ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Token Shark

实时监控新上线代币,提供多维风险评估、交易数据和价格提醒,助您把握投资机会。

MIT-0 · Free to use, modify, and redistribute. No attribution required.
0 · 162 · 0 current installs · 0 all-time installs
byHaha Tan@gztanht
MIT-0
Security Scan
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Suspicious
medium confidence
Purpose & Capability
Name/description promise: real-time monitoring, multi-source risk assessment. What is present: monitor/analyze/risk/alert scripts that operate on hard-coded sample data and local alerts storage. No required credentials or network access are declared or used. Legitimate for a local demo, but NOT actually connecting to DEXs/chain/social APIs as the description implies.
Instruction Scope
SKILL.md directs running the provided scripts and describes data sources (DEX, chain, social APIs), but the scripts themselves only read/write a local data/alerts.json and return simulated token data. Instructions do not access unrelated system files or env vars. The mismatch (claims of external data vs. simulated implementation) is misleading and should be clarified.
Install Mechanism
No install spec, no external downloads; code is bundled with the skill. package.json has no external dependencies. Low installation risk: nothing is fetched from arbitrary URLs or written outside the skill directory except creating a local data/alerts.json file.
Credentials
No environment variables or credentials are required and the code does not read env vars. The only local persistence is a data/alerts.json file under the skill directory. No requests for unrelated secrets or system config.
Persistence & Privilege
Skill is not always-enabled and has no elevated privileges. It writes a small alerts.json in a local data directory and does not modify other skills or global agent settings. Autonomous invocation is allowed (platform default) but not combined with broad access here.
What to consider before installing
This package appears to be a local/demo implementation (hard-coded sample tokens and a local alerts file) rather than a live, networked monitor despite README/SKILL.md claiming DEX/chain/social data. If you expect real-time monitoring, confirm with the author or the upstream repo before relying on it. The skill creates data/alerts.json under its directory — check file location and permissions if you run it on a shared machine. There are donation crypto addresses in README/package.json — treat them as public payment addresses (verify independently) and do not confuse them with any credential or trust signal. If future versions add real-time push or automatic trading (mentioned in roadmap), they will likely require network access and private keys; never provide private keys or wallet secrets to a skill. To proceed safely: (1) inspect the GitHub repo (link in README) to confirm sources and commits; (2) run the scripts in a sandbox/container to observe behavior; (3) verify whether a later release actually implements network calls and, if so, require that those calls use minimal, documented credentials and trustworthy endpoints.

Like a lobster shell, security has layers — review code before you run it.

Current versionv0.1.0
Download zip
latestvk970eqa3zzpfmyppyc02bfp5th82da8w

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

SKILL.md

TokenSniper Skill - SKILL.md

🎯 代币狙击手 - 新代币上线监控,第一时间发现机会

基本信息

{
  "name": "token-shark",
  "version": "0.1.0",
  "description": "代币狙击手 - 新代币上线监控,风险评估",
  "author": "@gztanht",
  "license": "MIT"
}

命令系统

命令描述参数
monitor查看新代币列表--chain, --limit
analyze代币详情分析<address>
risk风险评估<address>
alert价格提醒管理add, list, remove

功能说明

1. 新代币监控 (monitor.mjs)

显示最近上线的代币:

  • 代币名称和符号
  • 上线时间
  • 当前价格
  • 流动性
  • 风险等级
  • 24h 交易量

参数:

  • --chain [ethereum|bsc|base|arbitrum] - 按链筛选
  • --limit N - 限制显示数量

2. 代币分析 (analyze.mjs)

详细分析特定代币:

  • 价格信息
  • 市值和流动性
  • 持有者分析
  • 风险评估
  • 交易建议

参数:

  • <address> - 代币合约地址

3. 风险评估 (risk.mjs)

多维度风险评分:

  • 合约安全
  • 流动性风险
  • 持有者集中度
  • 开发团队
  • 社区活跃度

参数:

  • <address> - 代币合约地址

4. 价格提醒 (alert.mjs)

设置和管理价格提醒:

  • 添加新提醒
  • 查看所有提醒
  • 删除已触发提醒

参数:

  • add --token <addr> --price <price> - 添加提醒
  • list - 查看提醒列表
  • remove <id> - 删除提醒

风险评分算法

整体评分 = (
  合约安全 * 0.25 +
  流动性风险 * 0.20 +
  持有者集中度 * 0.20 +
  开发团队 * 0.15 +
  社区活跃度 * 0.20
)

评分标准

维度权重评估项
合约安全25%审计状态/所有权/honeypot 检测
流动性风险20%流动性大小/锁定期/集中度
持有者集中度20%Top10 持仓/大户变动
开发团队15%实名状态/历史记录/代码质量
社区活跃度20%社交媒体/Discord/持有者增长

输出格式

监控列表输出

🎯 TokenSniper - 新代币监控

时间        代币名称        链        价格        流动性    风险    24h 交易
────────────────────────────────────────────────────────────────────────────────
10 分钟前   PEPE2.0       Ethereum  $0.00012   $50K     🟡 中    $12K

风险评估输出

风险维度              评分      状态
─────────────────────────────────────────────────────
合约安全              70/100    🟡 中等
流动性风险            60/100    🟡 中等
整体评分              65/100    🟡 中等风险

定价策略

  • 免费版: 5 次查询/天
  • 赞助版: 0.5 USDT/USDC → 无限查询

数据源

  • DEX 流动性池数据
  • 链上持有人数据
  • 社交媒体 API
  • 合约分析工具

安全注意事项

技能必须显示安全提示:

  • 新代币可能归零
  • 警惕 rug pull
  • 检查合约和流动性
  • 小额测试

未来规划

  • v0.2.0 - 实时价格推送
  • v0.3.0 - 自动交易集成
  • v1.0.0 - AI 风险评估

🎯 TokenSniper v0.1.0 - Snipe Before Moon

Files

8 total
Select a file
Select a file to preview.

Comments

Loading comments…