ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Social Sentiment Monitor 社交舆情监控

v1.0.1

社交媒体舆情监控助手 - 实时监控Twitter、Reddit等平台的加密货币讨论、情绪分析和热点追踪。 当用户需要以下功能时触发此skill: (1) 监控特定代币或项目的社交媒体讨论热度 (2) 分析社区情绪变化(看涨/看跌/恐慌/FOMO) (3) 追踪KOL和大V的发言动向 (4) 发现 viral 内容...

0· 44·0 current·0 all-time
by@shenmeng
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
Capability signals
CryptoCan make purchases
These labels describe what authority the skill may exercise. They are separate from suspicious or malicious moderation verdicts.
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Suspicious
medium confidence
!
Purpose & Capability
The name/description promise real‑time monitoring of Twitter, Reddit, Telegram, Discord and KOL tracking. However, the majority of scripts generate simulated/mock data (random post generators, demo functions) rather than implementing real API integrations; the package has documentation describing real APIs but the runnable scripts do not require or use OAuth credentials. Additionally, the registry metadata/_meta.json declares SkillPay billing is required, but the skill's declared requirements list no environment variables or credentials—this is an incoherent combination (claims live monitoring + billing but no proportional credential declarations).
Instruction Scope
SKILL.md instructs you to run the included scripts and shows a config that references TELEGRAM_BOT_TOKEN, TELEGRAM_CHAT_ID, and DISCORD_WEBHOOK_URL, but the skill manifest required env vars list is empty. The scripts themselves read a config file and write logs (sentiment_monitor.log) but do not, in the provided code paths, perform broad system file reads or attempt to exfiltrate arbitrary files. The visible runtime behavior is limited to local file I/O, simulated data generation, and optional network calls from the billing module only.
Install Mechanism
No install spec is provided (instruction-only). There are no downloads from arbitrary URLs or package installers. The code is shipped with the skill and would run locally if executed; nothing in the install surface indicates hidden installers or remote code fetches.
!
Credentials
The skill documentation and config examples reference multiple service credentials (Twitter, Reddit, LunarCrush, Santiment, TELEGRAM_BOT_TOKEN, DISCORD_WEBHOOK_URL), but the registry reports no required env vars. Worse, billing is enforced via payment.py which hardcodes a long BILLING_API_KEY and contacts https://skillpay.me; that API key in source code is unexpected and gives the author/publisher potential control over billing calls. Asking for notification/webhook tokens is plausible for notifications, but the lack of explicit required env declarations and the embedded billing secret are disproportionate and inconsistent with the stated purpose.
Persistence & Privilege
The skill is not marked always:true and does not request system‑wide configuration changes. The daemon writes its own log file and may create a config YAML; otherwise it does not request elevated system privileges. The main concern is not persistence but the billing integration which can call an external service at runtime.
Scan Findings in Context
[hardcoded-secret-in-source] unexpected: payment.py contains a hardcoded BILLING_API_KEY value and a SKILL_ID. Embedding a long API key in source is unexpected for a social sentiment tool and is not justified by the skill's description; this key is used to call the external billing endpoint. This increases risk that the skill will perform network billing operations without clear local controls.
What to consider before installing
Key things to consider before installing or running this skill: - Billing and hidden charges: The skill advertises pay‑per‑call billing and includes payment code that contacts skillpay.me. The code contains a hardcoded billing API key in payment.py. This could enable remote billing/charge operations; do not run this on an account or machine you cannot revoke access to. Ask the publisher how payments are enforced, whether the hardcoded key is theirs or leaked, and whether you can opt out. - Incoherent capability: Despite claiming live monitoring of Twitter/Reddit/Telegram/Discord, the provided scripts largely generate simulated data and demos. If you expect real data, verify which modules actually call real APIs and whether you must supply OAuth keys—do not assume real integrations are present just because the docs show API examples. - Missing declared env vars: The skill's manifest lists no required environment variables, but config examples reference many credentials (Twitter, Reddit, LunarCrush, Santiment, TELEGRAM_BOT_TOKEN, DISCORD_WEBHOOK_URL). Treat that as a red flag: confirm required env vars before running, and never put real production credentials into untrusted code. - Run in a sandbox first: If you still want to test it, run the skill in an isolated environment (container/VM) with no sensitive credentials, and monitor network traffic to see what external endpoints it contacts (especially skillpay.me). - Code hygiene: Prefer vendors that require API keys via environment variables (not hardcoded), document exact billing behaviour, and provide a verifiable homepage/source. If you plan to use it in production, request the publisher remove any embedded secrets, add explicit required env declarations, and clarify whether the scripts will hit real social APIs or only simulate data. If you are unsure or the publisher cannot explain the hardcoded key and billing flow, do not install or run this skill with real credentials or on sensitive systems.

Like a lobster shell, security has layers — review code before you run it.

latestvk9769abrk1cazpbgz7hjzk0d8984a43j

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments