Security Scanner Pro
安全扫描器 - 智能合约和 DApp 安全分析
MIT-0 · Free to use, modify, and redistribute. No attribution required.
⭐ 0 · 60 · 0 current installs · 0 all-time installs
MIT-0
Security Scan
OpenClaw
Suspicious
medium confidencePurpose & Capability
The name/description promise a 24/7 automated smart-contract/DApp scanner with API integrations and real-time monitoring, but the skill is instruction-only with no code, no install spec, and no declared credentials or endpoints. Requesting only 'curl' as a required binary is inadequate for the claimed functionality; the listing claims integrations but provides no mechanism or required keys to access external services.
Instruction Scope
SKILL.md contains only marketing-like content, an example install command (clawhub install security-scanner), and pricing; it does not include concrete runtime instructions, commands to call external APIs, nor steps that access user files or environment variables. Because the instructions are minimal, there is no explicit data-exfiltration behavior, but the lack of operational detail makes it impossible to verify the scanner actually performs the claimed tasks.
Install Mechanism
There is no install specification or code — this is an instruction-only listing. That reduces the immediate risk of arbitrary code being downloaded, but the provided install command references 'clawhub' with no accompanying implementation or source. The absence of an install artifact means the listing is incomplete or a stub.
Credentials
The registry metadata sets primary credential to 'bash' (not an environment variable or credential) and declares no required env vars, yet the skill claims API integration. A real scanner integrating with blockchains or third-party services would normally require RPC endpoints, API keys, or wallet credentials. This mismatch is disproportionate and unclear — either the skill is incomplete or it's omitting required secrets.
Persistence & Privilege
The skill does not request always:true, does not declare config paths, and has no install-time persistence. Autonomous invocation is allowed (platform default), but there is no evidence here of elevated or persistent privileges beyond the normal platform behavior.
What to consider before installing
This listing appears incomplete and inconsistent. Do not install or grant any credentials yet. Ask the publisher for: (1) source code or a release URL for the scanner binary; (2) a clear install specification and what 'clawhub install' does; (3) a list of required environment variables and why they are needed (e.g., RPC endpoints, API keys, wallet access); (4) proof that the service runs on reputable infrastructure. If the publisher cannot supply verifiable code or a trusted install origin, avoid using this skill. Never provide private keys, API secrets, or wallet credentials to this skill until you can review the implementation and confirm the install source.Like a lobster shell, security has layers — review code before you run it.
Current versionv1.0.0
Download ziplatest
License
MIT-0
Free to use, modify, and redistribute. No attribution required.
Runtime requirements
Binscurl
Primary envbash
SKILL.md
security-scanner
安全扫描器 - 智能合约和 DApp 安全分析
价格:$400 USDC
功能特性
- 自动化执行,7x24 小时运行
- API 集成,支持主流平台
- 配置灵活,易于定制
- 实时监控,自动优化
安装方式
clawhub install security-scanner
使用示例
详见文档
收益潜力
- 预期月收益:$800-$((400 * 4))
- 回本周期:1-2 个月
- 边际成本:几乎为零
Files
2 totalSelect a file
Select a file to preview.
Comments
Loading comments…