← Back to Skills Marketplace
459
Downloads
0
Stars
2
Active Installs
7
Versions
Install in OpenClaw
/install meme-scanner
Description
基于 GMGN 官方 API 的 Meme 币扫链工具。自动扫描热门代币,进行 AI 评分与风险分析,并推送格式化通知。完全使用 GMGN API,数据准确可靠。
Usage Guidance
This skill appears to implement the advertised GMGN-based scanner, but contains an older v1 script that still includes a hard-coded Ave.ai API key and calls Ave.ai endpoints — despite SKILL.md claiming Ave.ai was removed. Before installing: 1) Ask the publisher why the v1 file and embedded AVE_API_KEY are present; remove or sanitize any embedded keys. 2) Only run this skill in an isolated environment (or sandbox/VM) because it asks you to start Chrome with remote debugging (ws://localhost:9222), which can expose your browser to remote commands. 3) Review and, if appropriate, delete the v1 script (or confirm its intended use). 4) Ensure required Python deps (websockets, aiohttp) are installed intentionally and verify the scripts’ network targets (gmgn.ai and, if v1 remains, ave-api.com). 5) If you don't trust the source or cannot confirm the Ave.ai key is expendable, do not install or run it. If you want higher confidence, request a clean release that only includes the v2 script, documents the Chrome/CDP requirement in metadata, and does not contain embedded secrets.
Capability Analysis
Type: OpenClaw Skill
Name: meme-scanner
Version: 2.0.0
The skill bundle is classified as suspicious due to the presence of a hardcoded API key for `prod.ave-api.com` in `scripts/meme_scanner.py` and the use of Chrome DevTools Protocol (CDP) to execute arbitrary JavaScript in a browser context to scrape `gmgn.ai`. While these high-risk capabilities and vulnerabilities (credential exposure) are plausibly aligned with the stated purpose of a cryptocurrency scanner, they introduce significant security risks. No evidence of intentional malice, data exfiltration, or harmful prompt injection was found in the analyzed files.
Capability Assessment
Purpose & Capability
The skill claims to be 'fully using GMGN official API' (v2) and the v2 script does call GMGN endpoints via CDP which is coherent. However the package contains an older v1 script that still calls Ave.ai and includes a hard-coded AVE_API_KEY constant. The registry metadata declares no required env vars or binaries, but the runtime actually requires a Chrome instance with remote debugging/extension (CDP). These mismatches (leftover Ave.ai usage and undeclared Chrome CDP requirement) are inconsistent with the stated purpose.
Instruction Scope
SKILL.md instructs the agent/user to start Chrome with remote debugging on port 9222 and connect OpenClaw to it (CDP) to bypass Cloudflare. The scripts then use the CDP to execute fetch() in the browser context. Requiring the user to run a remote browser and enabling CDP is a material runtime requirement that is not represented in metadata. The SKILL.md also references another skill's documentation (Token Analyzer) for setup, creating external dependencies and scope creep.
Install Mechanism
There is no install spec (instruction-only), which minimizes automated installation risk. However, the package does include two Python scripts that will be executed by the user/agent and require Python packages (websockets, aiohttp). SKILL.md mentions websockets but there is no explicit dependency installation step. The absence of an install step plus embedded scripts means a user/agent could run code without an explicit, auditable install process.
Credentials
Registry metadata declares no required environment variables, yet scripts contain a hard-coded AVE_API_KEY and AVE_API_BASE in the v1 script. Embedding a third‑party API key in the repository is unexpected and unnecessary for the v2 'GMGN-only' claim — this is an unexplained credential leak/leftover. The scripts also write to /root/.openclaw/workspace/scanned_tokens.json (workspace file) — that file access is reasonable for scan state but is a persistent local artifact to be aware of.
Persistence & Privilege
The skill does not request always:true and does not modify other skills or system settings. It reads and writes a single workspace file for scanned token state, which is proportional for its functionality. Agent autonomy (disable-model-invocation=false) is the platform default and not flagged here.
How to Use
- Make sure OpenClaw is installed (local or Docker)
- Run the install command in chat:
/install meme-scanner - After installation, invoke the skill by name or use
/meme-scanner - Provide required inputs per the skill's parameter spec and get structured output
Version History
v2.0.0
完全重构为使用 GMGN 官方 API,移除 Ave.ai 依赖,新增创建时间显示、Why Alpha 分析、Narrative Vibe 识别等功能
v1.1.0
修复:只推送 Early Score >= 8 的代币
v1.0.4
Reverted to JSON array output with ensure_ascii=False for reliable message parsing by sub-agent in cron tasks. This is a final fix attempt for Unicode escape and message delivery issues.
v1.0.3
Final attempt to fix Unicode escape issues in cron jobs by directly outputting TOOL_CODE_START/END from script.
v1.0.2
Reverted Early Score threshold to 8/10 for pushing notifications based on user feedback.
v1.0.1
Updated Early Score threshold to 9/10 for pushing notifications.
v1.0.0
Initial release with meme token scanning functionality.
Metadata
Frequently Asked Questions
What is Meme Scanner?
基于 GMGN 官方 API 的 Meme 币扫链工具。自动扫描热门代币,进行 AI 评分与风险分析,并推送格式化通知。完全使用 GMGN API,数据准确可靠。 It is an AI Agent Skill for Claude Code / OpenClaw, with 459 downloads so far.
How do I install Meme Scanner?
Run "/install meme-scanner" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.
Is Meme Scanner free?
Yes, Meme Scanner is completely free (open-source). You can download, install and use it at no cost.
Which platforms does Meme Scanner support?
Meme Scanner is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).
Who created Meme Scanner?
It is built and maintained by 0xshahai (@hanguang254); the current version is v2.0.0.
More Skills