Settlement Predictor
v1.3.1Real-time on-chain settlement predictor for Ethereum, Bitcoin, Arbitrum, Optimism, Base & Polygon. Live gas tiers, mempool analysis, sandwich risk detection,...
⭐ 0· 101·0 current·0 all-time
byEthan@ethanwuqi-lang
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Benign
medium confidencePurpose & Capability
Name/description, CLI examples, optional ETHERSCAN/TENDERLY keys, and the Python code all align: the tool fetches chain data, analyzes mempool/fees, predicts settlement, and optionally uses Etherscan/Tenderly. Requested/declared resources (no required env vars, optional API keys) are appropriate for this functionality.
Instruction Scope
SKILL.md instructs running the included Python CLI which performs network calls to public RPC endpoints, mempool.space, and (optionally) Etherscan/Tenderly. This is expected for the stated purpose, but the agent will contact third‑party services and may transmit transaction hashes, addresses, and mempool queries as part of normal operation.
Install Mechanism
No install spec is provided (instruction-only + bundled Python file). Dependencies are minimal (web3, requests). No remote downloads or execution of third‑party install scripts are present in the manifest.
Credentials
Only optional ETHERSCAN_API_KEY and TENDERLY_API_KEY are declared and documented; these map to features that legitimately require them (contract verification, simulation). No unrelated credentials are requested.
Persistence & Privilege
The skill creates local cache files under ~/.cache/settlement-predictor and uses a SQLite DB (DB path visible in code). That is reasonable for maintaining gas history, but the manifest's declared persistence path (~/.cache/settlement-predictor/gas-history.json) does not match the code's DB filename (~/.cache/settlement-predictor/gas_history.db) — an internal inconsistency. Local caches can contain query history (addresses, tx hashes) so users should be aware and may wish to audit or delete them.
Assessment
This skill appears coherent with its stated purpose, but before installing or running it consider: 1) Network privacy — the tool uses public RPC endpoints (e.g., https://eth.llamarpc.com), mempool.space, and optional Etherscan/Tenderly APIs; queries you run (addresses, tx hashes, mempool scans) will be sent to those services. If you need privacy, replace endpoints with your own node or a trusted provider. 2) Local storage — it writes a cache/SQLite DB under ~/.cache/settlement-predictor (which can contain addresses/txs); inspect and remove the files if you don't want history retained. 3) Optional API keys — only provide ETHERSCAN_API_KEY or TENDERLY_API_KEY if you understand the privileges; don't export private keys to this environment. 4) Code review — the full Python file is bundled; if you have sensitive workflows, scan the code or run in an isolated/containerized environment. 5) Metadata mismatch — the manifest mentions gas-history.json while the code uses gas_history.db; this is likely harmless but shows the package hasn't been perfectly synchronized. If any of the above concerns are unacceptable, run the tool with your own RPC/mempool endpoints or avoid installing.Like a lobster shell, security has layers — review code before you run it.
latestvk9775nwsjmttmtb38p0xf17drs83yv9v
License
MIT-0
Free to use, modify, and redistribute. No attribution required.