Skill flagged — suspicious patterns detected
ClawHub Security flagged this skill as suspicious. Review the scan results before using.
Whale Alert Monitor 鲸鱼监控
v1.0.0追踪加密货币巨鲸动向、大额转账预警、交易所资金流向分析。 当你想追踪聪明钱的每一步,监测大户交易行为时使用此技能。 已接入 SkillPay,每次调用 0.01 USDT。
⭐ 0· 25·0 current·0 all-time
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
Capability signals
These labels describe what authority the skill may exercise. They are separate from suspicious or malicious moderation verdicts.
OpenClaw
Suspicious
high confidencePurpose & Capability
The code (tracker, transfer monitor, exchange flow, alert manager, daemon) matches the described whale-monitoring purpose. However metadata and payment integration introduce capabilities beyond pure monitoring (billing calls to SkillPay). The SKILL.md claims no required env vars but _meta.json and the code reference billing env variables — this mismatch is unexpected.
Instruction Scope
SKILL.md describes monitoring and external data sources (Etherscan/Alchemy/Moralis) but the shipped code mainly simulates data and also performs network calls for billing and notifications. The runtime code reads/writes local config/log/alert files (config.yaml, alert_configs.json, alert_history.json, whale_monitor.log) and reads several environment variables (TELEGRAM_BOT_TOKEN, TELEGRAM_CHAT_ID, DISCORD_WEBHOOK_URL, CUSTOM_WEBHOOK_URL, SKILLPAY_USER_ID) that are not declared in SKILL.md. The payment flow will call skillpay.me endpoints at startup — this is not clearly documented in SKILL.md.
Install Mechanism
There is no install spec (instruction-only at packaging level), but multiple Python scripts are included and are intended to be executed. No external binary downloads are requested. Because code files are packaged, they will run on the host when invoked — review them before execution.
Credentials
The package does not declare required env vars in SKILL.md, yet the code expects notification tokens and (per _meta.json) SkillPay credentials. Payment integration is configured via _meta.json and payment.py; notably payment.py contains a hardcoded BILLING_API_KEY value (a secret-looking token) embedded in source — this is disproportionate and risky (credential leakage / misuse).
Persistence & Privilege
The skill does not request always:true and does not attempt to modify other skills or system-wide settings. It will read/write local files (configs, history, logs) in the skill directory — standard for a daemon but worth noting for privacy.
Scan Findings in Context
[hardcoded-api-key-in-source] unexpected: payment.py contains a hardcoded BILLING_API_KEY (sk_f03aa8f8bbcf79f7aa11c112d904780f22e62add1464e3c41a79600a451eb1d2). Shipping a secret in source is not appropriate for a monitoring skill and is unexpected for its stated purpose; it can enable unauthorized billing calls or indicate leakage of credentials.
[undeclared-environment-variables-used] unexpected: Code reads TELEGRAM_BOT_TOKEN, TELEGRAM_CHAT_ID, DISCORD_WEBHOOK_URL, CUSTOM_WEBHOOK_URL, and SKILLPAY_USER_ID but SKILL.md declares no required env vars. Notification tokens and billing user id are expected for notifications/billing but must be declared and justified explicitly.
What to consider before installing
Do not install this skill into a production or credentialed environment until the following are addressed: 1) Ask the author to remove the hardcoded billing API key from payment.py and rotate that key immediately — treat the embedded token as leaked. 2) Require clear documentation of billing behavior: when and how SkillPay is called, what data is sent (user_id, usage), and whether network calls occur at startup. 3) Ensure SKILL.md/_meta.json accurately list required environment variables (SkillPay API key/user id, Telegram/Discord webhook tokens if notifications are used). 4) If you want to use the skill, run it in an isolated sandbox first and audit network traffic to skillpay.me and notification endpoints. 5) If you will provide any credentials (telegram, discord, SkillPay), use least-privilege test accounts and avoid sharing high-value secrets. 6) Consider removing or replacing the billing module if you do not want external billing; confirm the skill functions (or fails safely) without provisioning billing credentials. If the author cannot satisfactorily explain the hardcoded key and the billing flow, treat the package as untrustworthy and avoid installing.Like a lobster shell, security has layers — review code before you run it.
latestvk97afd5052zsmvd9hppkz7akyn84jwad
License
MIT-0
Free to use, modify, and redistribute. No attribution required.