Skill flagged — suspicious patterns detected
ClawHub Security flagged this skill as suspicious. Review the scan results before using.
Whale Alert Monitor 大户监控
v2026.4.7-10追踪加密货币巨鲸动向、大额转账预警、交易所资金流向分析。 当你想追踪聪明钱的每一步,监测大户交易行为时使用此技能。 已接入 SkillPay,每次调用 0.01 USDT。
⭐ 0· 708·0 current·0 all-time
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
Capability signals
These labels describe what authority the skill may exercise. They are separate from suspicious or malicious moderation verdicts.
OpenClaw
Suspicious
high confidencePurpose & Capability
The declared purpose (whale/transfer/exchange monitoring) matches the scripts' functionality. However metadata and code disagree about billing/credentials: _meta.json declares SkillPay billing and required SKILLPAY_API_KEY/SKILLPAY_USER_ID, the repository includes a payment integration, yet the registry summary lists no required env vars. Worse, payment.py contains a hardcoded BILLING_API_KEY constant inside the source. Requesting billing access and embedding a key in-source is disproportionate/unexpected relative to a monitoring-only skill and is an incoherence that needs explanation.
Instruction Scope
SKILL.md instructs running the included Python scripts (monitor_daemon.py, transfer_monitor.py, etc.) which is consistent with the skill. But the runtime will: contact external APIs (Etherscan/Alchemy/Moralis/SkillPay), post to Telegram/Discord/custom webhooks, and write local config/log/history files. The SKILL.md and top-level registry metadata do not fully document which env vars are required at runtime (TELEGRAM_BOT_TOKEN, TELEGRAM_CHAT_ID, DISCORD_WEBHOOK_URL, CUSTOM_WEBHOOK_URL, Etherscan/Alchemy keys, and SkillPay vars). Payment behavior (charging per call) is not shown as an enforced technical gate in the scripts that were inspected, yet the payment module exists and will call SkillPay endpoints — this hidden billing step is scope-creep and should be clearly documented/confirmed.
Install Mechanism
There is no install spec (instruction-only with code files), so nothing arbitrary is downloaded during install. Risk from install mechanism itself is low.
Credentials
The package requires multiple sensitive environment variables at runtime (notification/webhook tokens and various blockchain API keys) but the registry metadata reported 'none' for required env vars. The code expects TELEGRAM_BOT_TOKEN, TELEGRAM_CHAT_ID, DISCORD_WEBHOOK_URL, CUSTOM_WEBHOOK_URL, and potentially Etherscan/Alchemy/Moralis keys. Additionally, payment metadata claims SKILLPAY_API_KEY and SKILLPAY_USER_ID are required, but payment.py does not read an env var for the billing key — it uses a hardcoded key in the source. Hardcoded credentials in the repository are a critical red flag and the mismatch between declared and actual env requirements is an incoherence.
Persistence & Privilege
The skill does not request special platform privileges (always:false). It writes local artifacts (config.yaml, alert_configs.json, alert_history.json, whale_monitor.log) and will run continuously if the daemon is started; this is expected for a monitoring daemon. The autonomy/default model invocation setting is normal. The combination of persistent local files plus the hardcoded billing key and external network calls increases risk, but there is no evidence the skill modifies other skills or system-wide settings.
What to consider before installing
Key issues for you to consider before installing or running this skill:
- Hardcoded billing key: payment.py contains a plaintext BILLING_API_KEY value embedded in the repository. This is a security anti-pattern — the key may be valid, and its presence means anyone with the repo can use it. Ask the author to remove the key and use an environment variable instead. Treat the repository as potentially compromised until that key is verified or revoked.
- Undeclared/unclear env vars: The registry shows no required env vars but the code clearly uses TELEGRAM_BOT_TOKEN, TELEGRAM_CHAT_ID, DISCORD_WEBHOOK_URL, CUSTOM_WEBHOOK_URL, and blockchain API keys (Etherscan/Alchemy/Moralis). Confirm which secrets you must provide and why. Do not supply production/private credentials until you trust the code.
- Billing behavior not enforced/unclear: _meta.json and SKILL.md state a per-call charge (0.01 USDT), but it is unclear which code paths enforce charges. Clarify whether the skill will charge automatically when invoked and how the billing key is used. If you are being asked to provide billing credentials, prefer a design where the skill reads your SKILLPAY_API_KEY from an env var (not the repo) and where billing calls are transparent.
- Network activity & data flow: Running the scripts will call third-party APIs and send notifications to external services (Telegram/Discord/webhooks). If you need to preserve privacy or run in a restricted environment, run the skill in a sandbox or isolated environment first and monitor network traffic.
- Recommended actions before use:
1) Do not run in production. Run in an isolated VM/container for initial testing.
2) Inspect/grep the repo for any other hardcoded secrets and remove/rotate any leaked keys.
3) Ask the publisher for authoritative documentation about billing (why a key is embedded, whether it's theirs, and whether it should be removed). If they cannot justify it, do not use the billing integration.
4) Replace embedded keys with environment-driven configuration, and ensure the skill only requires and documents the minimal secrets needed.
5) Consider a third-party code audit or at minimum run the scripts with network access blocked to see what local behavior happens.
If you want, I can: (a) list all places the code reads environment variables and where network calls occur, (b) extract exact lines with hardcoded secrets, or (c) propose a minimal remediation patch to remove the embedded billing key and make billing read from env vars.Like a lobster shell, security has layers — review code before you run it.
latestvk977g2j9fch7a1796mythwcq3584c0yj
License
MIT-0
Free to use, modify, and redistribute. No attribution required.