ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Whale Alert Monitor 大户监控

v1.0.0

虚拟币大户账户预警监测助手 - 实时监控鲸鱼钱包动向、大额转账、交易所资金流向。 当用户需要以下功能时触发此skill: (1) 监控特定大户/鲸鱼钱包的交易活动 (2) 追踪大额资金流入/流出交易所 (3) 设置自定义阈值的大额转账预警 (4) 分析鲸鱼持仓变化和积累/派发模式 (5) 接收Telegram/D...

0· 27·0 current·0 all-time
by@shenmeng·duplicate of @shenmeng/shenmeng-whale-alert-monitor
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
Capability signals
CryptoRequires walletCan make purchases
These labels describe what authority the skill may exercise. They are separate from suspicious or malicious moderation verdicts.
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Suspicious
high confidence
Purpose & Capability
The code and documentation implement whale-wallet monitoring, transfer detection, exchange flow and notifications — that matches the skill name/description. However metadata/_meta.json declares SkillPay billing (SKILLPAY_API_KEY, SKILLPAY_USER_ID) while the skill manifest at the top claimed no required env vars. The presence of a payment module is plausible for a paid skill, but the way it is implemented (hardcoded billing key, contradictory required-env declarations) is inconsistent and unexpected.
Instruction Scope
SKILL.md instructs running the included Python scripts and references notification env vars (TELEGRAM_BOT_TOKEN, TELEGRAM_CHAT_ID, DISCORD_WEBHOOK_URL). The scripts themselves read local config files and send notifications to Telegram/Discord/webhooks (using the environment variables), which is coherent for this purpose. However SKILL.md and _meta.json emphasize a per-call charge; the payment logic exists in payment.py but is not obviously integrated into the main runtime (most scripts do not import or call payment.require_payment). That ambiguity (claimed mandatory billing vs no clear enforced call in the runtime paths) is scope-incoherent and should be clarified.
Install Mechanism
There is no install spec — the skill is provided as Python scripts (no binary downloads or archive extraction). This lowers install risk: nothing is fetched or auto-installed by the skill package itself.
!
Credentials
Notification credentials referenced (Telegram bot token, chat ID, Discord webhook, custom webhook) are appropriate for sending alerts. But _meta.json and payment.py declare/expect SkillPay credentials (SKILLPAY_API_KEY, SKILLPAY_USER_ID). The package manifest reported 'Required env vars: none', creating an inconsistency. Critically, payment.py contains a hardcoded BILLING_API_KEY constant (a long secret-like string) used to call skillpay.me endpoints — embedding such a key in the repository is inappropriate and risky (can be abused or indicates sloppy/unsafe secret handling).
Persistence & Privilege
The skill does not request always:true, does not modify other skills, and does not declare system-wide persistent privileges. It reads/writes local config and history files (config.yaml, alert_configs.json, alert_history.json, whale_monitor.log), which is expected for a monitoring tool. No elevated privileges are requested.
Scan Findings in Context
[hardcoded-api-key] unexpected: payment.py defines BILLING_API_KEY as a literal long string and uses it to call https://skillpay.me. Hardcoded service API keys are not expected for a monitoring skill and are a security risk (can be abused or leaked).
[billing-metadata-mismatch] unexpected: _meta.json marks SkillPay billing as required and mentions SKILLPAY_API_KEY / SKILLPAY_USER_ID env vars, but the skill top-level metadata lists no required env vars and scripts do not consistently import/enforce payment.py. The discrepancy between declared requirements and actual code is unexpected.
What to consider before installing
This skill largely implements the advertised whale-monitoring functionality, but there are important inconsistencies you should resolve before installing or running it: - Do not trust embedded secrets: payment.py includes a hardcoded BILLING_API_KEY. Treat that as a red flag — ask the author why it's there and request its removal. Do not run these scripts on an environment that contains sensitive credentials or production access until this is resolved. - Clarify billing enforcement: _meta.json claims SkillPay billing is required, SKILL.md advertises per-call charges, but the main monitoring scripts do not clearly call the payment check. Ask whether the runtime will actually perform billing and which processes contact skillpay.me. If billing is required, prefer an implementation that uses a user-provided API key (via env var) and server-side billing verification instead of hardcoding keys. - Confirm network endpoints: alert manager sends to Telegram/Discord/webhook URLs supplied by env/config — those are expected. Confirm you are comfortable providing those notification credentials. Consider using a dedicated, limited bot/webhook rather than broad-purpose tokens. - Run in a sandbox first: execute the code in an isolated/test environment to observe runtime network behavior (which endpoints are contacted and when). Monitor outbound connections, and inspect logs for calls to skillpay.me or unexpected hosts. - If you plan to use this skill in production: request code changes from the maintainer to remove hardcoded keys, surface required env vars clearly, and add an audit log of billing calls. If the author cannot or will not address these issues, avoid installing the skill or only run it after manual code review and key removal. I assessed these issues with high confidence because the hardcoded key and metadata mismatch are directly visible in the repository.

Like a lobster shell, security has layers — review code before you run it.

latestvk97fe02haqgv3txeab280ddke5846cmv

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments