Aave Liquidation Monitor
v1.0.1Proactive monitoring of Aave V3 borrow positions with liquidation alerts. Queries user collateral, debt, and health factor across chains (Ethereum, Polygon, Arbitrum, etc.). Sends urgent alerts to Telegram/Discord/Slack when health factor drops below configurable thresholds (critical at 1.05, warning at 1.2). Use when you need continuous monitoring of Aave positions, want alerts before liquidation risk occurs, or need periodic summaries of your borrowing health.
⭐ 0· 1.3k·4 current·4 all-time
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Suspicious
medium confidencePurpose & Capability
Name, description, docs and code align: the code queries Aave public GraphQL endpoints, computes health factor and formats alerts for routing via OpenClaw. No unrelated services, binaries, or credentials are requested in the manifest.
Instruction Scope
SKILL.md and SECURITY.md state 'no sensitive logging' and that OpenClaw handles messaging. However, monitor.js (when run directly) prints the full formatted alert (position details) to console, and cron-runner.js returns the formatted message as well. If OpenClaw captures console output or stores session history, detailed position data could be recorded/logged contrary to the 'no sensitive logging' claim. The instructions also assume OpenClaw will route messages (this is expected) but rely on OpenClaw for secure credential handling; verify OpenClaw's routing and log retention policies.
Install Mechanism
No install spec provided (instruction-only skill with included scripts). No remote downloads or unusual install steps in the repo. The package is distributed as code files—reviewing them locally suffices. This is low install-risk compared to fetching remote executables.
Credentials
No environment variables, API keys, or private keys are requested. The only persistent data is a wallet address stored in OpenClaw prefs (documented). Requested config and runtime access (cron scheduling, OpenClaw messaging) are appropriate for the stated purpose.
Persistence & Privilege
The skill registers cron jobs via OpenClaw's scheduler to run periodically — expected for a monitor. always:false. The scheduler payload uses agentTurn/sessionTarget semantics; nothing in the code modifies other skills or system-wide config. Because cron jobs execute automatically, confirm you are comfortable with background checks and that OpenClaw enforces least privilege for scheduled runs.
What to consider before installing
This skill appears to do what it says (read-only Aave monitoring), but review two things before installing:
1) Logging behavior: SKILL.md/SECURITY.md claim sensitive data and full API responses are not logged. The code prints the full formatted alert message to console in monitor.js (used for manual runs) and cron-runner returns the same message for OpenClaw to route. If OpenClaw captures console output or persists session history, position details may be stored. Confirm OpenClaw's log retention, where console output is recorded, and whether session history is private.
2) Operational assumptions: the skill depends on OpenClaw for secure messaging tokens and cron scheduling. Ensure your OpenClaw instance and messaging integrations (Telegram/Discord/Slack) are configured securely and use a read-only address for monitoring (as recommended).
Other notes: the code is otherwise consistent with the docs and uses only Aave's public GraphQL API. If you plan to use it, run a manual /aave-monitor check first, inspect the returned message and OpenClaw logs, and consider auditing the included monitor.js to confirm no additional network calls or logging paths were added in future versions.Like a lobster shell, security has layers — review code before you run it.
aavevk977zg3390spkes6pm0q51gmsh80yf1balertsvk977zg3390spkes6pm0q51gmsh80yf1bdefivk977zg3390spkes6pm0q51gmsh80yf1blatestvk977zg3390spkes6pm0q51gmsh80yf1bliquidationvk977zg3390spkes6pm0q51gmsh80yf1bmonitoringvk977zg3390spkes6pm0q51gmsh80yf1b
License
MIT-0
Free to use, modify, and redistribute. No attribution required.