ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Ethereum L2 Analytics 以太坊L2分析

v1.0.0

以太坊 Layer 2 生态综合分析工具。提供 Optimism、Arbitrum、Base、zkSync、Starknet 等 Ethereum L2 协议的深度分析、TVL监控、技术对比、跨链桥分析和投资机会识别。当用户需要分析 Ethereum L2 生态、评估 Rollup 项目、监控 L2 资金流向、发...

0· 16·0 current·0 all-time
by@shenmeng
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
Capability signals
CryptoCan make purchases
These labels describe what authority the skill may exercise. They are separate from suspicious or malicious moderation verdicts.
VirusTotalVirusTotal
Pending
View report →
OpenClawOpenClaw
Suspicious
medium confidence
Purpose & Capability
The scripts (l2_ecosystem_monitor.py, project_evaluator.py) and reference docs align with an Ethereum L2 analytics tool. However, repository metadata (_meta.json) and a payment module (payment.py) indicate a paid access flow; SKILL.md does not clearly describe payment requirements or the external payment endpoints, creating a mismatch between declared entrypoint/instructions and the code/metadata.
!
Instruction Scope
SKILL.md instructs running local analysis scripts and describing how to query/compare L2s, but it does not mention calling a payment verification API or collecting wallet addresses. The included payment.py will POST user_address and a timestamp to api.skillpay.io if invoked — this external data transfer and potential requirement to pay is not documented in SKILL.md, giving the agent broad discretion if the payment module is invoked by runtime code.
Install Mechanism
No install spec is provided (instruction-only), and there are no third‑party install URLs. This minimizes install-time risk. The package includes Python scripts only and has no installer that would drop arbitrary binaries.
!
Credentials
The skill requests no environment variables, yet contains a hard-coded API key ('sk_f03aa8f8bbcf79f7aa11c112d904780f22e62add1464e3c41a79600a451eb1d2') present in both _meta.json and payment.py. For a paid skill it's reasonable to integrate a payment service, but embedding a secret in repository files rather than using a configured environment variable is disproportionate and risky. The payment module also transmits a user wallet address and timestamp to a third-party endpoint.
Persistence & Privilege
The skill does not request always:true, does not modify other skills, and does not declare persistent system-wide changes. Scripts write a report file to /tmp, which is normal for a monitoring script. There is no evidence of elevated privileges.
Scan Findings in Context
[hardcoded-api-key] unexpected: A SkillPay API secret is hard-coded in _meta.json and payment.py. While a payment integration may be expected, embedding the API key in repository files is insecure and unexpected — the key should be provided via platform config or an environment variable.
[outbound-network-call] expected: The payment module makes POST requests to https://api.skillpay.io/v1/verify and references https://pay.skillpay.io/ — outbound calls to a payment provider are expected for paid functionality, but SKILL.md does not mention this behavior or what data is sent (user wallet address and timestamp).
What to consider before installing
This skill mostly does what it says (local analysis scripts and reference docs), but there are two red flags you should consider before installing or running it: 1) Hard-coded payment key: The repository contains a SkillPay API key in _meta.json and payment.py. That key is public in the package and could be abused or leaked. Ask the author to remove embedded secrets and use a platform-configured or environment-only API key instead. If you control the platform, rotate any exposed key. 2) Undocumented external calls / payment flow: The payment.py module will POST a user wallet address and timestamp to api.skillpay.io for verification. SKILL.md does not document this requirement or when the verification is invoked. Confirm whether the skill will require payment at runtime, what data will be sent, and whether the platform enforces payment outside the skill. Practical steps: - Request the author to (a) remove hard-coded API keys, (b) document the payment flow in SKILL.md, and (c) make payment credentials configurable via environment variables managed by the platform. - If you must test now, run the skill in an isolated sandbox/container and do not provide real wallet addresses until the payment behavior is clarified. - Consider auditing or reviewing payment.py and _meta.json with the author, and ask the publisher to rotate the exposed key. Because these issues are not definitive proof of malicious intent but are non-trivial security/design problems, treat the skill as suspicious until the author fixes them or provides clear operational details.

Like a lobster shell, security has layers — review code before you run it.

latestvk9762tgq9gr1q4yctvct5pf30s846sq2

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

SKILL.md

Ethereum L2 Analytics - 以太坊 Layer 2 综合分析工具

全方位 Ethereum L2 生态分析平台,整合 Optimistic Rollup、ZK Rollup、侧链和新兴扩容方案。

核心模块

1. L2 协议全景

  • Optimistic Rollups: Arbitrum, Optimism, Base, Blast
  • ZK Rollups: zkSync Era, Starknet, Polygon zkEVM, Scroll
  • 侧链/Validium: Polygon PoS, Immutable X, Mantle
  • 新兴 L2: Linea, Taiko, Manta Pacific

2. 技术对比分析

  • 吞吐量 (TPS) 对比
  • 费用结构分析
  • 最终确定性时间
  • 去中心化程度评估
  • 安全性分析

3. 生态指标

  • TVL 排名与趋势
  • 活跃地址数
  • 日交易量
  • 开发者活动
  • 协议迁移情况

4. 跨链桥分析

  • 主要跨链桥 TVL
  • 资金流入流出
  • 桥的安全性评估
  • 费用与速度对比

5. 投资机会

  • L2 代币分析 (ARB, OP, STRK, ZK)
  • 生态项目早期发现
  • 流动性挖矿机会
  • 空投机会追踪

快速开始

基础查询

  • "分析以太坊 L2 生态现状"
  • "Arbitrum 和 Optimism 哪个更好"
  • "zkSync 最近怎么样"

深度分析

  • "对比 Optimistic 和 ZK Rollup 的技术优劣"
  • "评估 Base 链的投资价值"
  • "分析 L2 跨链桥资金流向"

机会发现

  • "有什么新的 Ethereum L2 项目值得关注"
  • "发现 L2 生态的空投机会"
  • "监控 L2 代币价格与生态发展相关性"

主要协议详解

Optimistic Rollups

Arbitrum One

类型: Optimistic Rollup
代币: ARB (治理)
TVL: ~$15B (2026年初)
TPS: ~40,000 (理论)
费用: ~$0.10-0.50
优势: 先发优势,生态最成熟
技术: Arbitrum Nitro (WASM 引擎)

Optimism (OP Mainnet)

类型: Optimistic Rollup
代币: OP (治理)
TVL: ~$8B (2026年初)
TPS: ~4,000 (理论)
费用: ~$0.10-0.30
优势: Superchain 愿景,Base 等基于 OP Stack
技术: OP Stack 模块化架构

Base

类型: Optimistic Rollup (基于 OP Stack)
代币: 无 (使用 ETH)
TVL: ~$3B (2026年初)
特点: Coinbase 背书,社交应用多
优势: 用户 onboarding 友好,Coinbase 生态整合

Blast

类型: Optimistic Rollup
代币: BLAST
特点: 原生收益,质押 ETH 自动生息
争议: 中心化程度高,多签控制
TVL: ~$2B (2026年初)

ZK Rollups

zkSync Era

类型: ZK Rollup (zkEVM)
代币: ZK
TVL: ~$1.5B (2026年初)
TPS: ~2,000
费用: ~$0.05-0.20
优势: zkEVM 兼容,用户体验好
技术: zk-SNARKs

Starknet

类型: ZK Rollup (非 EVM)
代币: STRK
TVL: ~$1B (2026年初)
TPS: ~1,000+
费用: ~$0.01-0.10
优势: 高性能 Cairo VM
挑战: 需适配 Cairo 语言

Polygon zkEVM

类型: ZK Rollup (zkEVM)
代币: MATIC/POL
TVL: ~$500M (2026年初)
特点: Polygon 生态 ZK 方案
优势: 与 Polygon PoS 互补

Scroll

类型: ZK Rollup (zkEVM)
代币: SCR (计划中)
TVL: ~$300M (2026年初)
特点: 社区驱动,开源优先
优势: 完全等效 EVM

侧链/Validium

Polygon PoS

类型: 侧链 (将向 ZK L2 转型)
代币: MATIC/POL
TVL: ~$4B (2026年初)
特点: 最早 L2 方案之一,生态丰富
转型: 升级为 zkEVM Validium

Mantle

类型: Optimistic L2 + 模块化 DA
代币: MNT
TVL: ~$500M (2026年初)
特点: 使用 EigenDA 降低数据成本

分析框架

ROLLUP 评估模型

  • Revenue - 费用收入与经济模型
  • Overhead - 运营成本与效率
  • Liquidity - 流动性与 TVL
  • Latency - 确认时间与用户体验
  • Users - 用户采用度
  • Protocols - 协议生态丰富度

技术对比维度

维度Optimistic RollupZK Rollup
最终确定性7 天挑战期立即确认
安全性经济安全密码学安全
兼容性完全 EVMzkEVM 或新 VM
费用较高较低
证明成本高计算成本
开发难度

参考资源

L2 协议数据库

查看 references/l2-protocols.md:

  • 主要协议技术参数对比
  • TVL 和采用数据
  • 生态项目列表
  • 技术路线图

跨链桥参考

查看 references/bridge-guide.md:

  • 主要跨链桥对比
  • 安全性评估
  • 费用与速度分析
  • 风险案例

空投指南

查看 references/airdrops.md:

  • L2 空投历史回顾
  • 潜在空投项目
  • 交互策略
  • 风险提示

分析脚本

L2 生态监控器

scripts/l2_ecosystem_monitor.py - 监控 Ethereum L2 生态指标:

python3 scripts/l2_ecosystem_monitor.py

技术对比工具

scripts/tech_comparator.py - 对比不同 L2 技术参数:

python3 scripts/tech_comparator.py --l1 arbitrum --l2 optimism

跨链桥分析器

scripts/bridge_analyzer.py - 分析跨链资金流向:

python3 scripts/bridge_analyzer.py --bridge across

项目评估器

scripts/project_evaluator.py - 评估 Ethereum L2 项目:

python3 scripts/project_evaluator.py --project base --depth full

使用场景详解

场景1: L2 生态概览

用户需求: 了解 Ethereum L2 整体发展状况

Skill 执行:

  1. 汇总各主要 L2 的 TVL、用户数、交易量
  2. 对比 Optimistic vs ZK Rollup 市场份额
  3. 分析技术发展趋势
  4. 提供生态全景报告

场景2: 特定 L2 深度分析

用户需求: 评估投资/使用某个特定 L2

Skill 执行:

  1. 技术架构分析
  2. 代币经济学评估 (如有代币)
  3. 生态项目分析
  4. 竞争格局评估
  5. 风险收益比计算

场景3: 跨链桥监控

用户需求: 监控 L2 与 L1 之间的资金流向

Skill 执行:

  1. 跟踪主要跨链桥的资金流入流出
  2. 识别异常资金流动
  3. 预警潜在风险
  4. 推荐最优跨链方案

场景4: 空投机会发现

用户需求: 发现 L2 空投机会

Skill 执行:

  1. 监控新 L2 项目上线
  2. 分析空投历史模式
  3. 推荐交互策略
  4. 风险提示

L2 代币分析

ARB (Arbitrum)

用途: 治理代币
市值: ~$10B
 FDV: ~$15B
用途: DAO 治理,投票决策
质押: 不可质押,纯治理
特殊: 无 gas 用途

OP (Optimism)

用途: 治理 + 委托治理
市值: ~$8B
 FDV: ~$12B
特殊: Agora 治理系统
收益: 委托给代表可获得收益

STRK (Starknet)

用途: 治理 + 支付 gas
市值: ~$5B
 FDV: ~$20B
特点: 可用于支付交易费用
质押: 未来可能支持

ZK (zkSync)

用途: 治理 + 质押
市值: ~$4B
 FDV: ~$18B
特点: 可质押保护网络
用途: 未来可用于排序器拍卖

风险提示

技术风险

  • 智能合约漏洞 (桥合约、L2 合约)
  • 排序器中心化风险
  • 数据可用性问题
  • 升级风险

市场风险

  • L2 代币高通胀
  • TVL 竞争加剧
  • 以太坊 L1 升级影响 (EIP-4844 等)
  • 用户流失到 Solana 等其他链

竞争风险

  • 以太坊 L1 扩容
  • 其他 L1 (Solana, Sui) 竞争
  • 模块化区块链 (Celestia)
  • 跨 L2 流动性碎片化

监管风险

  • SEC 对 L2 代币的监管态度
  • 稳定币监管影响 DeFi
  • 数据本地化要求

相关 Skill

  • bitcoin-l2-analytics - 比特币 L2 分析
  • solana-intelligence - Solana 生态分析
  • crypto-trend-analyzer - 宏观趋势分析
  • dex-price-monitor - DEX 价格监控

更新日志

  • v1.0.0 - 初始版本
    • 主要 Ethereum L2 协议分析
    • Optimistic vs ZK Rollup 对比
    • 跨链桥资金流向追踪
    • L2 代币分析
    • 空投机会发现

免责声明

⚠️ 风险提示:

  • L2 技术仍在快速发展中
  • 跨链桥存在安全风险
  • L2 代币价格波动剧烈
  • 空投无保证,交互可能无回报
  • 请根据自身风险承受能力做出投资决策

Files

7 total
Select a file
Select a file to preview.

Comments

Loading comments…