← Back to Skills Marketplace
2663629531

Token Risk Explainer

by 2663629531 · GitHub ↗ · v0.1.0
cross-platform ⚠ suspicious
278
Downloads
0
Stars
2
Active Installs
1
Versions
Install in OpenClaw
/install token-risk-explainer-skill
Description
Explain crypto token risk in plain Chinese and English from Binance Web3 token audit and market metadata. Use this skill when users want a contract-level ris...
Usage Guidance
This skill otherwise looks coherent with its stated purpose, but be aware of these practical issues before installing: 1) Billing: by default the code uses a SkillPay billing client and will try to read SKILLPAY_APIKEY; if SKILLPAY_APIKEY is not set and SKILLPAY_BILLING_MODE is not set to 'noop' the skill will raise an error when it tries to bill. SKILL.md mentions SKILLPAY_APIKEY and SKILLPAY_PRICE_USDT but the registry metadata lists no required environment variables — treat that as a mismatch. 2) Network endpoints: the skill calls https://web3.binance.com (or whatever you set via BINANCE_WEB3_BASE_URL) to fetch token audits/meta and may call the SkillPay service (default https://skillpay.me) for billing. The data sent includes contract addresses and token metadata/audit results (not private keys), but it is transmitted to external services. 3) If you want to test safely, run the scripts in a sandbox and either (a) set SKILLPAY_BILLING_MODE=noop or (b) run with a known test SKILLPAY_APIKEY and SKILLPAY_BASE_URL pointed to a test endpoint. 4) If you require a guarantee that no billing/telemetry occurs, inspect or modify build_billing_client/maybe_bill to force noop billing. 5) The code is readable and doesn't request private wallet keys, but the environment var mismatch and implicit billing behavior are the main risks; if you rely on the registry metadata alone you could encounter runtime errors or unexpected external billing calls. If you want higher assurance, ask the author to update the declared required env vars and to document the CLI flags (e.g., --skip-billing) explicitly.
Capability Analysis
Type: OpenClaw Skill Name: token-risk-explainer-skill Version: 0.1.0 The token-risk-explainer-skill is a legitimate tool designed to analyze and report on cryptocurrency token risks using Binance Web3 API data. The codebase, including scripts/token_risk_explainer.py and scripts/web3_client.py, follows standard practices for API interaction, data processing, and risk scoring. While it includes a billing module (scripts/billing.py) that requires an API key (SKILLPAY_APIKEY), this is transparently documented and used solely for its stated purpose of processing usage charges. No evidence of data exfiltration, malicious execution, or prompt injection was found.
Capability Assessment
Purpose & Capability
Code and instructions align with the declared purpose: the scripts call a Binance Web3 API (default base URL https://web3.binance.com) to resolve tokens, fetch token metadata and audits, build risk factors, and produce bilingual summaries and community drafts. The included tests and FACTOR_COPY map support the stated behavior.
Instruction Scope
SKILL.md runtime commands are straightforward (run the Python script with explain/compare/watchlist/health). However the instructions and code reference environment variables and behavior not declared in the registry metadata: billing is performed via a SkillPay client that reads SKILLPAY_APIKEY (and optional SKILLPAY_BASE_URL, SKILLPAY_CHARGE_URL, SKILLPAY_CHARGE_PATH), and the web3 client reads BINANCE_WEB3_BASE_URL and BINANCE_HTTP_TIMEOUT_SEC. The SKILL.md mentions SKILLPAY_APIKEY and SKILLPAY_PRICE_USDT in a 'Billing Hook' section, but the top-level metadata claims no required env vars. At runtime, build_billing_client will raise a BillingError if SKILLPAY_BILLING_MODE is 'skillpay' (the default) and SKILLPAY_APIKEY is missing, so the skill can fail unless billing is skipped or mode set to noop. The code sends contract addresses and derived metadata to external endpoints (Binance Web3 and SkillPay) — expected for the purpose but worth noting.
Install Mechanism
There is no install spec; this is effectively an instruction-and-script bundle. Requirements include only 'requests' in requirements.txt. No arbitrary downloads, extract operations, or unusual installers are present. The provided publish script references a clawhub CLI (for publishing to a registry) but it is not required for runtime.
Credentials
The amount and type of environment variables read by the code are reasonable for the functionality (API base URL override, timeouts, and a billing API key). However the manifest claims 'Required env vars: none' while runtime billing requires SKILLPAY_APIKEY unless billing is disabled/skipped. Other env vars used but not documented in metadata include BINANCE_WEB3_BASE_URL, BINANCE_HTTP_TIMEOUT_SEC, SKILLPAY_BILLING_MODE, SKILLPAY_BASE_URL, SKILLPAY_CHARGE_URL, SKILLPAY_CHARGE_PATH, SKILLPAY_PRICE_USDT, and SKILLPAY_USER_REF. None of these require sensitive secrets except SKILLPAY_APIKEY, but that secret is required in the 'skillpay' billing mode and this requirement is not accurately reflected in the top-level metadata.
Persistence & Privilege
The skill does not request persistent 'always' inclusion and does not attempt to modify other skills or system configuration. It makes outbound HTTP requests (Binance Web3 and SkillPay) but does not request system-level privileges or access local secret stores beyond environment variables.
How to Use
  1. Make sure OpenClaw is installed (local or Docker)
  2. Run the install command in chat: /install token-risk-explainer-skill
  3. After installation, invoke the skill by name or use /token-risk-explainer-skill
  4. Provide required inputs per the skill's parameter spec and get structured output
Version History
v0.1.0
Initial public release
Metadata
Slug token-risk-explainer-skill
Version 0.1.0
License
All-time Installs 2
Active Installs 2
Total Versions 1
Frequently Asked Questions

What is Token Risk Explainer?

Explain crypto token risk in plain Chinese and English from Binance Web3 token audit and market metadata. Use this skill when users want a contract-level ris... It is an AI Agent Skill for Claude Code / OpenClaw, with 278 downloads so far.

How do I install Token Risk Explainer?

Run "/install token-risk-explainer-skill" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.

Is Token Risk Explainer free?

Yes, Token Risk Explainer is completely free (open-source). You can download, install and use it at no cost.

Which platforms does Token Risk Explainer support?

Token Risk Explainer is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).

Who created Token Risk Explainer?

It is built and maintained by 2663629531 (@2663629531); the current version is v0.1.0.

More Skills
self-improving agent
Captures learnings, errors, and corrections to enable continuous improvement. Use when: (1) A command or operation fails unexpectedly, (2) User corrects Clau...
⬇ 463283 · by pskoett
Skill Vetter
Security-first skill vetting for AI agents. Use before installing any skill from ClawdHub, GitHub, or other sources. Checks for red flags, permission scope, and suspicious patterns.
⬇ 259410 · by spclaudehome
Polymarket
Query Polymarket prediction markets. Check odds, find trending markets, search events, track price movements.
⬇ 232503 · by joelchance
Self-Improving + Proactive Agent
Self-reflection + Self-criticism + Self-learning + Self-organizing memory. Agent evaluates its own work, catches mistakes, and improves permanently. Use when...
⬇ 200423 · by ivangdavila
Github
Interact with GitHub using the `gh` CLI. Use `gh issue`, `gh pr`, `gh run`, and `gh api` for issues, PRs, CI runs, and advanced queries.
⬇ 191115 · by steipete
ontology
Typed knowledge graph for structured agent memory and composable skills. Use when creating/querying entities (Person, Project, Task, Event, Document), linkin...
⬇ 190156 · by oswalpalash

💬 Comments