triggers when users ask about airdrops, want to check projects,...
⭐ 1· 35·0 current·0 all-time
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
Capability signals
These labels describe what authority the skill may exercise. They are separate from suspicious or malicious moderation verdicts.
OpenClaw
Benign
high confidencePurpose & Capability
Name/description match the provided files: grading rules, scam-detection guidance, templates, and a date-filter script. No unrelated environment variables, binaries, or privileged config paths are requested. The included python script only filters article dates and is consistent with the skill's stated data-pipeline/ report generation needs.
Instruction Scope
SKILL.md defines an opinionated workflow and mandates automatic execution of internal tools based on user inputs (e.g., auto-run scam-check for pasted URLs). It also requires parsing JSON results from upstream MCP tools and rendering them as formatted Markdown (including translating 'savage_comment'). This is consistent with the skill's UX but means the agent will automatically invoke the skill's checking tools on user-supplied URLs or project names — users should be aware that pasting URLs triggers checks and the agent may fetch/resolve them via MCP tooling.
Install Mechanism
No install spec present (instruction-only skill). No external downloads or archive extraction. Only a small local script (date_filter.py) is included and is benign. Low installation risk.
Credentials
The skill requests no environment variables, no credentials, and no config paths. Claims to use public APIs (DefiLlama) and hard-coded funding/watchlist data — those are plausible for the described functionality and do not require secrets.
Persistence & Privilege
always is false and the skill does not request elevated persistence or changes to other skills. disable-model-invocation is false (normal) which allows autonomous invocation; this matches the skill's design (automation triggers) and is expected for an interactive assistant.
Assessment
This skill appears internally consistent with its stated purpose, but before installing consider: 1) The agent will auto-run its internal checks when you paste URLs or just provide project names — don't paste private keys or sensitive secrets; only paste public URLs you want checked. 2) The skill expects to parse JSON from MCP tools and render it — verify you trust the MCP/tooling environment that will fetch and supply that JSON (it is the component that may make network calls on your behalf). 3) If you plan to act on airdrop advice, use best practices: never share private keys, use a separate/spending wallet or test wallet for interactions, and independently verify high-stakes links (check official Twitter bio, GitHub, and Etherscan). 4) If concerned, review the referenced public repository (the SKILL.md includes GitHub links) and the included code yourself or run the skill in a sandboxed agent environment.Like a lobster shell, security has layers — review code before you run it.
latestvk9767takrqrxpwy6m31mqcxd9984thn2
License
MIT-0
Free to use, modify, and redistribute. No attribution required.