Solana Whale Tracker Pro
Security checks across static analysis, malware telemetry, and agentic risk
Overview
The skill appears purpose-aligned for Solana monitoring and alerts, with no evidence of hidden exfiltration or destructive behavior, but users should review its credentials, external services, and manual install steps.
This appears reasonable for public Solana price and transaction monitoring. Before installing, confirm you trust the package source, use dedicated notification credentials, verify Telegram/email destinations, and do not rely on advertised advanced features unless you confirm they are implemented.
Static analysis
No static analysis findings were reported for this release.
VirusTotal
No VirusTotal findings
Risk analysis
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Anyone who obtains these values could send messages through the configured bot or email account.
The skill asks the user to provide Telegram bot and SMTP email credentials for alert delivery; this is aligned with the notification purpose but is not declared in the registry credential metadata.
telegram: bot_token: YOUR_BOT_TOKEN chat_id: YOUR_CHAT_ID ... email: sender_email: your@gmail.com sender_password: YOUR_APP_PASSWORD
Use a dedicated Telegram bot and an email app password, keep config files private, and revoke credentials if the skill is no longer used.
Configured alert messages and recipient details will be shared with the selected notification providers.
Alert content is sent to third-party notification providers, Telegram and SMTP email. This is expected for the skill's purpose, but users should understand where alerts are delivered.
response = requests.post(url, json=data, timeout=10) ... server.login(self.sender_email, self.sender_password) server.send_message(msg)
Verify Telegram chat IDs and email recipients before enabling alerts, and avoid putting highly sensitive information in alert messages.
Following the README could run a different version of the project if the external repository or dependencies change.
The README includes a manual remote clone and dependency installation workflow outside the registry install mechanism, so users may install code or dependency versions that differ from the reviewed artifact.
git clone https://github.com/vic-ai-company/solana-monitor.git cd solana-monitor # 安装依赖 pip install -r requirements.txt
Install from the reviewed package when possible, verify the repository, and prefer pinned dependency versions for reproducibility.
If invoked, the process can continue running and making network requests until stopped.
The whale monitor supports an indefinite monitoring loop, which is expected for real-time tracking but should be started deliberately.
def monitor_continuous(self, interval: int = 60):
...
while True:
...
time.sleep(interval)Run continuous monitoring only in a controlled terminal or scheduler and stop it when alerts are no longer needed.