ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

NFT Monitor

v1.0.0

NFT 监控 - 实时追踪稀有 NFT 和价格异动

0· 125·0 current·0 all-time
by@dht9898-cell

Install

OpenClaw Prompt Flow

Install with OpenClaw

Best for remote or guided setup. Copy the exact prompt, then paste it into OpenClaw for dht9898-cell/nft-monitor.

Previewing Install & Setup.
Prompt PreviewInstall & Setup
Install the skill "NFT Monitor" (dht9898-cell/nft-monitor) from ClawHub.
Skill page: https://clawhub.ai/dht9898-cell/nft-monitor
Keep the work scoped to this skill only.
After install, inspect the skill metadata and help me finish setup.
Required binaries: curl
Use only the metadata you can verify from ClawHub; do not invent missing requirements.
Ask before making any broader environment changes.

Command Line

CLI Commands

Use the direct CLI path if you want to install manually and keep every step visible.

OpenClaw CLI

Bare skill slug

openclaw skills install nft-monitor

ClawHub CLI

Package manager switcher

npx clawhub@latest install nft-monitor
Security Scan
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Suspicious
medium confidence
!
Purpose & Capability
The name/description promise continuous, API-integrated NFT monitoring, but the package is instruction-only with no install/runtime implementation. It declares required binary 'curl' (reasonable for HTTP calls) but provides no concrete list of APIs/endpoints or credentials required. 'primaryEnv' set to 'bash' is not a valid environment-variable credential name and is inconsistent with the described purpose.
!
Instruction Scope
SKILL.md is high-level and vague: claims 7x24 automated execution and API integration but gives no commands, no cron/service setup, no target endpoints, and no guidance about what credentials to use. This vagueness grants the agent broad discretion (which APIs to call, what to post, what data to collect), increasing risk.
Install Mechanism
There is no install spec and no code files (instruction-only), which reduces direct risk of arbitrary downloads. However SKILL.md references 'clawhub install nft-monitor' but provides no details about what that does; the install step may be external and unknown to reviewers.
!
Credentials
The skill declares no required environment variables, yet metadata lists 'primaryEnv: bash' (nonsensical — 'bash' is not an env var/token name). Lack of declared credentials is inconsistent with the stated API integrations; a monitoring skill would normally require API keys or RPC endpoints. This mismatch is unexplained and concerning.
Persistence & Privilege
The skill is not flagged 'always: true' and follows the default (agent-invocable, can be used autonomously). There is no evidence it requests system-wide persistence or modifies other skills. The claim of continuous operation is unimplemented rather than privileged.
Scan Findings in Context
[no_regex_findings] expected: The static scanner found no code to analyze (instruction-only SKILL.md and README). That absence is expected for an instruction-only skill, but it means there is no programmatic behavior to validate — only the prose instructions to evaluate.
What to consider before installing
This skill's description promises automated, API-driven NFT monitoring, but it gives no concrete instructions, endpoints, or credential requirements and the metadata contains an invalid 'primaryEnv' value ('bash'). Ask the author for: (1) exact APIs/endpoints used and why, (2) what credentials the skill needs and how they are stored, (3) precise install and runtime instructions for the 24/7 behavior (service/crontab/container), and (4) clarification/fix of the 'primaryEnv' entry. Do not install unless you can confirm which external services it talks to and what secrets (if any) are required. If you must test, run in a restricted environment and monitor outbound network calls.

Like a lobster shell, security has layers — review code before you run it.

Runtime requirements

Binscurl
Primary envbash
latestvk979wtedqgwg6n08cxq9yqf4ch83fc40
125downloads
0stars
1versions
Updated 1mo ago
v1.0.0
MIT-0
@dht9898-cell
latest
Download

nft-monitor

NFT 监控 - 实时追踪稀有 NFT 和价格异动

价格:$250 USDC

功能特性

  • 自动化执行,7x24 小时运行
  • API 集成,支持主流平台
  • 配置灵活,易于定制
  • 实时监控,自动优化

安装方式

clawhub install nft-monitor

使用示例

详见文档

收益潜力

  • 预期月收益:$500-$((250 * 4))
  • 回本周期:1-2 个月
  • 边际成本:几乎为零

Comments

Loading comments...