ClawHub

Alchemy Web3

v1.0.3

Interact with Alchemy's Web3 APIs for blockchain data, NFTs, tokens, transfers, and webhooks across 80+ chains.

0· 984·6 current·6 all-time
byGizmolab@gizmo-dev
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
Name/description match the requested resources and code: the skill only needs an ALCHEMY_API_KEY and its scripts call Alchemy endpoints (node, NFT, token, transfers). Requiring the Alchemy API key is expected for this functionality.
Instruction Scope
Runtime instructions read ~/.openclaw/.env and write data under the OpenClaw workspace (e.g., ~/.openclaw/workspace/data) which is consistent with agent workflows. The SKILL.md and scripts reference cron/job examples, alerts to Telegram/Discord (placeholders), and some shell tools (curl, jq, bc) — those are normal for a CLI skill but the binary dependencies are not declared in metadata.
Install Mechanism
No external install/downloads or remote installers are used; this is an instruction-only skill with an included shell script. Nothing is fetched from arbitrary URLs or shorteners during install.
Credentials
Only ALCHEMY_API_KEY (plus an optional ALCHEMY_CHAIN) is requested. That is proportional to calling Alchemy APIs. The skill does ask users to store the key in ~/.openclaw/.env — expected for local CLI usage.
Persistence & Privilege
always:false and default autonomous invocation are standard. The skill stores output and examples under the agent workspace, but it does not request system-wide privileges, modify other skills, or demand permanent 'always' inclusion.
Assessment
This skill appears to do what it says: call Alchemy APIs. Before installing: 1) Only provide an Alchemy API key (do not upload other credentials). Consider creating a key with minimal permissions or monitoring usage in your Alchemy dashboard. 2) The scripts use common CLI tools (curl, jq, bc); ensure those are installed and review the scripts if you will run cron jobs or automated agents. 3) The skill writes data to ~/.openclaw/workspace/data and suggests cron/alerts — review those cron workflows and alert integrations (Telegram/Discord) before enabling automation. 4) If you want stronger safety, keep agent autonomous invocation restricted or review any automations that could invoke transactions (eth_sendRawTransaction) — this skill includes JSON-RPC examples that could send signed transactions if you supply signed payloads, so never expose private keys to the skill. Overall the package is coherent and consistent with its purpose.

Like a lobster shell, security has layers — review code before you run it.

latestvk970v6dzn1ktp4v5bxwsfhtq15816y0s

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Runtime requirements

EnvALCHEMY_API_KEY

Comments