← Back to Skills Marketplace

Multichain Portfolio Tracker

Name: Multichain Portfolio Tracker
Author: jimmyclanker

by JimmyClanker · GitHub ↗ · v1.0.0 · MIT-0

cross-platform ⚠ suspicious

Downloads

Stars

Active Installs

Versions

Install in OpenClaw

/install multichain-portfolio-tracker

Description

Track multi-chain crypto portfolio with real-time prices, P&L, and alerts. Supports EVM (Ethereum, Base, Arbitrum, Polygon, Optimism), Solana, and manual ent...

Usage Guidance

This skill appears to implement what it claims, but before installing or running it: (1) understand that the scripts query public RPC providers and CoinGecko — those external services will receive the wallet addresses and token symbols you check (they can log requests and IPs). If you care about privacy, replace the hard-coded RPC URLs with your own RPC provider or a private node. (2) The SKILL.md mentions pnl.sh but that file is missing — expect limited P&L functionality until you add/implement it. (3) Inspect the scripts locally (they are simple bash/python) and run them in a restricted environment if you are unsure. (4) If you want to avoid third-party logging entirely, configure trusted RPC endpoints or API keys that you control. If you want me to, I can point out exactly which lines to change to swap in custom RPC URLs or remove any specific endpoint.

Capability Analysis

Type: OpenClaw Skill Name: multichain-portfolio-tracker Version: 1.0.0 The skill bundle contains multiple command and script injection vulnerabilities where user-controlled data from 'portfolio.json' is passed unsanitized into shell commands and Python execution strings. Specifically, in 'scripts/alerts.sh', 'scripts/check-wallet.sh', and 'scripts/portfolio.sh', variables like token symbols, addresses, and chain names are embedded directly into 'python3 -c' calls or heredocs, allowing for arbitrary code execution if the configuration file is populated with malicious payloads (e.g., via prompt injection against the agent). While the tool appears to be a legitimate crypto tracker using public APIs (CoinGecko) and RPCs (LlamaRPC, Solana), the lack of input sanitization poses a significant security risk.

Capability Assessment

ℹ Purpose & Capability

Name/description match what the files implement: price checks, wallet balance queries, portfolio aggregation, and alerts. The scripts operate without requiring API keys which matches the README. Minor inconsistency: SKILL.md references a pnl.sh script for P&L calculation but no pnl.sh is present in the supplied manifest.

⚠ Instruction Scope

Scripts read a local portfolio.json (expected) and call external services (CoinGecko and several public RPC endpoints). Those network calls will send wallet addresses and requested token symbols to third-party endpoints (e.g., eth.llamarpc.com, mainnet.base.org, api.coingecko.com), which can log IPs and queried addresses—this is a privacy/exfiltration risk not called out in the README. Otherwise the instructions limit themselves to the task and do not attempt to read unrelated files or credentials.

✓ Install Mechanism

Instruction-only skill with no install spec; scripts run using system bash/python3. No downloads or archive extraction are performed by the skill itself.

ℹ Credentials

No environment variables or credentials are requested, which is proportional. However the hard-coded use of third-party RPC endpoints (not locally controlled) means sensitive data (wallet addresses and IPs) will be sent to those providers; consider whether you trust those endpoints or want to substitute your own RPC URLs.

✓ Persistence & Privilege

The skill is user-invocable and not always-enabled. It does not attempt to modify other skills or system settings and does not request persistent presence.

How to Use

Make sure OpenClaw is installed (local or Docker)
Run the install command in chat: /install multichain-portfolio-tracker
After installation, invoke the skill by name or use /multichain-portfolio-tracker
Provide required inputs per the skill's parameter spec and get structured output

Version History

v1.0.0

Initial release: multi-chain portfolio tracking with real-time CoinGecko prices, wallet balance checks (EVM + Solana), price alerts, P&L calculation. No API keys needed.

Metadata

Slug multichain-portfolio-tracker

Version 1.0.0

License MIT-0

All-time Installs 0

Active Installs 0

Total Versions 1

Frequently Asked Questions

What is Multichain Portfolio Tracker?

Track multi-chain crypto portfolio with real-time prices, P&L, and alerts. Supports EVM (Ethereum, Base, Arbitrum, Polygon, Optimism), Solana, and manual ent... It is an AI Agent Skill for Claude Code / OpenClaw, with 84 downloads so far.

How do I install Multichain Portfolio Tracker?

Run "/install multichain-portfolio-tracker" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.

Is Multichain Portfolio Tracker free?

Yes, Multichain Portfolio Tracker is completely free, licensed under MIT-0. You can download, install and use it at no cost.

Which platforms does Multichain Portfolio Tracker support?

Multichain Portfolio Tracker is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).

Who created Multichain Portfolio Tracker?

It is built and maintained by JimmyClanker (@jimmyclanker); the current version is v1.0.0.

More Skills