Skill flagged — suspicious patterns detected
ClawHub Security flagged this skill as suspicious. Review the scan results before using.
Agent Cashflow
v1.0.0Track real revenue for ClawHub skill publishers — installs, downloads, stars, and ETH wallet balance pulled from live APIs. No fabricated numbers. Use when y...
⭐ 0· 34·0 current·0 all-time
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
Capability signals
These labels describe what authority the skill may exercise. They are separate from suspicious or malicious moderation verdicts.
OpenClaw
Suspicious
high confidencePurpose & Capability
The skill's stated purpose (pull ClawHub stats and optional ETH balances) matches the runtime instructions: it uses the clawhub CLI and public RPC/CoinGecko calls. However the README claims "Does not store or transmit your wallet address to any third party," which is incorrect: the provided code posts the wallet address to third‑party RPC endpoints (llamarpc.com, ankr.com) and optionally to Etherscan. That contradiction is meaningful for privacy.
Instruction Scope
Instructions are specific and executable (subprocess call to `clawhub inspect`, HTTP calls to RPC/CoinGecko). Concerns: (1) the cron example asks to "Send results to Telegram and memory," which will transmit potentially sensitive financial info to external systems or persistent agent memory though no Telegram credentials or memory policy are described; (2) the doc lists Etherscan as an optional source but the included Python snippet does not call Etherscan (inconsistency); (3) the skill suggests gaming metrics ("Star your own skills from multiple accounts"), which is advice that can violate platform rules.
Install Mechanism
Instruction-only skill with no install spec or code files to write to disk — lowest install risk. It does require the user to have the `clawhub` CLI available and authenticated.
Credentials
The skill declares no required env vars and only optional ETH_WALLET / ETHERSCAN_API_KEY, which is proportionate. But the documentation's privacy claims are inconsistent with behavior: using public RPCs will transmit the provided wallet address to third parties. The cron example also implies sending reports to external channels (Telegram) and agent memory, which would require credentials or platform integration not described here.
Persistence & Privilege
The skill does not request elevated installation privileges and is not always-enabled, but the examples instruct adding it to scheduled jobs that push results into persistent agent memory and external messaging (Telegram). Persisting raw financial/cashflow data into agent memory or external channels increases privacy risk and should be explicitly configured and reviewed before enabling.
What to consider before installing
This skill is mostly what it says: it pulls ClawHub stats and public ETH balances. Before you install or schedule it, check these things: 1) Authentication: `clawhub` must be installed and authenticated — that CLI has access to your ClawHub account, so confirm you trust it. 2) Wallet privacy: the script sends the wallet address to third‑party RPC endpoints (llamarpc.com, ankr.com) and optionally to Etherscan — the README's claim that it "does not transmit your wallet address" is incorrect. If you care about privacy, use a trusted node or run your own RPC, or omit ETH tracking. 3) Data exfiltration: the cron example tells the agent to send results to Telegram and to agent memory; ensure any integrations (Telegram bots/webhooks, agent memory) are configured securely and you understand where the data will be stored/transmitted. 4) Inconsistencies: the doc mentions Etherscan but the code does not use it; consider reviewing/adjusting the script to match your intended data sources. 5) Platform rules: the guidance to "star your own skills from multiple accounts" is a questionable growth tactic and may violate platform terms. If you want to proceed, run the script locally first, verify exactly what network calls it makes, and avoid scheduling automatic pushes to external channels until you confirm the destination and credentials.Like a lobster shell, security has layers — review code before you run it.
latestvk974jrwtz934h4av2yd4v8sfn584sdt8
License
MIT-0
Free to use, modify, and redistribute. No attribution required.