Skill flagged — suspicious patterns detected
ClawHub Security flagged this skill as suspicious. Review the scan results before using.
Btc Price Tracker
v1.0.1实时获取比特币价格,支持多货币显示,设置价格警报并通过 Telegram 收到通知,附带命令行操作和本地存储。
⭐ 1· 183·1 current·1 all-time
byMeng@siemen90
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Suspicious
medium confidencePurpose & Capability
Name/description match the code: the Python scripts fetch CoinGecko prices, store alerts locally, and print/send Telegram notifications. However, the published metadata claims 'instruction-only' / no required envs while the bundle contains 575 files (a full venv) — an oversized and disproportionate payload for a small price-tracker tool.
Instruction Scope
SKILL.md instructions are consistent with the stated purpose (how to view price, add/delete alerts, and Telegram setup). They reference an environment variable OPENCLAW_TELEGRAM_BOT_TOKEN and OpenClaw Gateway integration; that env var is used by the runtime in comments and docs but was not declared in the registry metadata. The runtime code operates only on local files (alerts.json, last_price.json) and CoinGecko API — there are no obvious instructions to read unrelated system files or exfiltrate data.
Install Mechanism
No install spec is provided (claimed instruction-only) but the package includes a complete virtualenv (venv/) and many vendored libraries. Bundling an entire venv is excessive for this functionality, increases attack surface, and is unusual for an instruction-only skill. There is no remote download/install step, but installing or executing these files would write many files to disk. This inflated artifact is disproportionate and should be reviewed.
Credentials
Registry metadata lists no required environment variables, but SKILL.md and code reference OPENCLAW_TELEGRAM_BOT_TOKEN and OPENCLAW_LANG (for Telegram notifications and language). This mismatch is a red flag: the skill requires credentials for Telegram integration (sensitive) but that was not declared. The number and type of envs requested are small and appropriate for Telegram notification, but they should be declared explicitly in metadata so users know what will be accessed.
Persistence & Privilege
The skill is not marked always:true and does not claim to alter other skills or system-wide configs. It persists only its own local files (alerts.json, last_price.json) in the skill directory. Autonomous invocation is allowed (platform default) but not combined here with any broad, undeclared privileges.
Scan Findings in Context
[unicode-control-chars] unexpected: The SKILL.md triggered a prompt-injection style pattern detector for unicode-control characters. The visible SKILL.md does not contain obvious malicious prompts, but the presence of control/unicode manipulation patterns in documentation is unusual and should be inspected. This finding alone is not proof of malicious intent but increases suspicion given the other inconsistencies.
What to consider before installing
What to consider before installing:
1) Metadata vs. reality: The registry says 'no env vars' and 'instruction-only', but the package includes a full Python virtualenv (venv/) and the docs/code reference OPENCLAW_TELEGRAM_BOT_TOKEN. Ask the publisher to correct metadata or remove the bundled venv. Do not assume the skill is safe because metadata omitted env requirements.
2) Telegram token: If you enable Telegram notifications you must provide a bot token (sensitive). Only set OPENCLAW_TELEGRAM_BOT_TOKEN if you trust the skill. Prefer creating a minimally privileged bot and revoke it if anything looks off.
3) Inspect the bundle: Because the repo contains many files (including third-party libraries), inspect for hardcoded secrets or unexpected network endpoints. Search for any occurrences of 'http://' to unknown hosts, IP addresses, or embedded credentials. So far the code calls CoinGecko and prints Telegram messages; no hidden remote endpoints were obviously found in the reviewed files.
4) Run in isolation: If you test it, run the scripts in an isolated environment (container or VM) and avoid giving it more permissions than needed. Remove or recreate the virtualenv from a known-good requirements.txt (pip install -r requirements.txt) rather than using the included venv.
5) Address the scanner hit: The pre-scan flagged unicode-control-chars in SKILL.md. Request clarification from the author or ask them to re-publish without hidden/control characters. Treat this as an explanation request rather than automatic proof of maliciousness.
6) What would reduce my concern: (a) updated registry metadata declaring OPENCLAW_TELEGRAM_BOT_TOKEN as a required env var, (b) removal of the bundled venv (or explanation why it was included), (c) a known/trusted publisher identity or homepage, and (d) a minimal source-only release (no vendored site-packages).
Given the inconsistent packaging and the scanner hit, proceed with caution — the code looks coherent with the advertised function, but the packaging and metadata mismatches are suspicious and warrant a manual review before granting credentials or running in production.venv/lib/python3.12/site-packages/pip/_vendor/pygments/formatters/__init__.py:91
Dynamic code execution detected.
venv/lib/python3.12/site-packages/pip/_vendor/pyparsing/results.py:57
Dynamic code execution detected.
venv/lib/python3.12/site-packages/pip/_vendor/typing_extensions.py:1251
Dynamic code execution detected.
Patterns worth reviewing
These patterns may indicate risky behavior. Check the VirusTotal and OpenClaw results above for context-aware analysis before installing.Like a lobster shell, security has layers — review code before you run it.
latestvk970vrgfw10grvpsmdvdqk8vgd840j89
License
MIT-0
Free to use, modify, and redistribute. No attribution required.