ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

SUPAH NFT Intelligence

v1.3.0

NFT collection tracking, whale monitoring, and portfolio valuation for Base blockchain. Track floor prices, whale moves, and discover undervalued collections.

0· 110·1 current·1 all-time
by@supah-based
Security Scan
VirusTotalVirusTotal
Pending
View report →
OpenClawOpenClaw
Suspicious
medium confidence
Purpose & Capability
Name/description, network host (api.supah.ai), and the single required env var (SUPAH_API_BASE) align with an external NFT-data API. However, SKILL.md and registry require the binary 'curl' even though the bundled index.js only uses Node's https module, which is unnecessary and inconsistent. Version strings differ across files (registry 1.3.0, index.js prints v1.2.0, package.json 1.0.0) — likely sloppy maintenance but not necessarily malicious.
Instruction Scope
SKILL.md and index.js instruct outbound GETs to SUPAH_API_BASE (default https://api.supah.ai) for NFT floor, track, portfolio, and alerts. The instructions do not ask the agent to read local files or other env vars. The skill will transmit collection addresses and wallet addresses to the external API (expected for this purpose) — users should be aware that queries like portfolio valuation send wallet identifiers to the remote service.
Install Mechanism
No install spec (instruction-only), bundled Node script only; nothing downloaded from arbitrary URLs. Low installation risk.
Credentials
Only SUPAH_API_BASE is required, which is appropriate. However, the skill advertises x402 micropayments and contains a hard-coded payTo address in SKILL.md metadata — calls will incur on-chain USDC micropayments (per-call pricing listed). The skill doesn't require wallet keys (it relies on the platform's x402 client), so verify your agent/platform will handle/charge micropayments as described and that you accept charges going to the listed address.
Persistence & Privilege
always is false; skill does not request elevated or persistent privileges. It does not modify other skills or system configs.
What to consider before installing
This skill appears to be a straightforward wrapper around SUPAH's API and will send collection or wallet identifiers to https://api.supah.ai (or whatever SUPAH_API_BASE you set). Before installing: 1) confirm your agent/platform supports x402 micropayments and that you accept the per-call pricing and the hard-coded payTo address (0xD3B2eCfe77780bFfDFA356B70DC190C914521761); 2) be aware queries that value a wallet will transmit that wallet address to the external service; 3) the skill unnecessarily lists 'curl' as a required binary even though the shipped code uses Node — this is likely benign but indicates sloppy packaging; 4) source is listed as unknown/remote — if you need stronger assurance, verify the upstream project (https://github.com/supah-based/supah-nft-intelligence or https://supah.ai) and confirm package integrity and recent maintenance. If you cannot accept automatic micropayments or are uncomfortable sending wallet identifiers to the remote API, do not install.

Like a lobster shell, security has layers — review code before you run it.

Runtime requirements

🖼️ Clawdis
Binscurl, node
EnvSUPAH_API_BASE
latestvk976pc1htpftesrkc7m94my8ch83caf0
110downloads
0stars
4versions
Updated 4w ago
v1.3.0
MIT-0
@supah-based
latest
Download

SUPAH NFT Intelligence

NFT collection tracking, whale monitoring, and portfolio valuation for Base blockchain.

Description

Track NFT floor prices, monitor whale NFT moves, analyze rarity, and value your NFT portfolio with real-time analytics. Built on SUPAH's data pipeline which utilizes Moralis for NFT metadata indexing, ownership tracking, and transfer monitoring.

Features

  • Floor Price Tracking: Monitor collection floors
  • Whale NFT Moves: Alerts when whales buy/sell
  • Rarity Analysis: Instant rarity scoring for any NFT
  • Portfolio Valuation: Real-time NFT portfolio worth
  • Sale Alerts: Notifications for collection sales
  • Collection Analytics: Volume, holders, trends

Usage

  • "What's the floor price of [collection]?"
  • "Track this NFT collection: [address]"
  • "Value my NFT portfolio: [wallet]"
  • "Show whale NFT moves on Base"

Pricing

x402 USDC micropayments on Base — pay per call, no subscriptions.

ActionPriceWhat You Get
Floor price$0.01Current floor + 24h change
Rarity lookup$0.02Rarity score + rank for any NFT
Portfolio valuation$0.05Full NFT portfolio value
Collection analytics$0.03Volume, holders, trends
Whale NFT alerts$0.005/alertWhale buy/sell notifications

Your agent's x402-compatible HTTP client pays automatically. No API keys needed. How x402 works

Data Infrastructure

SUPAH's NFT intelligence is built on and utilizes Moralis for NFT data indexing — metadata, ownership history, transfer events, and collection-level analytics. SUPAH adds proprietary rarity scoring, whale detection, and valuation algorithms on top.

Data flow: Moralis (NFT metadata + transfers) → SUPAH Engine (rarity scoring + valuation) → x402 API → Your Agent

Links

License

MIT

Comments

Loading comments...