BSC Analytics BSC生态分析
v1.0.0币安智能链 (BSC) 生态综合分析工具。提供 BSC DeFi 协议分析、链上数据监控、项目评估、投资机会发现和风险预警。当用户需要分析 BSC 生态、评估 BSC 项目、监控链上数据、发现 BNB Chain 投资机会或获取币安链情报时触发此 Skill。
⭐ 0· 15·0 current·0 all-time
MIT-0
Security Scan
Capability signals
These labels describe what authority the skill may exercise. They are separate from suspicious or malicious moderation verdicts.
OpenClaw
Suspicious
high confidencePurpose & Capability
The declared purpose is BSC/DeFi analytics which is coherent with the provided analysis and calculator scripts. However, the package also contains a payment module and an API key embedded in _meta.json and payment.py — a capability (remote payment verification) that is not documented in SKILL.md usage sections nor declared as a required credential. Embedding a payment API key in code is disproportionate to the analytics purpose and unexpected.
Instruction Scope
SKILL.md documents running local analysis scripts (monitor, evaluator, yield calculator) and does not instruct the agent to call the payment API. The repository contains payment.py which issues network requests to https://api.skillpay.io with an Authorization header; that network behaviour is not surfaced in SKILL.md and could be invoked by the skill at runtime, leading to transmission of user wallet addresses and timestamps to a third party.
Install Mechanism
No install spec is provided (instruction-only install), and included scripts are plain Python files. There is no third-party binary download or archive extraction. Risk from install mechanism is low.
Credentials
The skill declares no required environment variables, yet contains a hard-coded secret API key (appearing both in _meta.json.pricing.apiKey and payment.py). This secret will be used to authenticate requests to a third-party payment service and may be used to verify user addresses — a privacy and credential-exposure concern. The skill also supports SKILLPAY_SKIP_VERIFICATION via an env var, but that is a developer/testing bypass and does not justify shipping hard-coded credentials.
Persistence & Privilege
This skill is not always-enabled and does not request elevated platform privileges. It writes temporary output to /tmp in the monitor script (non-privileged) and does not modify other skills or global configuration.
Scan Findings in Context
[hardcoded_api_key] unexpected: A secret API key (sk_...) is present in both _meta.json.pricing.apiKey and payment.py and is used to call https://api.skillpay.io/v1/verify. An analytics skill does not reasonably need a hard-coded third-party payment API key embedded in its repository.
What to consider before installing
What to consider before installing:
- The code is mostly benign analytics (monitoring, evaluator, yield calc) and matches the BSC-analytics description, but pay attention to payment.py and _meta.json: they contain a hard-coded SkillPay API key that will be sent to https://api.skillpay.io when verify_payment is called. That can leak the key and transmit user wallet addresses/timestamps to a third party.
- If you do not want any external network calls or data sent to SkillPay, do not install or run this skill as-is. Ask the author why a payment API key is embedded instead of requiring an environment variable and why SKILL.md does not disclose payment enforcement.
- If you still want to use the analytics logic: (1) Inspect/grep the code; (2) Remove or rewrite payment.py, or replace the hard-coded key with a configuration that you control (ENV var); (3) Run in an isolated environment (no network) or with outbound network blocked until you validate behaviour; (4) Do not provide wallet addresses or sensitive info until you trust the payment endpoint.
- Consider requesting the publisher to (a) remove secrets from source and declare payment requirements in SKILL.md, (b) document when and how payment verification occurs, and (c) provide an option to run analytics in offline/free mode.
- If you cannot verify the author or the SkillPay endpoint, treat the embedded API key as compromised and avoid using the skill with real wallet info.Like a lobster shell, security has layers — review code before you run it.
latest
License
MIT-0
Free to use, modify, and redistribute. No attribution required.
SKILL.md
BSC Analytics - 币安智能链生态分析工具
全方位 BSC (BNB Chain) 生态分析平台,覆盖 DeFi、NFT、GameFi 等主要赛道,提供深度协议分析、链上监控和投资机会识别。
核心模块
1. BSC 生态概览
- DeFi 生态: PancakeSwap, Venus, Alpaca, Biswap
- 流动性质押: Ankr, Stader, pSTAKE
- 衍生品: ApolloX, BinaryX, Helmet
- GameFi: MOBOX, Tiny World, Thetan Arena
- NFT: Element, NFTb, Rareboard
2. 链上数据分析
- TVL 趋势与分布
- 交易量与活跃地址
- Gas 费用分析
- 智能合约部署
- BNB 质押数据
3. 协议深度分析
- PancakeSwap (DEX 龙头)
- Venus (借贷协议)
- Alpaca Finance (杠杆挖矿)
- Biswap (多奖励 DEX)
- Beefy Finance (收益聚合)
4. 项目评估
- BISCUIT 评估框架
- 合约安全审计
- 团队背景调查
- 代币经济学分析
- 风险评估
5. 投资机会
- 高收益农场
- 新协议发现
- IDO/IFO 机会
- 空投机会
- 套利机会
快速开始
基础查询
- "分析 BSC 生态现状"
- "PancakeSwap 最近怎么样"
- "有什么好的 BSC 挖矿机会"
深度分析
- "评估 Venus 的投资价值"
- "分析 BSC 上的新项目"
- "对比 BSC 和 Ethereum L2"
监控设置
- "监控 BSC TVL 变化"
- "追踪 BSC 巨鲸地址"
- "设置价格预警"
BSC 生态详解
核心指标 (2026年初)
总锁仓价值 (TVL): ~$4.2B
日交易量: ~$800M
日活跃地址: ~1.2M
BNB 价格: ~$600
平均 Gas 费用: ~$0.05
出块时间: 3 秒
TPS: 160
BNB Chain 架构
共识机制: PoSA (Proof of Staked Authority)
验证者: 21 个活跃验证者
质押要求: 10,000 BNB
跨链桥: BSC Bridge, Celer, Multichain
EVM 兼容: 100% 兼容
开发语言: Solidity
DeFi 生态图谱
DEX (去中心化交易所)
| 协议 | TVL | 特点 | 代币 |
|---|---|---|---|
| PancakeSwap | $2.5B | V3 AMM, 彩票, IFO | CAKE |
| Biswap | $200M | 交易挖矿, 三币奖励 | BSW |
| ApeSwap | $80M | 跨链 DEX, 债券 | BANANA |
| DODO | $50M | PMM 算法, 零滑点 | DODO |
借贷协议
| 协议 | TVL | 特点 | 代币 |
|---|---|---|---|
| Venus | $1.2B | 算法稳定币 VAI, 合成资产 | XVS |
| Radiant | $300M | 跨链借贷 | RDNT |
| Cream | $50M | Iron Bank | CREAM |
收益聚合
| 协议 | TVL | 特点 | 代币 |
|---|---|---|---|
| Beefy Finance | $400M | 自动复利, 多链 | BIFI |
| Autofarm | $150M | 自动优化 | AUTO |
| Yearn | $100M | 策略聚合 | YFI |
流动性质押
| 协议 | TVL | 特点 | 代币 |
|---|---|---|---|
| Ankr | $200M | ankrBNB 流动性 | ANKR |
| Stader | $150M | BNBx 质押 | SD |
| pSTAKE | $80M | stkBNB | PSTAKE |
衍生品
| 协议 | TVL | 特点 | 代币 |
|---|---|---|---|
| ApolloX | $100M | 永续合约 | APX |
| Level Finance | $80M | 去中心化永续 | LVL |
| Gammaswap | $30M | 无常损失对冲 | GS |
分析框架
BISCUIT 评估模型
- Bridges - 跨链桥安全
- Innovation - 创新性
- Security - 安全审计
- Community - 社区活跃度
- Utility - 实用性
- Incentives - 激励机制
- Team - 团队背景
风险评估维度
| 维度 | 高 | 中 | 低 |
|---|---|---|---|
| 合约风险 | 未审计 | 部分审计 | 多重审计 |
| 团队风险 | 匿名 | 半匿名 | 实名 KYC |
| 流动性风险 | 低 TVL | 中等 TVL | 高 TVL |
| 桥接风险 | 第三方桥 | 官方桥 | 原生资产 |
| 治理风险 | 中心化 | 半去中心化 | DAO 治理 |
参考资源
BSC 协议数据库
查看 references/protocol-database.md:
- 完整协议列表
- TVL 和历史数据
- 合约地址
- 审计报告链接
链上数据参考
查看 references/chain-metrics.md:
- 主要地址监控
- 巨鲸地址列表
- 合约交互数据
- Gas 趋势分析
投资机会指南
查看 references/investment-guide.md:
- 高收益策略
- 风险收益比分析
- 新协议发现方法
- 空投攻略
分析脚本
BSC 监控器
scripts/bsc_monitor.py - 监控 BSC 链上数据:
python3 scripts/bsc_monitor.py --metric tvl
协议分析器
scripts/protocol_analyzer.py - 深度分析特定协议:
python3 scripts/protocol_analyzer.py --protocol pancakeswap
项目评估器
scripts/project_evaluator.py - 评估 BSC 项目:
python3 scripts/project_evaluator.py --contract 0x...
收益计算器
scripts/yield_calculator.py - 计算挖矿收益:
python3 scripts/yield_calculator.py --farm pancakeswap --amount 1000
使用场景详解
场景1: BSC 生态概览
用户需求: 了解 BSC 整体发展状况
Skill 执行:
- 汇总 TVL、交易量、活跃地址
- 分析各赛道发展情况
- 对比其他链 (Ethereum L2, Solana)
- 提供生态健康度评估
场景2: 协议深度分析
用户需求: 评估投资/使用某个 BSC 协议
Skill 执行:
- 协议架构分析
- 代币经济学评估
- 安全审计审查
- 竞争格局评估
- 收益风险比计算
场景3: 收益机会发现
用户需求: 发现高收益挖矿/质押机会
Skill 执行:
- 扫描主要协议 APY
- 分析风险等级
- 计算实际收益 (考虑无常损失等)
- 推荐优化策略
场景4: 新项目评估
用户需求: 评估 BSC 上的新协议
Skill 执行:
- 合约代码审查
- 团队背景调查
- 代币分配分析
- 风险评估
- 投资建议
BNB 质押策略
直接质押
平台: BNB Chain 官方质押
收益: ~3-5% APY
要求: 至少 1 BNB
风险: 极低
优势: 支持网络安全
流动性质押
平台: Ankr, Stader, pSTAKE
收益: 3-5% (质押) + DeFi 收益
代币: ankrBNB, BNBx, stkBNB
优势: 保持流动性
风险: 智能合约风险
杠杆质押
平台: Alpaca Finance
收益: 10-30% APY (杠杆后)
机制: 借贷循环质押
风险: 清算风险
适合: 专业用户
PancakeSwap 深度解析
V3 特性
集中流动性:
- 自定义价格区间
- 提高资本效率
- 无常损失优化
多费用等级:
- 0.01% (稳定币)
- 0.05% (常规)
- 0.25% (主流)
- 1% (长尾)
附加功能:
- 彩票系统
- IFO (首次农场发行)
- 糖浆池
- 预测市场
CAKE 代币经济
总量: 无上限 (通缩模型)
销毁机制:
- 交易费 0.05% 用于回购销毁
- 彩票 20% 用于销毁
- IFO 100% 用于销毁
质押收益:
- 糖浆池: 多种代币奖励
- 锁仓 CAKE: 最高 2x boost
Venus 协议分析
机制
借贷市场:
- 超额抵押借贷
- 支持 20+ 资产
- 动态利率模型
VAI 稳定币:
- 算法稳定币
- 抵押 BNB/BUSD 铸造
- 锚定 1 USD
清算机制:
- 健康因子监控
- 自动清算
- 10% 清算奖励
XVS 代币
用途:
- 治理投票
- 质押奖励
- 协议收益分享
分配:
- 借贷挖矿: 35%
- 流动性挖矿: 35%
- 生态基金: 30%
风险提示
常见风险
- Rug Pull: 新协议常见,注意团队背景
- 闪电贷攻击: 预言机操控风险
- 跨链桥风险: 多签/合约漏洞
- 无常损失: AMM 流动性提供风险
- 治理攻击: 低流动性代币治理风险
BSC 特有风险
- 中心化: 21 个验证者,存在审查风险
- MEV: 验证者可提取价值
- 桥接延迟: 跨链桥提现可能需要时间
- 监管: 币安相关监管风险
安全最佳实践
- 使用硬件钱包
- 小额测试后再大额投入
- 关注官方安全公告
- 定期检查授权
- 分散投资降低风险
相关 Skill
multi-chain-monitor- 多链综合监控ethereum-l2-analytics- Ethereum L2 分析solana-intelligence- Solana 生态分析dex-price-monitor- DEX 价格监控whale-alert-monitor- 巨鲸监控
更新日志
- v1.0.0 - 初始版本
- BSC 生态全景分析
- PancakeSwap / Venus / Alpaca 深度解析
- BISCUIT 项目评估框架
- 收益计算器
- 风险预警系统
免责声明
⚠️ 风险提示:
- BSC 协议存在智能合约风险
- 高收益通常伴随高风险
- 无常损失可能侵蚀收益
- 跨链桥存在安全风险
- 请根据自身风险承受能力做出投资决策
Files
6 totalSelect a file
Select a file to preview.
Comments
Loading comments…