ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Multichain Portfolio Tracker

v1.0.0

Track multi-chain crypto portfolio with real-time prices, P&L, and alerts. Supports EVM (Ethereum, Base, Arbitrum, Polygon, Optimism), Solana, and manual ent...

0· 80·0 current·0 all-time
by@jimmyclanker

Install

OpenClaw Prompt Flow

Install with OpenClaw

Best for remote or guided setup. Copy the exact prompt, then paste it into OpenClaw for jimmyclanker/multichain-portfolio-tracker.

Previewing Install & Setup.
Prompt PreviewInstall & Setup
Install the skill "Multichain Portfolio Tracker" (jimmyclanker/multichain-portfolio-tracker) from ClawHub.
Skill page: https://clawhub.ai/jimmyclanker/multichain-portfolio-tracker
Keep the work scoped to this skill only.
After install, inspect the skill metadata and help me finish setup.
Use only the metadata you can verify from ClawHub; do not invent missing requirements.
Ask before making any broader environment changes.

Command Line

CLI Commands

Use the direct CLI path if you want to install manually and keep every step visible.

OpenClaw CLI

Bare skill slug

openclaw skills install multichain-portfolio-tracker

ClawHub CLI

Package manager switcher

npx clawhub@latest install multichain-portfolio-tracker
Security Scan
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Suspicious
medium confidence
Purpose & Capability
Name/description match what the files implement: price checks, wallet balance queries, portfolio aggregation, and alerts. The scripts operate without requiring API keys which matches the README. Minor inconsistency: SKILL.md references a pnl.sh script for P&L calculation but no pnl.sh is present in the supplied manifest.
!
Instruction Scope
Scripts read a local portfolio.json (expected) and call external services (CoinGecko and several public RPC endpoints). Those network calls will send wallet addresses and requested token symbols to third-party endpoints (e.g., eth.llamarpc.com, mainnet.base.org, api.coingecko.com), which can log IPs and queried addresses—this is a privacy/exfiltration risk not called out in the README. Otherwise the instructions limit themselves to the task and do not attempt to read unrelated files or credentials.
Install Mechanism
Instruction-only skill with no install spec; scripts run using system bash/python3. No downloads or archive extraction are performed by the skill itself.
Credentials
No environment variables or credentials are requested, which is proportional. However the hard-coded use of third-party RPC endpoints (not locally controlled) means sensitive data (wallet addresses and IPs) will be sent to those providers; consider whether you trust those endpoints or want to substitute your own RPC URLs.
Persistence & Privilege
The skill is user-invocable and not always-enabled. It does not attempt to modify other skills or system settings and does not request persistent presence.
What to consider before installing
This skill appears to implement what it claims, but before installing or running it: (1) understand that the scripts query public RPC providers and CoinGecko — those external services will receive the wallet addresses and token symbols you check (they can log requests and IPs). If you care about privacy, replace the hard-coded RPC URLs with your own RPC provider or a private node. (2) The SKILL.md mentions pnl.sh but that file is missing — expect limited P&L functionality until you add/implement it. (3) Inspect the scripts locally (they are simple bash/python) and run them in a restricted environment if you are unsure. (4) If you want to avoid third-party logging entirely, configure trusted RPC endpoints or API keys that you control. If you want me to, I can point out exactly which lines to change to swap in custom RPC URLs or remove any specific endpoint.

Like a lobster shell, security has layers — review code before you run it.

latestvk97by4s98zszf6x6fghxdgp8g183yrzf
80downloads
0stars
1versions
Updated 3w ago
v1.0.0
MIT-0
@jimmyclanker
latest
Download

Crypto Portfolio Tracker

Track your crypto portfolio across multiple chains with real-time prices, P&L calculation, and optional alerts. Zero API keys needed for basic functionality.

Quick Start

# Check a single wallet
bash scripts/check-wallet.sh 0xYourAddress ethereum

# Full portfolio scan (all configured wallets)
bash scripts/portfolio.sh

# Price check
bash scripts/price.sh BTC ETH SOL

Configuration

Create portfolio.json in your workspace:

{
  "wallets": [
    { "address": "0x...", "chain": "ethereum", "label": "Main" },
    { "address": "0x...", "chain": "base", "label": "Trading" },
    { "address": "0x...", "chain": "arbitrum", "label": "DeFi" },
    { "address": "C122gx...", "chain": "solana", "label": "SOL Wallet" }
  ],
  "manual": [
    { "token": "BTC", "amount": 0.5, "cost_basis": 30000 }
  ],
  "alerts": [
    { "token": "BTC", "above": 70000, "message": "BTC broke $70K!" },
    { "token": "ETH", "below": 2000, "message": "ETH dropped below $2K" }
  ]
}

Features

Portfolio Overview

bash scripts/portfolio.sh

Output:

📊 Portfolio — 31 Mar 2026

Wallet: Main (ethereum)
  0.5 ETH = $1,250.00
  1000 USDC = $1,000.00

Wallet: Trading (base)
  500 USDC = $500.00

Total: $2,750.00
24h Change: +$45.20 (+1.67%)

Price Tracking

bash scripts/price.sh BTC ETH SOL MATIC

Uses CoinGecko free API (no key, 30 calls/min).

Native Balance Check

# EVM chains (free public RPC)
bash scripts/check-wallet.sh 0xAddress ethereum|base|arbitrum|polygon|optimism

# Solana
bash scripts/check-wallet.sh SolAddress solana

P&L Calculation

bash scripts/pnl.sh

Compares current value vs cost basis (from portfolio.json manual entries or historical snapshots).

Price Alerts

bash scripts/alerts.sh

Checks configured alerts and outputs triggered ones. Run via cron for continuous monitoring.

Supported Chains

ChainRPCToken Standard
Ethereumetherscan free / public RPCERC-20
Basebasescan / public RPCERC-20
Arbitrumarbiscan / public RPCERC-20
Polygonpolygonscan / public RPCERC-20
Optimismoptimistic.etherscan / public RPCERC-20
Solanasolana mainnet-beta RPCSPL

Cron Integration

Add to OpenClaw cron for automated tracking:

Portfolio snapshot: bash ~/path/to/scripts/portfolio.sh --json >> ~/portfolio-history.jsonl
Price alerts: bash ~/path/to/scripts/alerts.sh

Data Sources

  • Prices: CoinGecko free API (no key, rate limited to 30/min)
  • EVM balances: Public RPCs or Etherscan free tier
  • Solana balances: solana CLI or public RPC
  • Token lists: CoinGecko token list

Limitations

  • CoinGecko free tier: 30 calls/min, no historical data beyond 1 year
  • Public RPCs may rate limit under heavy use
  • ERC-20 token detection requires known token list (top 500 by market cap)
  • For full token scanning, consider adding Moralis or Alchemy API keys

Comments

Loading comments...