ClawHub

SUPAH Wallet X-Ray

Instant wallet intelligence for any EVM address. Know who you're dealing with before you interact. Wallet age, transaction history, token holdings, DeFi acti...

MIT-0 · Free to use, modify, and redistribute. No attribution required.
0 · 24 · 1 current installs · 1 all-time installs
by@supah-based
MIT-0
Security Scan
VirusTotalVirusTotal
Pending
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
Name/description (wallet intelligence) align with required binaries (curl, node), the optional SUPAH_API_BASE env var, and the included wallet-xray.sh which calls api.supah.ai and ENS resolution services. Nothing requested is extraneous to on-chain wallet profiling.
Instruction Scope
Runtime instructions and the script only call external services needed for profiling (api.supah.ai and ENS resolve endpoint), parse JSON with node, and write a JSON result to /tmp/wallet-xray-result.json. This is within the advertised scope, but the script persists results to /tmp (local disk) which could contain sensitive data and be accessible to other processes/skills.
Install Mechanism
No install spec (instruction-only plus one script) — lowest-risk delivery. It depends on standard, reasonable binaries (curl, node) that are commonly available.
Credentials
Only SUPAH_API_BASE is declared (to override API endpoint). No API keys, tokens, or unrelated credentials are requested. Note: allowing SUPAH_API_BASE override means a user could point the skill at a different endpoint (benign for testing, but could be misused if set to an attacker-controlled server).
Persistence & Privilege
always:false and the skill does not modify system or other skills. However, the skill relies on the agent's x402 payment capability and will cause automatic $0.05 USDC payments per call; if the agent is allowed to invoke autonomously, this can result in repeated micropayments without further confirmation. The script also writes output to /tmp, creating local persisted files.
Assessment
This skill appears to do what it says: it queries api.supah.ai (and a public ENS resolver), parses the response, and writes results to /tmp. Before installing, consider: (1) Automatic micropayments — the skill charges $0.05 USDC per scan via x402; if your agent can call skills autonomously it could spend funds without additional confirmation. Ensure your agent wallet on Base has an appropriate balance and consider restricting autonomous spending or requiring confirmation. (2) SUPAH_API_BASE override — only set this to trusted endpoints; pointing it to an unknown server could redirect data. (3) Local persistence — results are written to /tmp/wallet-xray-result.json and may contain sensitive profiling data; if that worries you, clean /tmp after use or modify the script to avoid persistent storage. (4) Test first on non-sensitive addresses and verify the external domain (api.supah.ai) is trustworthy. If you need stricter guarantees, require user confirmation for each scan or sandbox the agent's payment capability.

Like a lobster shell, security has layers — review code before you run it.

Current versionv1.3.0
Download zip
latestvk973fd6wt2b5t9dhwct80drge983c7jb

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Runtime requirements

🔍 Clawdis
Binscurl, node
EnvSUPAH_API_BASE

SKILL.md

SUPAH Wallet X-Ray

Know who you're dealing with. Instantly.

Before you follow a trader, accept a payment, interact with a contract, or copy a trade — run their wallet through X-Ray. One address, full picture.

$0.05 USDC per scan — paid via x402 micropayment on Base. Your agent pays automatically per call. No API keys. Just USDC in your agent wallet on Base. How x402 works

What It Does

Wallet X-Ray builds a complete intelligence profile on any EVM address:

  1. Identity — ENS name, labels (exchange, contract, whale, fresh wallet)
  2. Wallet Age & Activity — First transaction, total txn count, activity frequency
  3. Holdings Snapshot — Top token holdings, ETH/native balance, portfolio value
  4. DeFi Fingerprint — Protocols used, LP positions, lending, staking activity
  5. Trading Track Record — Win rate, biggest wins/losses, average hold time
  6. Risk Assessment — Interaction with flagged contracts, mixer usage, dust attacks
  7. Network Analysis — Top counterparties, funding source, cluster detection

Returns a Trust Score (0-100) with labels: TRUSTED / NEUTRAL / SUSPICIOUS / DANGEROUS

Usage

Ask your agent naturally:

"Who is this wallet? 0xd8dA6BF26964aF9D7eEd9e03E53415D37aA96045"
"X-Ray this address: 0x..."
"Is this wallet safe to interact with?"
"What does vitalik.eth hold?"
"Profile this trader before I copy their trades"
"Check if this wallet is a bot or a real person"
"Show me the track record for 0x..."

Supported Chains

Base, Ethereum, BSC, Polygon, Arbitrum, Optimism, Avalanche, Fantom, Cronos, Gnosis, Celo, Moonbeam, zkSync Era, Linea, Scroll, Mantle, Blast, Mode, Manta, and more.

Example Output

🔍 SUPAH WALLET X-RAY
━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━

Address: 0xd8dA...6045
ENS: vitalik.eth
Chain: Ethereum
Label: 🐋 WHALE | PUBLIC FIGURE

TRUST SCORE: 95/100 🟢 TRUSTED

┌──────────────────────────────────┐
│ Wallet Age        ████████ 100  │
│ Activity Level    ████████ 95   │
│ Portfolio Health  ███████░ 90   │
│ Trading Record    ███████░ 85   │
│ Risk Flags        ████████ 100  │
│ Network Quality   ████████ 95   │
└──────────────────────────────────┘

📊 PROFILE:
  • Age: 3,421 days (9.4 years)
  • Total transactions: 1,247
  • Active chains: ETH, Base, Optimism, Arbitrum
  • Last active: 2 hours ago

💰 HOLDINGS (Top 5):
  • 812.4 ETH ($1.52M)
  • 2.1M USDC ($2.1M)
  • 500K UNI ($3.8M)
  • 1.2M ENS ($15.6K)
  • Various NFTs (CryptoPunks, ENS domains)

🏦 DeFi ACTIVITY:
  • Uniswap (frequent swaps)
  • Aave (lending positions)
  • ENS (domain registrations)

⚠️ FLAGS: None
✅ CLEAN: No mixer interactions, no flagged contracts

VERDICT: Established whale with long history. Safe to interact.

How It Works

The skill calls api.supah.ai via x402 USDC micropayments on Base. Your agent pays $0.05 per scan automatically — no API keys, no setup.

SUPAH's backend aggregates data from multiple sources:

  • Blockscout — Transaction history, wallet age, token holdings
  • DexScreener — Trading activity and token prices
  • GoPlusLabs — Malicious address detection, approval risks
  • Moralis — On-chain wallet indexing, token transfers, DeFi activity
  • ENS — Name resolution

SUPAH is built on and utilizes Moralis for real-time wallet data indexing, adding proprietary trust scoring, cluster analysis, and smart money classification on top.

All data fetched in parallel for speed (typically <8 seconds).

Requirements

  • curl — HTTP client (pre-installed on most systems)
  • node — Node.js v18+ runtime (for JSON parsing)
  • USDC on Base — Your agent wallet must hold USDC on Base network for x402 micropayments ($0.05/scan)
  • x402-compatible HTTP client — Payment happens automatically per call via the x402 protocol

Optional: Set SUPAH_API_BASE environment variable to override the default API endpoint (default: https://api.supah.ai).

Use Cases

  • Before copying a trader: Check their actual win rate and track record
  • Before accepting payment: Verify the sender isn't a flagged address
  • Before interacting with a contract: Check if the deployer is trustworthy
  • Due diligence on partners: Profile wallets before business deals
  • Whale watching: Identify and classify large wallets
  • Bot detection: Distinguish real traders from MEV bots

Install

clawhub install supah-wallet-xray

Files

3 total
Select a file
Select a file to preview.

Comments

Loading comments…