ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Einstein x402 Blockchain Analytics

v1.1.0

Blockchain analytics and DeFi intelligence via Einstein's x402 micropayment services. Use when user wants on-chain market analysis, token research, whale tracking, smart money tracking, rug pull scanning, launchpad monitoring (Pump.fun, Zora, Virtuals), portfolio analysis, MEV detection, cross-chain arbitrage, or Polymarket data. Supports Base, Ethereum, BSC, Arbitrum, Polygon, Optimism, zkSync, Solana. Costs $0.25-$1.15 USDC per query via x402 protocol on Base.

0· 2k·1 current·2 all-time
by@chuxo
Security Scan
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Benign
medium confidence
Purpose & Capability
The name/description (x402 micropayment analytics) matches the code and runtime requirements: Node, viem, and a private key to sign EIP-712/EIP-3009 payments. No unrelated cloud credentials or surprising binaries are requested.
Instruction Scope
SKILL.md and the scripts limit activity to service discovery, payment-challenge handling, signing, and POSTing queries. The setup and runtime scripts read/writes only skill-local config.json and environment variables. A noteworthy instruction allows saving the private key to a config.json inside the skill directory (the script explicitly warns to gitignore it) — this is convenient but increases risk if the repository is committed or the file is left world-readable.
Install Mechanism
No automatic install or remote download is performed by the skill; package.json declares a single dependency (viem) and the README asks the user to run npm install manually. No external arbitrary-code downloads, URL shorteners, or extract steps are present.
Credentials
The only sensitive environment variable requested is EINSTEIN_X402_PRIVATE_KEY, which is proportionate to a client that must sign micropayments. However, the registry metadata does not list a primary credential even though a private key is required, and the skill provides an option to persist the key to disk (config.json) which is a sensitive operation; users should prefer env vars and a dedicated low-balance wallet.
Persistence & Privilege
The skill does not request permanent inclusion, system-wide configuration changes, or access to other skills' credentials. It will only write config.json when explicitly invoked with --save-config. SKILL.md contains disable-model-invocation: true in its metadata (itself a safety measure), though the registry flags indicate the platform default (disable-model-invocation false); this mismatch is noted but not evidence of malicious intent.
Assessment
This skill appears to do what it says — it needs a wallet private key so it can sign x402 micropayments. Before installing or running it: - Do NOT use your main wallet private key. Create a dedicated wallet, fund it with only the small USDC amounts you expect to spend, and use that key. - Prefer setting EINSTEIN_X402_PRIVATE_KEY as an environment variable rather than saving the key with --save-config; if you do write config.json, ensure it is added to .gitignore and has strict filesystem permissions (chmod 600). - Review and verify the base URL (default https://emc2ai.io) and test with one small query to confirm facilitator and service behavior before sending larger payments. - Inspect scripts (already included) yourself if you have any doubts — the code shows the exact EIP-712 signing flow and external endpoints (Base RPC and emc2ai.io / Coinbase CDP facilitator). - If you need the platform to invoke the skill autonomously, verify the platform-level disable-model-invocation behavior: SKILL.md requests disabling model invocation, but registry metadata may not enforce that — treat autonomous usage as giving the skill the ability to sign and pay for queries automatically, which increases blast radius. If you are comfortable with those precautions, the skill is coherent for its stated purpose. If you are uncomfortable storing private keys or allowing automated payments, do not install or run it.

Like a lobster shell, security has layers — review code before you run it.

Runtime requirements

🧠 Clawdis
Binsnode, curl
EnvEINSTEIN_X402_PRIVATE_KEY
latestvk976zxt72s5c0hm0xepw31jggx80z40t
2kdownloads
0stars
2versions
Updated 22h ago
v1.1.0
MIT-0
@chuxo
latest
Download

Einstein — Blockchain Analytics via x402

Einstein provides 27 blockchain analytics services accessible via x402 micropayments (USDC on Base). Each query costs $0.25–$1.15 depending on complexity.

Quick Start

# 1. Install dependencies (manual step — the setup wizard will NOT run npm for you)
cd packages/project-einstein/openclaw-skill/einstein && npm install

# 2. Set your private key via environment variable (recommended)
export EINSTEIN_X402_PRIVATE_KEY=0x_your_private_key_here

# 3. Or run the interactive setup wizard
node scripts/einstein-setup.mjs

# 4. List all services (free)
node scripts/einstein.mjs services

# 5. Run a query (will prompt for payment confirmation)
node scripts/einstein.mjs top-movers --chain base --limit 10

Requirements:

  • Node.js 18+
  • Dependencies installed via npm install (not auto-installed)
  • A dedicated wallet private key with USDC on Base network (do NOT use your main wallet)
  • Set EINSTEIN_X402_PRIVATE_KEY environment variable (preferred) or run setup with --save-config

Service Categories

TierPrice (Raw)Price (+AI)Services
Basic$0.25$0.40Latest tokens, token chart
Standard$0.40$0.55Top movers, top tokens, OHLCV, Virtuals, wallet holdings, holder concentration
Platform$0.60$0.75Zora launches/volume, Pump.fun launches/volume/graduation, BSC alpha, liquidity shifts
Advanced$0.85$1.00Whale intel, smart money, top traders, DEX capital, token sniping, Polymarket events
Comprehensive$1.00$1.15Investment report, NFT analytics, MEV detection, arbitrage scanner, rug pull scanner, Polymarket compare

Raw = structured data only. +AI = includes AI-generated analysis and insights (default).

Free Services

These commands are free and do not require x402 payment or a wallet key.

Epstein Files Search

Search 44,886+ DOJ-released Jeffrey Epstein documents (Jan 2026 release) via the DugganUSA public index.

# Search by name
node scripts/einstein.mjs epstein-search --query "Ghislaine Maxwell" --limit 10

# Search by topic
node scripts/einstein.mjs epstein-search --query "flight logs" --limit 20

# Search by location
node scripts/einstein.mjs epstein-search --query "Little St James"
FlagDescriptionDefault
--query <terms>Search query (required)
--limit <N>Number of results (1-500)10

Usage Examples

Market Analysis

# Top movers on Base in the last 24 hours
node scripts/einstein.mjs top-movers --chain base --timeperiod 1d --limit 10

# Top tokens by market cap on Ethereum
node scripts/einstein.mjs top-tokens --chain ethereum --limit 20

# Latest deployed tokens with liquidity
node scripts/einstein.mjs latest-tokens --chain base --limit 15

Whale & Smart Money Intelligence

# Track whale accumulation on Ethereum
node scripts/einstein.mjs whale-intel --chain ethereum --limit 10 --timeperiod 7d

# Smart money leaderboard on Base
node scripts/einstein.mjs smart-money --chain base --limit 20 --timeperiod 7d

# Capital-intensive DEX traders
node scripts/einstein.mjs dex-capital --chain base --limit 10 --timeperiod 3d

Security & Risk Analysis

# Scan a token for rug pull risk
node scripts/einstein.mjs rug-scan --chain ethereum --token 0x1234...abcd

# Detect MEV/sandwich attacks
node scripts/einstein.mjs mev-detect --chain ethereum --limit 10 --timeperiod 1d

# Identify early snipers on a token
node scripts/einstein.mjs token-snipe --chain base --token 0x1234...abcd --limit 20

Launchpad Monitoring

# Latest Pump.fun launches on Solana
node scripts/einstein.mjs pump-launches --limit 15 --timeperiod 1d

# Pump.fun tokens about to graduate
node scripts/einstein.mjs pump-grads --limit 10

# Zora launches on Base
node scripts/einstein.mjs zora-launches --limit 10 --timeperiod 3d

# Virtuals Protocol agent tokens
node scripts/einstein.mjs virtuals --limit 10 --timeperiod 7d

Portfolio & Token Analysis

# Check wallet holdings
node scripts/einstein.mjs wallet --chain ethereum --wallet 0xd8dA...

# Token holder concentration
node scripts/einstein.mjs holders --chain base --token 0x1234... --limit 50

# Token price chart
node scripts/einstein.mjs chart --chain base --token 0x1234... --timeperiod 7d

# OHLCV data for technical analysis
node scripts/einstein.mjs ohlcv --chain base --token 0x1234... --timeperiod 30d

Advanced Reports

# Multi-chain investment report
node scripts/einstein.mjs investment-report --chains base,ethereum,bsc --limit 10 --timeperiod 7d

# Cross-chain arbitrage opportunities
node scripts/einstein.mjs arbitrage --chain ethereum --limit 10 --timeperiod 1d

# NFT collection analytics
node scripts/einstein.mjs nft-analytics --chain ethereum --limit 10 --timeperiod 7d

Prediction Markets

# Polymarket events (Polygon)
node scripts/einstein.mjs polymarket --limit 10 --timeperiod 7d

# Compare Polymarket API vs chain data
node scripts/einstein.mjs polymarket-compare --limit 10

How Payment Works

Einstein uses the x402 protocol — an HTTP-native micropayment standard. Payment is automatic:

  1. Your request hits Einstein's endpoint
  2. Server responds with HTTP 402 + payment challenge
  3. The skill signs a USDC TransferWithAuthorization (EIP-3009) using your private key
  4. Request is re-sent with the payment signature
  5. Coinbase CDP facilitator settles the USDC transfer on Base
  6. You receive the analytics data

No accounts, no API keys, no subscriptions. Just USDC on Base and a private key.

Options Reference

einstein.mjs (query CLI)

FlagDescriptionDefault
--chain <chain>Blockchain networkbase
--limit <N>Number of results (1-500)10
--timeperiod <period>Time window: 1d, 3d, 7d, 30d7d
--token <address>Token contract address
--wallet <address>Wallet address
--chains <c1,c2>Comma-separated chains
--rawData-only response (cheaper)false
--yes / -ySkip payment confirmation promptfalse

To skip the confirmation prompt globally, set EINSTEIN_AUTO_CONFIRM=true or add "autoConfirm": true to config.json.

einstein-setup.mjs (setup wizard)

FlagDescriptionDefault
--key <privateKey>Private key (skips interactive prompt)
--url <baseUrl>Base URL for Einstein APIhttps://emc2ai.io
--chain <chain>Default blockchain networkbase
--save-configWrite config.json to disk (otherwise prints env var exports)false

Supported chains: base, ethereum, bsc, solana, arbitrum, polygon, optimism, zksync

Security Best Practices

Use a dedicated wallet. Create a separate wallet funded with a small amount of USDC for this skill. Do NOT use your primary wallet or any wallet holding significant funds.

Prefer environment variables over config.json. Environment variables (EINSTEIN_X402_PRIVATE_KEY) are not persisted to disk and are harder to accidentally commit to git. If you must use config.json (--save-config), restrict file permissions:

chmod 600 config.json

What gets signed. Each paid query signs an EIP-3009 TransferWithAuthorization message that authorizes a USDC transfer of the exact query price (shown before confirmation) from your wallet to the Einstein service address. The signature is single-use (unique nonce) and time-limited. No blanket approvals are granted.

Payment confirmation. By default, the CLI prompts before every paid query showing the exact cost. To skip the prompt for scripted/automated use, pass --yes / -y per-command or set EINSTEIN_AUTO_CONFIRM=true globally.

No auto-installed packages. The setup wizard does NOT run npm install automatically. You must install dependencies yourself so you can audit what is being installed.

No home directory scanning. Configuration is loaded only from environment variables and the skill-local config.json. No paths outside the skill directory are read.

Troubleshooting

"No private key configured" Set EINSTEIN_X402_PRIVATE_KEY environment variable or run node scripts/einstein-setup.mjs --save-config.

"Payment rejected" / "Insufficient balance" Your wallet needs USDC on Base. Bridge via https://bridge.base.org. Use a dedicated wallet with a small balance.

"Cannot reach emc2ai.io" Check internet connection. The service may have temporary downtime.

"Unknown service" Run node scripts/einstein.mjs services to see all available commands.

"Dependencies not installed" Run npm install in the skill directory: cd packages/project-einstein/openclaw-skill/einstein && npm install

References

  • references/services-catalog.md — Full service catalog with parameters
  • references/payment-guide.md — Detailed x402 payment protocol guide
  • references/examples.md — Extended usage examples by category

Comments

Loading comments...