Security Scan
OpenClaw
Suspicious
medium confidencePurpose & Capability
The skill's stated purpose (on-chain monitoring and summarization) is coherent with the code: it calls Etherscan and an LLM to generate summaries. However the registry metadata lists no required environment variables or credentials, while README and source require ETHERSCAN_API_KEY and one of several LLM API keys (GROQ_API_KEY, ANTHROPIC_API_KEY, GOOGLE_API_KEY). The package.json also includes LLM SDKs (anthropic/openai). The missing declared env vars and credentials are an inconsistency: a legitimate onchain monitor would need an Etherscan API key and an LLM API key, so the metadata omission is misleading.
Instruction Scope
SKILL.md only shows a brief usage payload and high-level description and does not mention that the agent will load a local .env and send address/transaction summaries to third-party LLM APIs. The code explicitly reads .env (dotenv.config with project path) and then sends composed system/user prompts containing the target address and transaction summary to external LLM endpoints. Sending address and activity data to external LLMs is consistent with the stated feature (summary) but SKILL.md fails to disclose that behavior and the .env access.
Install Mechanism
Registry metadata says 'No install spec — instruction-only', but the package includes package.json, package-lock.json, and a TypeScript codebase that requires an npm install/build (README instructs `npm install` and `npm start`). This mismatch means the skill will likely require installing third-party npm packages to run, yet no install step or provenance for those installs was declared—raising supply-chain and transparency concerns.
Credentials
The registry reported no required env vars, but the code/README expect ETHERSCAN_API_KEY and at least one LLM API key (GROQ_API_KEY by default, with optional ANTHROPIC_API_KEY or GOOGLE_API_KEY if configured). Requiring multiple provider API keys is plausible for an LLM-backed agent, but the omission from metadata is a transparency problem. Additionally, the LLMFactory will default to Groq and throw if GROQ_API_KEY is missing, so missing keys may break execution. The skill loads .env files from its code, which can expose sensitive variables from that file if present—this side-effect isn't documented in SKILL.md.
Persistence & Privilege
The skill does not request 'always: true' and does not modify other skills or system settings. It reads its own .env and uses network calls to APIs, but it does not appear to request elevated or persistent platform privileges beyond normal operation.
Scan Findings in Context
[system-prompt-override] unexpected: A pre-scan flagged 'system-prompt-override' in SKILL.md. The provided SKILL.md content appears to be a normal YAML header and usage text in Korean; there is no obvious attempt to override the platform system prompt. This may be a false positive, but because prompt-injection patterns were detected you should be cautious when running the skill's LLM prompts. The finding remains relevant because the skill actually constructs system/user prompts and sends them to external LLMs.
What to consider before installing
This skill contains a full TypeScript implementation but the registry claims 'instruction-only' and lists no required credentials—that mismatch is the main red flag. Before installing or running it: 1) Expect to run `npm install` / build; do this in an isolated environment (container) rather than on a production host. 2) Review or provide only scoped API keys: ETHERSCAN_API_KEY (required for real data) and a single LLM key (GROQ_API_KEY or ANTHROPIC_API_KEY or GOOGLE_API_KEY). Avoid reusing high-privilege keys. 3) Note the code loads a .env file from the package; ensure it won't accidentally read sensitive host-level .env files. 4) Be aware transaction data and addresses will be sent to third-party LLM endpoints—if privacy is a concern, don't provide sensitive addresses or run with mock mode (omit ETHERSCAN_API_KEY). 5) Ask the publisher for corrected metadata (declare required env vars and an install spec) or request a packaged release from a known homepage/source before trusting the skill. If you want, I can list the exact lines that read env vars and call external APIs to help you audit them.Like a lobster shell, security has layers — review code before you run it.
latest
🔗 OnchainWatch Agent
Etherscan API를 활용하여 특정 지갑의 잔액, 트랜잭션, 토큰 이동을 추적하고 리스크를 탐지합니다.
Features
- 자산 추적: ETH 잔액 및 ERC-20 토큰 이동 내역 조회
- 리스크 탐지: 고액 송금, 이상 빈도 거래 등 자동 감지
- 요약 리포트: 온체인 데이터를 이해하기 쉬운 마크다운으로 요약
Usage
ACP Job Payload:
{
"address": "0xd8dA6BF26964aF9D7eEd9e03E53415D37aA96045",
"chain": "ethereum"
}
Comments
Loading comments...