ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Crypto Address Sentinel

v1.0.0

Monitor wallet balances and on-chain activity. Get alerts when balances change or when specified conditions are met. Use for tracking portfolio, detecting un...

0· 87·0 current·0 all-time
by@zhiuannnn

Install

OpenClaw Prompt Flow

Install with OpenClaw

Best for remote or guided setup. Copy the exact prompt, then paste it into OpenClaw for zhiuannnn/crypto-address-sentinel.

Previewing Install & Setup.
Prompt PreviewInstall & Setup
Install the skill "Crypto Address Sentinel" (zhiuannnn/crypto-address-sentinel) from ClawHub.
Skill page: https://clawhub.ai/zhiuannnn/crypto-address-sentinel
Keep the work scoped to this skill only.
After install, inspect the skill metadata and help me finish setup.
Use only the metadata you can verify from ClawHub; do not invent missing requirements.
Ask before making any broader environment changes.

Command Line

CLI Commands

Use the direct CLI path if you want to install manually and keep every step visible.

OpenClaw CLI

Bare skill slug

openclaw skills install crypto-address-sentinel

ClawHub CLI

Package manager switcher

npx clawhub@latest install crypto-address-sentinel
Security Scan
Capability signals
CryptoRequires wallet
These labels describe what authority the skill may exercise. They are separate from suspicious or malicious moderation verdicts.
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Suspicious
medium confidence
Purpose & Capability
The skill's name, description, and listed features (balance monitoring, activity detection, multi-chain support) align with each other. However, the registry metadata declares no required environment variables or credentials while the SKILL.md defines WATCHED_ADDRESSES, ALERT_WEBHOOK, and CHECK_INTERVAL_MINUTES — a mismatch that should be reconciled. The SKILL.md claims support for multiple chains but gives no guidance on which RPC providers or APIs it will use (no Alchemy/Infura/third-party API keys mentioned).
!
Instruction Scope
SKILL.md is high-level and leaves critical implementation choices to the agent: how to fetch on-chain data, where to store/persist the watchlist (add/remove are documented but persistence mechanism is unspecified), and how periodic checking is scheduled. The optional ALERT_WEBHOOK allows sending potentially sensitive balance/activity data to an arbitrary external endpoint — expected for alerts but also a plausible vector for exfiltration if misused. The instructions do not reference reading unrelated files or hidden env vars, but they are open-ended and grant broad discretion.
Install Mechanism
No install spec or code files are present (instruction-only), so there is no installer risk or archive download. This minimizes disk/write risk but also means runtime behavior depends entirely on how the agent implements the instructions.
!
Credentials
The SKILL.md expects WATCHED_ADDRESSES and ALERT_WEBHOOK (and an interval), but the skill registry lists no required env vars or primary credential. This inconsistency can lead to surprise at runtime. ALERT_WEBHOOK could transmit sensitive wallet addresses and balances to external systems; while that is a legitimate alerting mechanism, it should be explicitly called out in metadata and the user should ensure the webhook endpoint is trusted. No credentials for blockchain providers are requested — either the agent will use public endpoints (rate/accuracy concerns) or it may prompt for additional keys at runtime.
Persistence & Privilege
always:false and default autonomous invocation are set (normal). The design implies periodic monitoring; if the agent is allowed to run autonomously this could result in recurring network calls and webhook deliveries. The skill does not request elevated system privileges or configuration changes, but the lack of a clear persistence model for the watchlist (how add/remove are saved) is a functional gap.
What to consider before installing
Before installing, verify these points: (1) Confirm where monitoring will run and which RPC or API providers will be used (public nodes, Alchemy/Infura, or other services) and whether any additional API keys will be requested at runtime. (2) Treat ALERT_WEBHOOK as sensitive — only provide a webhook you control or trust, since it will receive addresses and balance/activity data. (3) Ask the publisher to reconcile metadata: the registry should list WATCHED_ADDRESSES and ALERT_WEBHOOK if they are required. (4) Clarify how add/remove persist (is the watchlist stored in environment variables, a config file, or a remote service?). (5) Do not provide private keys or wallet secrets; this skill should only need public addresses. (6) If you enable autonomous/periodic monitoring, monitor network traffic and webhook endpoints for unexpected destinations. If the author cannot answer these questions or provide clearer metadata and persistence behavior, treat the skill as risky and avoid installing it.

Like a lobster shell, security has layers — review code before you run it.

latestvk97532hkj0nx7fp3v75xjyc8e984h3e4
87downloads
0stars
1versions
Updated 2w ago
v1.0.0
MIT-0
@zhiuannnn
latest
Download

Crypto Address Sentinel

Monitor wallet addresses across multiple blockchains and get notified of important events.

Setup

Environment Variables

  • WATCHED_ADDRESSES - Comma-separated list of addresses to monitor
  • ALERT_WEBHOOK - Webhook URL for alerts (optional)
  • CHECK_INTERVAL_MINUTES - How often to check (default: 60)

Usage

# Check all watched addresses
 addresses

# Get balance for specific address
balance <address>

# Add address to watchlist
add <address>

# Remove from watchlist
remove <address>

Supported Chains

  • Ethereum
  • Arbitrum
  • Optimism
  • Base
  • Polygon
  • BNB Chain
  • Solana

Features

  • Balance monitoring
  • Activity detection
  • Custom alert conditions
  • Multi-chain support
  • Periodic reports

Comments

Loading comments...