ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Whale Alert Monitor 大户监控

v1.0.0

虚拟币大户账户预警监测助手 - 实时监控鲸鱼钱包动向、大额转账、交易所资金流向。 当用户需要以下功能时触发此skill: (1) 监控特定大户/鲸鱼钱包的交易活动 (2) 追踪大额资金流入/流出交易所 (3) 设置自定义阈值的大额转账预警 (4) 分析鲸鱼持仓变化和积累/派发模式 (5) 接收Telegram/D...

0· 24·0 current·0 all-time
by@shenmeng·duplicate of @shenmeng/shenmeng-whale-alert-monitor
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
Capability signals
CryptoRequires walletCan make purchases
These labels describe what authority the skill may exercise. They are separate from suspicious or malicious moderation verdicts.
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Suspicious
high confidence
!
Purpose & Capability
The name/description promise real-time, multi-source on‑chain monitoring and notifications, but the included scripts largely generate simulated/random data (fetch_* functions use random generators) rather than integrating with the recommended APIs. The SKILL.md and references describe Etherscan/Alchemy/Moralis usage and environment keys, yet the runtime code does not actually require or use those keys. Additionally, _meta.json declares SkillPay-related env vars as required while the code embeds a hardcoded billing API key — these are inconsistent with the declared requirements.
!
Instruction Scope
SKILL.md instructs running local Python scripts and using env vars (TELEGRAM_BOT_TOKEN, DISCORD_WEBHOOK_URL, etc.). The code reads/writes local files (alert_configs.json, alert_history.json, config.yaml, whale_monitor.log) and will send notifications to Telegram/Discord/webhook endpoints if configured. That behavior matches the stated purpose, but the guiding docs reference external APIs for live chain data while the code uses simulated data; this is scope misrepresentation. The billing behavior (SkillPay) is present in payment.py but not consistently enforced across scripts.
Install Mechanism
No external install spec (no network downloads). The skill ships full Python scripts. There is no installer; risk comes from running included code. Dependencies (requests, pyyaml, etc.) are used by the scripts but not declared in metadata or SKILL.md, so users may be surprised by missing packages. No arbitrary downloads or obfuscated installers were found.
!
Credentials
The SKILL.md/reference docs list many API keys (ETHERSCAN_API_KEY, ALCHEMY_API_KEY, MORALIS_API_KEY, TELEGRAM/Discord secrets). _meta.json states SkillPay env vars (SKILLPAY_API_KEY, SKILLPAY_USER_ID) are required. In practice, the runtime code: - reads TELEGRAM_BOT_TOKEN / TELEGRAM_CHAT_ID and DISCORD_WEBHOOK_URL from env for notifications (expected), - uses a hardcoded BILLING_API_KEY constant inside payment.py (a long secret is embedded in source), and - does not actually consume SKILLPAY_API_KEY env var despite metadata claiming it required. Asking for multiple secrets is plausible for this domain, but the hardcoded billing key and mismatches between declared required env vars and actual usage are disproportionate and suspicious.
Persistence & Privilege
The skill does not request always:true or system-wide privileges. It writes local files (config.yaml, alert_history.json, alert_configs.json, whale_monitor.log) in the working directory and runs as a user process — behavior consistent with a monitoring tool. It does not modify other skills' configs or escalate privileges.
Scan Findings in Context
[hardcoded_billing_api_key] unexpected: payment.py contains a long hardcoded BILLING_API_KEY value and uses skillpay.me endpoints. A billing API key embedded in source is unexpected and increases risk (exposes credential, may allow unauthorized billing interactions). The _meta.json also lists SKILLPAY_API_KEY as an env var required but the code uses the hardcoded key instead.
[simulated_data_usage] unexpected: Multiple monitor scripts (exchange_flow.fetch_flow_data, transfer_monitor.fetch_recent_transfers, holding_analyzer.fetch_trade_history) generate random/simulated data instead of making actual API calls to the recommended data sources. For a 'real-time monitor' this is inconsistent with user expectations.
[undeclared_dependencies] expected: Scripts import common libraries (requests, yaml) but the skill has no install spec or declared dependencies. This is common but users should be aware to install dependencies before running.
What to consider before installing
This skill claims to provide real-time whale monitoring but the shipped code mostly uses simulated data and does not actually integrate with the on‑chain APIs described in the docs. Notable concerns: - payment.py embeds a long hardcoded billing API key (BILLING_API_KEY) and calls https://skillpay.me. A credential in source is unexpected and risky — it could be abused or indicate sloppy secret handling. Ask the author to remove the hardcoded key and explain how billing is intended to work. Do not trust the embedded key. - _meta.json declares SKILLPAY_API_KEY and SKILLPAY_USER_ID as required env vars, but the code uses a hardcoded billing key and only reads SKILLPAY_USER_ID (defaulting to 'anonymous_user'). This metadata/code mismatch is suspicious; confirm whether the skill will actually enforce payments and how user identity is validated before running. - The scripts simulate data (random generators) rather than calling Etherscan/Alchemy/Moralis. If you need real monitoring, request a version that uses real API calls and a secure method for providing keys (env vars or config files), and confirm what network endpoints are contacted. - The skill will write config and history files and logs in the working directory and can send notifications to Telegram/Discord/webhooks if you provide tokens/URLs. Only supply notification credentials to this code after validating the author and reviewing the payment behavior. Recommended next steps before installing or running: 1) Ask the publisher to explain the hardcoded billing key, remove it from source, and provide a secure billing integration that uses an env var. 2) Request a clear statement whether the scripts actually contact third‑party chain APIs in non-demo mode; if so, ask which files perform those calls and how credentials are used. 3) Run the code in an isolated sandbox/container and inspect outbound network connections to verify endpoints. 4) Do not provide any sensitive API keys or webhook tokens until you confirm the code's behavior and the author identity. 5) If you intend to use it for production monitoring, require the author to provide dependency declarations (requirements.txt) and an uninstall/cleanup guide.

Like a lobster shell, security has layers — review code before you run it.

latestvk972y42thcgxa6f8np0q3f0njs8497fd

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments