Skill flagged — suspicious patterns detected
ClawHub Security flagged this skill as suspicious. Review the scan results before using.
Whale Alert Monitor 大户监控
v1.1.0虚拟币大户账户预警监测助手 - 实时监控鲸鱼钱包动向、大额转账、交易所资金流向。 当用户需要以下功能时触发此skill: (1) 监控特定大户/鲸鱼钱包的交易活动 (2) 追踪大额资金流入/流出交易所 (3) 设置自定义阈值的大额转账预警 (4) 分析鲸鱼持仓变化和积累/派发模式 (5) 接收Telegram/D...
⭐ 0· 29·0 current·0 all-time
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
Capability signals
These labels describe what authority the skill may exercise. They are separate from suspicious or malicious moderation verdicts.
OpenClaw
Suspicious
medium confidencePurpose & Capability
The name/description align with the included scripts (wallet tracking, transfer monitoring, exchange flow, holding analysis, alerts). However metadata/_meta.json declares a SkillPay billing integration and required SKILLPAY_* env vars while the skill's top-level manifest claims no required env vars — an inconsistency. The presence of payment.py and billing logic is plausible for a paid skill, but it is not reflected in the declared requirements.
Instruction Scope
SKILL.md instructs running the included scripts which call external APIs (Etherscan/Alchemy/Moralis) and send notifications to Telegram/Discord/webhooks — behavior consistent with the purpose. But the SKILL.md and top-level manifest do not declare the environment variables the code actually reads (TELEGRAM_BOT_TOKEN, TELEGRAM_CHAT_ID, DISCORD_WEBHOOK_URL, CUSTOM_WEBHOOK_URL, SKILLPAY_USER_ID). The README and references expect API keys for external data providers but the skill did not declare them as required. The instructions also mention a per-call charge and ask users to ensure balance, which implies payment checks at runtime; that broadens the runtime surface and should be explicit.
Install Mechanism
There is no install spec (instruction-only) which minimizes install-time risk. However, the skill bundle includes multiple executable Python scripts that will be present on disk when the skill is installed/used; no packaging or sandboxing is described. No external binary downloads or obscure URLs are used. This is moderate‑risk only insofar as the code will execute network calls when run.
Credentials
Despite the manifest claiming no required env vars, the code reads several sensitive environment variables (TELEGRAM_BOT_TOKEN, TELEGRAM_CHAT_ID, DISCORD_WEBHOOK_URL, CUSTOM_WEBHOOK_URL, SKILLPAY_USER_ID). Worse, payment.py contains a hard-coded billing API key (BILLING_API_KEY) instead of using the SKILLPAY_API_KEY env var referenced in _meta.json. Embedding a long-lived API key in code is a significant red flag and not proportional to the monitoring functionality.
Persistence & Privilege
always:false and no system-level privileges are requested. The skill writes local files (alert_configs.json, alert_history.json, whale_monitor.log, config.yaml) and runs as a daemon if used; that is consistent with its monitoring purpose. It does not modify other skills or system-wide agent settings. Autonomous invocation is allowed by default but not exceptional here.
Scan Findings in Context
[hardcoded-billing-api-key] unexpected: payment.py contains a long hard-coded BILLING_API_KEY value. A billing integration should accept provider credentials from environment/config, not embed a secret in source.
[undeclared-env-vars-used] unexpected: The code uses TELEGRAM_BOT_TOKEN, TELEGRAM_CHAT_ID, DISCORD_WEBHOOK_URL, CUSTOM_WEBHOOK_URL, and SKILLPAY_USER_ID, but the skill manifest declared no required environment variables. Notification and billing env vars should be declared explicitly.
[billing-behavior] expected: The skill implements pay-per-call behavior (SkillPay) in payment.py and _meta.json. Billing is a plausible feature for a paid skill, but it must be clearly declared and avoid embedding secrets.
What to consider before installing
This skill appears to implement the advertised whale-monitoring features, but there are important red flags you should address before using it:
- Embedded secret: payment.py contains a hard-coded billing API key. Do NOT run this code until the author removes embedded secrets and requires credentials via environment variables or a secure vault. Embedded keys can be used by the publisher (or anyone with the code) to impersonate the billing service or to authorize unexpected charges.
- Undeclared env vars: The skill reads TELEGRAM_BOT_TOKEN, TELEGRAM_CHAT_ID, DISCORD_WEBHOOK_URL, CUSTOM_WEBHOOK_URL, and SKILLPAY_USER_ID but the skill metadata declared none. Confirm which environment variables are actually required and only populate tokens you trust.
- Billing behavior: _meta.json marks SkillPay as required and SKILL.md states a per-call fee. Verify the legitimacy of the billing provider (skillpay.me), confirm pricing/authorization flow, and ensure the skill will not charge you unexpectedly. Prefer an implementation that requires explicit user consent and uses your own billing credentials (not an embedded key).
- Network/data flow: The scripts call third-party APIs (Etherscan/Alchemy/Moralis) and send notifications externally. If you care about privacy, only provide API keys for services you control and review webhook endpoints (CUSTOM_WEBHOOK_URL) to avoid leaking monitored addresses to unknown receivers.
- Recommended actions before installing: ask the publisher to (1) remove hard-coded keys, (2) list all required environment variables and configuration fields in the manifest, (3) document billing flow and how to provide SKILLPAY credentials securely, and (4) provide a reproducible way to run the code locally for audit (or open-source their billing backend). If the publisher cannot or will not fix these issues, treat the skill as untrusted and avoid running it with real credentials or in high-privilege environments.Like a lobster shell, security has layers — review code before you run it.
latestvk97e6gcd46d215spfbjv0zczxd849twd
License
MIT-0
Free to use, modify, and redistribute. No attribution required.
Runtime requirements
🐋 Clawdis