ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Solana Whale Tracker Pro

v1.0.0

Real-time monitoring of Solana token prices, large transfers, liquidity pools, new tokens, and price alerts via Telegram and email.

0· 8·0 current·0 all-time
by@chungvic
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Suspicious
high confidence
Purpose & Capability
Name/description (Solana price/whale monitoring + Telegram/email alerts) match the included Python scripts which call CoinGecko, a Solana RPC, Telegram API and SMTP — those capabilities are coherent with the stated purpose. However the registry metadata declares no required env vars or config paths even though the skill needs Telegram bot credentials and SMTP credentials; the skill's top-level metadata in your registry also claims 'source: unknown / homepage: none' while _meta.json/README point to a GitHub repo — metadata is inconsistent.
!
Instruction Scope
SKILL.md and README instruct creating config/config.yaml or a .env with secrets and running the scripts. The scripts themselves do not contain code to automatically load config/config.yaml or .env (they accept credentials via method calls), so the runtime instructions are inconsistent with actual code behavior. The instructions ask you to supply Telegram bot token/chat_id and SMTP credentials which will be sent to Telegram API and your SMTP provider (expected), but because the skill does not clearly document how/where credentials are loaded, there is risk of misconfiguration or accidental exposure.
Install Mechanism
No install spec is provided (instruction-only for the platform), and dependencies are minimal (requests, python-dotenv). This is lower-risk than arbitrary binary downloads. Still, the skill does include Python scripts and a requirements.txt but the registry listed no required binaries; that's an operational inconsistency to be aware of.
!
Credentials
Registry 'required env vars' is empty, yet the README and SKILL.md ask for TELEGRAM_BOT_TOKEN, TELEGRAM_CHAT_ID and SMTP credentials (sender email/password). The code will use these secrets to authenticate with third-party services (Telegram and SMTP). The skill does not declare or enforce which secrets are required, nor does it show secure loading of them — this mismatch increases the chance of inadvertent secret leakage or misplacement. Also SKILL.md suggests config/config.yaml while README suggests .env; the code doesn't automatically read either, making secret management unclear.
Persistence & Privilege
The skill does not request persistent elevated privileges, always:false, and does not modify global agent settings or other skills. It runs as ordinary Python scripts and makes network calls to public APIs — normal for this kind of tool.
What to consider before installing
This package looks like a real Solana monitoring tool, but several mismatches are concerning: the registry declares no required secrets even though the tool needs a Telegram bot token/chat_id and SMTP credentials; SKILL.md and README disagree about whether to use config/config.yaml or .env; and the code does not clearly auto-load those config files. Before installing or supplying credentials: 1) Verify the publisher/source (follow the GitHub repo in _meta.json/README and confirm it's legitimate). 2) Inspect/modify the code to ensure credentials are read securely (use environment variables or a secrets store, avoid plain text files), or run the tool in an isolated environment. 3) Use app‑specific SMTP passwords (not your primary account password) and create a dedicated Telegram bot/chat for alerts. 4) If you plan to let the agent invoke this skill autonomously, be extra cautious — autonomous access combined with unclear secret handling increases risk. If you want, I can point out exact lines to modify so credentials are loaded via python-dotenv or a secure secrets API, and verify there is no hidden network exfiltration in the code.

Like a lobster shell, security has layers — review code before you run it.

latestvk978pqmfx7z0vgxtembxgwgk1d842njv

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

SKILL.md

Solana Monitor - OpenClaw 技能

版本: v0.1.0
状态: 开发中
作者: VIC ai-company

📋 技能说明

实时监控 Solana 生态数据,包括:

  • 📊 代币价格(CoinGecko API)
  • 🔔 价格警报(Telegram/邮件)
  • 🐋 大额转账追踪
  • 💧 流动性池监控
  • 🆕 新代币发现

🎯 使用场景

DeFi 交易者

  • 设置价格警报,不错过买卖点
  • 监控巨鲸动向,跟随聪明钱
  • 追踪流动性变化,避免 Rug Pull

NFT 交易者

  • 监控地板价变化
  • 追踪大额 NFT 交易
  • 发现新上线项目

项目方

  • 监控竞争对手数据
  • 追踪代币持有者分布
  • 市场情绪分析

📦 安装

# 在 OpenClaw 中
openclaw skills install solana-monitor

或手动安装:

cd /workspace/skills/solana-monitor
pip install -r requirements.txt

🔧 配置

创建配置文件 config/config.yaml

# 监控设置
monitoring:
  check_interval: 60  # 检查间隔(秒)
  price_delay: 5      # 价格延迟(秒)

# 警报设置
alerts:
  enabled: true
  channels:
    - telegram
    - email

# Telegram 配置
telegram:
  bot_token: YOUR_BOT_TOKEN
  chat_id: YOUR_CHAT_ID

# Email 配置
email:
  smtp_server: smtp.gmail.com
  smtp_port: 587
  sender_email: your@gmail.com
  sender_password: YOUR_APP_PASSWORD

💻 使用示例

Python 调用

from scripts.price_monitor import PriceMonitor
from scripts.notifier import NotificationManager

# 初始化
monitor = PriceMonitor()
notifier = NotificationManager()

# 获取价格
sol_price = monitor.get_sol_price()
print(f"SOL: ${sol_price:.2f}")

# 设置警报
monitor.check_price_alert('solana', 90.0, 'above')

命令行

# 运行监控
python scripts/price_monitor.py

# 测试通知
python scripts/notifier.py

📊 定价

版本价格功能
免费$03 代币 + 5 警报
基础版$19/月20 代币 + 20 警报
专业版$49/月无限 + API
企业版$199/月定制 + SLA

🚧 开发路线图

  • 价格监控模块
  • 通知系统
  • 大额转账监控
  • 流动性监控
  • Web 仪表板
  • API 开放

最后更新: 2026-03-01
状态: 开发中(MVP 阶段)

Files

7 total
Select a file
Select a file to preview.

Comments

Loading comments…