ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Solana Monitor Pro

v1.0.0

Real-time Solana data monitoring with token prices, alerts via Telegram/email, whale transfers, liquidity pools, and new token discovery.

0· 13·0 current·0 all-time
by@chungvic·duplicate of @chungvic/solana-whale-tracker-pro
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Suspicious
medium confidence
Purpose & Capability
The name/description (price, whale, alerts via Telegram/email) align with the provided Python modules: price_monitor.py, whale_monitor.py and notifier.py implement those features. Nothing in the code tries to perform functionality unrelated to monitoring/notification.
!
Instruction Scope
SKILL.md and README instruct creating config/config.yaml or a .env with TELEGRAM_BOT_TOKEN, SMTP credentials and show CLI/python usage. However the included scripts do not parse a YAML config or load environment variables (no yaml or dotenv imports), and notifier.py expects credentials to be passed programmatically. README also documents an HTTP API (localhost:8000) that is not present in the repository. These discrepancies mean following the instructions as-written will not configure the code correctly and could cause users to put secrets in files the code doesn't actually read.
Install Mechanism
There is no install spec (instruction-only skill) and dependencies are limited to requests/python-dotenv in requirements.txt. The use of python-dotenv in requirements is not reflected in code (dotenv is never imported), so the requirements file contains at least one unnecessary dependency. No external binaries or remote downloads are used by the skill package.
!
Credentials
Registry metadata declares no required env vars or primary credential, but documentation instructs the user to supply sensitive credentials (Telegram bot token, Telegram chat id, sender_email and sender_password). Those credentials are appropriate for the features but they are not declared in metadata and the code does not automatically load them from .env/config files. That mismatch increases the chance users will mishandle secrets (e.g., paste credentials into the wrong place).
Persistence & Privilege
always:false and default agent invocation settings are used. The skill does not request persistent system-wide changes or claim to modify other skills. Risk from autonomous invocation exists as with any skill, but no elevated persistence is requested.
What to consider before installing
This package implements exactly the monitoring features it claims, but there are notable inconsistencies you should address before trusting it with secrets: - The metadata declares no required credentials, yet the README/SKILL.md ask you to provide TELEGRAM_BOT_TOKEN, TELEGRAM_CHAT_ID and SMTP credentials. Those are reasonable for notifications but the mismatch means the registry won't warn you about the required secrets. Treat those as mandatory sensitive inputs. - The code never imports dotenv or a YAML parser, but documentation instructs creating .env or config/config.yaml. That means the scripts expect credentials to be passed programmatically (e.g., NotificationManager.setup_telegram(...)) and will not automatically read the files described. Don't assume placing secrets into config/config.yaml will be used. - requirements.txt lists python-dotenv but the code doesn't use it; this is an indicator of sloppy packaging. Also README references an HTTP API (localhost:8000) and API endpoints that are not in the repository — another mismatch. - The external network endpoints contacted are public and expected for this purpose: CoinGecko (https://api.coingecko.com), Solana RPC (https://api.mainnet-beta.solana.com) and Telegram API. The code does not include any obfuscated URLs or unexpected remote download behavior. Recommendations before installing/using: - Inspect and run the code in an isolated environment (container or VM). - Do not paste credentials into global files until you confirm the code reads them where you place them. Prefer creating and passing credentials at runtime, or modify the code to load .env/config securely. - Replace the public SMTP password with an app-specific credential and restrict mailbox access; prefer a dedicated notification account. - Verify the author/source (registry owner is not a known vendor and homepage is missing). If you need guarantees, request provenance or a signed release. - If you plan to allow autonomous agent invocation with this skill, be aware the agent could use configured notification channels to exfiltrate data (e.g., send messages/emails). Ensure notification channels are dedicated and monitored. Given the coherence of functionality but multiple mismatches and packaging sloppiness, the package is suspicious rather than clearly benign. If you want a clean setup, ask the maintainer for clarified config-loading behavior and a minimal, accurate requirements file.

Like a lobster shell, security has layers — review code before you run it.

latestvk97ftyr1j89jgeprjyaztqvcz9847g8cmonitorvk97ftyr1j89jgeprjyaztqvcz9847g8csolanavk97ftyr1j89jgeprjyaztqvcz9847g8cwhalevk97ftyr1j89jgeprjyaztqvcz9847g8c

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

SKILL.md

Solana Monitor - OpenClaw 技能

版本: v0.1.0
状态: 开发中
作者: VIC ai-company

📋 技能说明

实时监控 Solana 生态数据,包括:

  • 📊 代币价格(CoinGecko API)
  • 🔔 价格警报(Telegram/邮件)
  • 🐋 大额转账追踪
  • 💧 流动性池监控
  • 🆕 新代币发现

🎯 使用场景

DeFi 交易者

  • 设置价格警报,不错过买卖点
  • 监控巨鲸动向,跟随聪明钱
  • 追踪流动性变化,避免 Rug Pull

NFT 交易者

  • 监控地板价变化
  • 追踪大额 NFT 交易
  • 发现新上线项目

项目方

  • 监控竞争对手数据
  • 追踪代币持有者分布
  • 市场情绪分析

📦 安装

# 在 OpenClaw 中
openclaw skills install solana-monitor

或手动安装:

cd /workspace/skills/solana-monitor
pip install -r requirements.txt

🔧 配置

创建配置文件 config/config.yaml

# 监控设置
monitoring:
  check_interval: 60  # 检查间隔(秒)
  price_delay: 5      # 价格延迟(秒)

# 警报设置
alerts:
  enabled: true
  channels:
    - telegram
    - email

# Telegram 配置
telegram:
  bot_token: YOUR_BOT_TOKEN
  chat_id: YOUR_CHAT_ID

# Email 配置
email:
  smtp_server: smtp.gmail.com
  smtp_port: 587
  sender_email: your@gmail.com
  sender_password: YOUR_APP_PASSWORD

💻 使用示例

Python 调用

from scripts.price_monitor import PriceMonitor
from scripts.notifier import NotificationManager

# 初始化
monitor = PriceMonitor()
notifier = NotificationManager()

# 获取价格
sol_price = monitor.get_sol_price()
print(f"SOL: ${sol_price:.2f}")

# 设置警报
monitor.check_price_alert('solana', 90.0, 'above')

命令行

# 运行监控
python scripts/price_monitor.py

# 测试通知
python scripts/notifier.py

📊 定价

版本价格功能
免费$03 代币 + 5 警报
基础版$19/月20 代币 + 20 警报
专业版$49/月无限 + API
企业版$199/月定制 + SLA

🚧 开发路线图

  • 价格监控模块
  • 通知系统
  • 大额转账监控
  • 流动性监控
  • Web 仪表板
  • API 开放

最后更新: 2026-03-01
状态: 开发中(MVP 阶段)

Files

7 total
Select a file
Select a file to preview.

Comments

Loading comments…