Skill flagged — suspicious patterns detected
ClawHub Security flagged this skill as suspicious. Review the scan results before using.
Crypto Whale Tracker 加密货币鲸鱼追踪
v1.0.0追踪加密货币巨鲸动向、大额转账预警、交易所资金流向分析。 当你想追踪聪明钱的每一步,监测大户交易行为时使用此技能。 已接入 SkillPay,每次调用 0.01 USDT。
⭐ 0· 24·0 current·0 all-time
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
Capability signals
These labels describe what authority the skill may exercise. They are separate from suspicious or malicious moderation verdicts.
OpenClaw
Suspicious
high confidencePurpose & Capability
大多数脚本(whale_tracker, transfer_monitor, exchange_flow, holding_analyzer, alert_manager, monitor_daemon)一致且符合“鲸鱼监控/大额转账预警”描述。但存在计费集成(payment.py、_meta.json)与顶层 registry 要求不一致(登记信息显示“Required env vars: none”,而 _meta.json/README/payment.py 指出 SkillPay 集成与所需环境变量),这在功能上可解释为付费skill的正常部分,但实现和元数据不一致值得注意。
Instruction Scope
SKILL.md 说明了链上数据源与通知渠道(Telegram/Discord/Webhook),并未列出计费运行时细节或要求的环境变量。但代码(payment.py)在技能启动时执行扣费/查询余额的逻辑(verify_payment/require_payment),这会在未充分说明给用户的情况下触发网络请求和潜在扣费。脚本还会读取/写入本地配置和历史文件并向外部通知端点发送数据(这与监控目的相关但需用户知情授权)。
Install Mechanism
无 install spec;这是 instruction+包含脚本的包,未在安装时从外部不受信任 URL 下载或执行二进制,风险低。代码会被运行并可进行网络请求,但没有可疑下载/提取步骤。
Credentials
registry 顶部声明无必须的环境变量,但 code/README/_meta.json 却使用或建议多个 env 变量(TELEGRAM_BOT_TOKEN, TELEGRAM_CHAT_ID, DISCORD_WEBHOOK_URL, CUSTOM_WEBHOOK_URL, SKILLPAY_USER_ID, 以及 _meta.json 中声明的 SKILLPAY_API_KEY)。更严重的是 payment.py 内嵌硬编码的 BILLING_API_KEY(SkillPay 私钥样式字符串),这与最小权限和透明度不符:技能在没有向用户明确声明的情况下会尝试对用户计费并使用嵌入密钥与计费服务器通信。
Persistence & Privilege
技能会在本地写入配置/历史(alert_configs.json, alert_history.json, whale_monitor.log 等),这是与守护进程/监控功能相称的本地持久化。always=false 且未修改其他技能配置,权限请求合理。但注意:因技能可被模型自主调用(disable-model-invocation=false),在未经额外限制下可能被频繁调用并产生计费行为。
Scan Findings in Context
[hardcoded-api-key-in-payment.py] unexpected: payment.py contains a hardcoded BILLING_API_KEY value (starts with 'sk_...'). Embedding a billing/provider API key in code is a secret-management issue and not expected for a transparent skill; at minimum the key should be supplied via an environment variable and declared in metadata.
What to consider before installing
This skill's core monitoring code matches its description, but there are important red flags you should address before enabling it: 1) Billing behavior not transparent — the skill will attempt to charge via SkillPay on start (payment.py). Confirm who controls skillpay.me and the billing flow, and whether charges per call (0.01 USDT) are acceptable. 2) Hardcoded billing key — payment.py includes a baked-in API key; ask the author to remove embedded secrets and to rely on an environment variable (and declare it in registry metadata). 3) Metadata/manifest mismatch — registry top-level lists no required env vars, but code and README use Telegram/Discord/webhook env vars and _meta.json marks SKILLPAY_API_KEY/SKILLPAY_USER_ID required; request corrected metadata so you know what to provide. 4) Autonomous invocation risk — the skill can be invoked by the agent autonomously and could bill on each invocation; consider disabling autonomous invocation or limiting calls until billing is audited. 5) Operational considerations — the skill sends notifications to external endpoints and writes local logs/configs; ensure you're comfortable with that network I/O and local persistence. Recommended actions: do not install in a sensitive/prod environment until the author a) removes hardcoded keys, b) documents required env vars and billing behavior, and c) provides provenance (homepage/author contact). If you must test, run it in an isolated environment, monitor outgoing requests to skillpay.me and notification webhooks, and rotate any keys that may have been exposed.Like a lobster shell, security has layers — review code before you run it.
latestvk9787v633950ndhqvw7hszfrwx84kx3b
License
MIT-0
Free to use, modify, and redistribute. No attribution required.