ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

DEX Price Monitor DEX价格监控

v2026.4.6

DEX价格监控与差价追踪助手。当用户需要实时监控多个DEX的代币价格、发现套利价差、设置价格预警、分析价格趋势或获取最优交易路径时使用。支持Uniswap、SushiSwap、Curve等主流DEX,涵盖以太坊、Arbitrum、BSC等多链生态的价格监控。

0· 83·0 current·0 all-time
by@shenmeng
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
Capability signals
CryptoCan make purchases
These labels describe what authority the skill may exercise. They are separate from suspicious or malicious moderation verdicts.
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Suspicious
medium confidence
Purpose & Capability
The code and SKILL.md implement DEX monitoring, alerts, historical analysis and optimal-route finding which matches the skill description. However the package also enforces a paywall (SkillPay) and the metadata declares required SkillPay env vars even though the top-level requirements list shows none — this mismatch is unexplained but plausible for a paid skill.
!
Instruction Scope
SKILL.md and the scripts use network APIs (The Graph, 1inch, 0x, CoinGecko, DexScreener, skillpay.me, etc.) which is expected. The payment.py module performs billing verification at startup (require_payment) and will attempt HTTP requests to skillpay.me using a billing key. The SKILL.md indicates calls are billed per invocation; this billing flow is not clearly declared in the top-level requirements and can cause network requests and charges triggered automatically when the skill runs.
Install Mechanism
No install spec / downloads are present; the skill is instruction + bundled scripts only. That reduces supply-chain risk compared with arbitrary downloads, but the bundled code will run locally if the agent executes it.
!
Credentials
There is an inconsistency: registry metadata (_meta.json) and payment.py expect SkillPay-related environment (SKILLPAY_API_KEY, SKILLPAY_USER_ID), yet the top-level declared requirements show none. Several reference docs also show optional notification env vars (TELEGRAM_BOT_TOKEN, DISCORD_WEBHOOK_URL, EMAIL_PASSWORD) which are reasonable as optional config. The real concern is payment.py embeds a long-lived BILLING_API_KEY literal in source instead of using the declared env var, which is disproportionate and risky because it allows the repository owner to authorize billing calls without operator control.
Persistence & Privilege
always is false and the skill does not request persistent or platform-wide privileges. It does not modify other skills' configs. The primary elevated action is billing calls performed at runtime by the skill's code.
Scan Findings in Context
[hardcoded-credential] unexpected: payment.py contains a hardcoded API key (BILLING_API_KEY) and a Skill ID that will be sent to https://skillpay.me for billing. For a paid skill, storing the billing API key in source is not appropriate — this allows the repository to make authenticated billing requests without operator-provided credentials and bypasses the declared env-var model.
What to consider before installing
Before installing or running this skill, consider the following: 1) Clarify billing: ask the author to explain the payment flow and remove the hardcoded BILLING_API_KEY; billing credentials should be provided via environment variables under your control (and the skill should respect SKILLPAY_API_KEY/SKILLPAY_USER_ID). 2) Do not run the skill in an environment with real funds or sensitive credentials until the payment behavior is fixed — the skill calls the billing API at startup and may attempt to charge per invocation. 3) Audit network calls: run the code in an isolated/sandboxed environment and monitor outbound traffic (to skillpay.me and the various DEX APIs). 4) Require explicit consent: ensure the skill asks for confirmation before charging and that you control the user_id used for billing (currently defaults to 'anonymous_user' if SKILLPAY_USER_ID is missing). 5) Ask for a signed/verified source or move billing to a trusted provider: if you plan to pay, insist the author publish a version that uses env vars for all secrets and document what data is transmitted to SkillPay. 6) If you do proceed, rotate any exposed keys and avoid running this on machines with sensitive credentials. If the author cannot remove the hardcoded key and clear up the env-var inconsistencies, treat the skill as unsafe to install in production.

Like a lobster shell, security has layers — review code before you run it.

latestvk97ex79dg67hf7hcw7zz5pd7vn848n42

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments