ClawHub

Near Airdrop Hunter

v1.0.0

Discover NEAR airdrops, check eligibility, claim rewards, and track claimed airdrops across multiple platforms.

0· 931·0 current·0 all-time
by@shaiss
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
The name/description promise discovery, eligibility checking, claiming, and tracking. The code and README implement discovery (listing known airdrop endpoints) and local tracking, but do not perform automated API eligibility queries or wallet signing/claiming — instead they print URLs and instruct the user to complete checks/claims manually. This is coherent but the skill overpromises automation.
Instruction Scope
SKILL.md commands map directly to the CLI implemented in scripts/airdrop.js. Instructions reference only the declared tracking path and public NEAR ecosystem URLs; they do not ask the agent to read unrelated files or exfiltrate data.
Install Mechanism
No install spec is provided (instruction-only). The package contains a small script and README but does not download or execute external archives or installers.
Credentials
The skill requests no environment variables, credentials, or config paths. Wallet signing and credentials are explicitly left to the user; nothing in the package attempts to capture secrets.
Persistence & Privilege
The script stores tracking data in a plain file at ~/.near-airdrop/tracking.json. This is local persistence only (no network exfiltration). Users should be aware that account IDs and timestamps will be stored in plaintext in their home directory.
Assessment
This skill is lightweight and not actively malicious, but it does not actually automate eligibility API calls or wallet signing/claiming — it prints check/claim URLs and records actions locally. Before installing: 1) understand you will need to complete eligibility checks and claims yourself (wallet signing, visiting the claim URL); 2) inspect ~/.near-airdrop/tracking.json if you care about privacy (it stores account IDs/timestamps in plaintext); 3) verify the claim/check URLs independently (visit official project sites) before using them; 4) if you prefer, run the skill in a restricted environment or review the script source (scripts/airdrop.js is small and readable) before granting broader access.

Like a lobster shell, security has layers — review code before you run it.

latestvk973rv7ywcd6kdqmzbzd6pst2180rthb

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments