币安撸毛助手 By:0x_WanG
PassAudited by VirusTotal on May 11, 2026.
Overview
Type: OpenClaw Skill Name: binance-earning-assistant Version: 1.0.10 The 'binance-earning-assistant' skill is designed to fetch and summarize promotional activities and airdrop information from Binance's official API and alpha123.uk. The code uses standard Python libraries (requests, re, datetime) to parse activity details, extract deadlines, and format a summary table for the user. It correctly handles environment variables for workspace paths and proxy settings, and a review of the logic shows no signs of data exfiltration, unauthorized execution, or malicious prompt injection.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Running the skill may contact Binance and alpha123.uk, revealing normal connection metadata such as IP address and request timing.
The skill makes outbound HTTP requests to a third-party airdrop site, which is expected for its stated activity-monitoring purpose but is still a network behavior users should notice.
url = "https://alpha123.uk/zh/" ... requests.get(url, headers=headers, timeout=10)
Use it only if you are comfortable with those public data sources being contacted, and verify financial or airdrop information against official pages before acting.
Users have less independent context for verifying who maintains the skill or where updates originate.
The registry metadata does not provide an external source repository or homepage, which limits provenance checking even though the included code is purpose-aligned.
Source: unknown Homepage: none
Prefer installing from a trusted registry account, review updates carefully, and use a controlled Python environment for dependencies such as requests.
Saved reports may persist after use and could become stale if Binance or third-party activity information changes.
The skill stores generated Markdown exports persistently under the workspace; this is disclosed and appears limited to public activity reports.
persistence: - 创建 ~/.openclaw/workspace/.binance_earning 目录 - 存储导出文件 (exports/*.md)
Review or delete exported files when no longer needed, and treat saved activity reports as informational rather than authoritative.
A user might over-trust the package based on its own safety claims.
The package includes a self-authored security-fix report claiming safety compliance; this is not evidence of independent approval by itself.
技能现在符合 Clawhub 安全标准,可以安全上传和分发。
Treat the fix report as developer documentation only, and rely on the registry review, visible source, and your own risk tolerance.