Airdrop Monitor CN
PassAudited by VirusTotal on May 11, 2026.
Overview
Type: OpenClaw Skill Name: airdrop-monitor-cn Version: 0.1.3 The airdrop-monitor-cn skill is a legitimate tool designed to monitor cryptocurrency project announcements for updates and deadlines. The code in app.py and monitor.py performs its stated functions—fetching URLs, hashing content to detect changes, and using regex to extract dates—while including proactive security features like detecting punycode domains and sensitive keywords (e.g., 'private key'). The billing integration with skillpay.me in billing.py is transparently documented and optional, and no evidence of malicious execution or data exfiltration was found.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
A bad or accidental config could make the tool contact unwanted, non-HTTPS, or internal URLs.
The skill fetches whatever URL is placed in the user configuration. This is expected for a page monitor, but the sources should be trusted and scoped.
surl = src["url"]
try:
text = fetch_text(surl)Use official HTTPS announcement/docs URLs, avoid configs from untrusted parties, and consider an allowlist for production use.
If enabled, each invocation can affect a user's SkillPay balance and sends the resolved user ID, skill ID, and amount to the billing service.
When billing environment variables are set, the skill uses a SkillPay API key to call a charge endpoint before running the monitor.
HEADERS = {"X-API-Key": API_KEY, "Content-Type": "application/json"}
...
requests.post(f"{BILLING_URL}/charge", headers=HEADERS, json=payload, timeout=15)Enable billing only intentionally, keep the API key in environment variables, verify the price and user ID mapping, and rotate the key if exposed.
This is normal for simple Python tools, but reproducibility is weaker than with an exact version or lockfile.
The dependency is not fully pinned, so future installs may resolve to different package versions.
requests>=2.31.0
For stable or production use, pin exact dependency versions or generate a lockfile in your environment.
The state file may reveal which project URLs are being monitored if the working directory is shared or backed up.
The monitor persists local state to remember source URL hashes across runs.
def run_monitor(config_path: str, state_path: str = ".state/airdrop-monitor-state.json") ... save_json(state_file, state)
Protect or delete the .state directory if monitored project lists are sensitive.
Scheduled runs will continue making network requests and writing logs until the cron entry is removed; if billing variables are also present, scheduled invocations may bill repeatedly.
The documentation suggests a cron job that runs the monitor every 15 minutes. This is disclosed and purpose-aligned, but it is persistent once installed.
*/15 * * * * cd /path/to/skills/airdrop-monitor-cn && /path/to/.venv/bin/python app.py --config config.prod.json >> monitor.log 2>&1
Install the cron entry only if you want continuous monitoring, review the environment used by cron, and remove or disable it when monitoring is no longer needed.