ClawHub

SUPAH Base Intelligence

v1.3.0

Comprehensive token intelligence for Base blockchain. Risk scores, whale tracking, signal analysis, and safety checks for any Base token. Powered by SUPAH 5-...

0· 86·1 current·1 all-time
by@supah-based
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Pending
View report →
OpenClawOpenClaw
Benign
medium confidence
Purpose & Capability
Name/description match the implemented behaviour: index.js implements token scans, safety checks, signals, wallet analysis by calling SUPAH API endpoints. Required binaries (node, curl) are reasonable. The only minor inconsistency: registry lists SUPAH_API_BASE as required but the code treats it as optional (it uses a default hostname). Version/repo/homepage fields differ across files but do not change behavior.
Instruction Scope
SKILL.md and code instruct only outward HTTPS API requests to SUPAH endpoints. There are no instructions to read local secrets, scan arbitrary files, or transmit data to unexpected hosts. The SKILL.md includes x402 micropayment metadata (payTo address) — the skill itself does not implement payments; it simply calls the API and reports a cost string.
Install Mechanism
No install spec is provided (instruction-only install), and included JavaScript uses only Node built-ins (https). There are no external downloads, no package installs with third‑party dependencies, and no archives from untrusted URLs.
Credentials
Only SUPAH_API_BASE is listed; the code uses it solely as an API hostname override. No secret tokens, private keys, or unrelated credentials are requested. The x402 payment metadata references a payTo address, but the skill doesn't require or handle private keys — payments are described as handled externally via an x402-compatible client.
Persistence & Privilege
always is false and the skill does not request elevated privileges or modify system/other-skill configuration. It performs transient outbound HTTPS calls only and exports simple functions for on-demand use.
Assessment
This skill is coherent with its stated purpose: it only makes HTTPS requests to SUPAH API endpoints and doesn't ask for secrets. Before installing: (1) verify the skill source/repository and that the payTo address in SKILL.md/clawhub.json matches SUPAH's official documentation if you plan to use x402 payments; (2) if you set SUPAH_API_BASE, ensure it points to a trusted host (otherwise the agent will call whatever hostname you provide); and (3) be aware that using the skill will cause outbound network requests and may trigger on‑chain x402 micropayments via your environment's x402 client — the skill itself does not hold or require private keys. If you need stronger assurance, confirm the package's upstream GitHub repo and check that api.supah.ai is the intended production endpoint.

Like a lobster shell, security has layers — review code before you run it.

latestvk9711j768s8rmxm5jm7yp21qf983d45t

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Runtime requirements

📊 Clawdis
Binscurl, node
EnvSUPAH_API_BASE

Comments