← Back to Skills Marketplace
SUPAH Portfolio Guardian
by
supah-based
· GitHub ↗
· v1.3.0
· MIT-0
123
Downloads
0
Stars
1
Active Installs
4
Versions
Install in OpenClaw
/install supah-portfolio-guardian
Description
Automated wallet monitoring with real-time alerts. Track portfolio value, detect suspicious transactions, monitor approvals, and get risk warnings across Bas...
Usage Guidance
Things to check before installing:
- Confirm the API host: SUPAH_API_BASE can redirect requests. If you don't want to override it, leave it unset so the skill uses the published default (api.supah.ai). Only set SUPAH_API_BASE to a host you trust.
- Micropayments: the skill embeds x402 payment metadata and a payTo address (0xD3B2...1761). Understand that use of the skill implies small automatic charges via your agent's x402-capable client; verify you are willing to pay and that your agent's payment client is configured securely.
- Local state: the skill stores watched wallets in ~/.supah-guardian-state.json. If you are concerned about revealing which wallets you monitor, run it in an isolated environment or inspect/redirect the state path.
- Unused requirement: SKILL.md lists 'curl' as required but the bundled code doesn't use it — this is likely harmless but indicates sloppy metadata.
- Verify upstream: the package.json lists a GitHub repo and the SKILL.md lists https://supah.ai and api.supah.ai. If you rely on this tool for real funds, verify the upstream project and maintainer legitimacy (website, repo activity, signed releases) before trusting payments or automated monitoring.
If you are uncomfortable with automatic micropayments or with an env var that could be repointed, run the skill in a sandboxed environment and review network traffic (or avoid setting SUPAH_API_BASE) before granting it network/payment privileges.
Capability Assessment
Purpose & Capability
Name/description align with the code: the JS calls a SUPAH API to fetch portfolio/risk data and offers watch/list/health/alerts operations. Requiring 'node' is appropriate. However SKILL.md/metadata also list 'curl' as a required binary while the packaged index.js does not call curl — this is an unnecessary/incorrect requirement. The metadata also includes x402 payment info (payTo address) which is coherent with the pricing claims but is an extra capability (payment) beyond pure read-only monitoring.
Instruction Scope
Runtime instructions and code only perform read-only queries to SUPAH endpoints and manage a local watched-wallets state file. The skill does not request private keys or other unrelated system data and explicitly states it does not store private keys. It does cause wallet addresses to be sent to the configured API endpoint (expected for this purpose).
Install Mechanism
There is no install spec — this is instruction+small JS utility only. The package has no external dependencies and does not download or extract remote archives. Low install risk.
Credentials
The skill declares a required SUPAH_API_BASE env var but the code falls back to a default ('api.supah.ai'), so the 'required' designation is inconsistent. SUPAH_API_BASE controls where wallet data is sent — if an operator sets it to a malicious host the skill would exfiltrate watched wallet addresses and requests there. The SKILL.md also embeds x402 payment metadata (payTo address) which implies the agent will be charged micropayments; this is coherent with the pricing statements but is a non-trivial capability (automatic payments) that should be explicitly approved by the user.
Persistence & Privilege
The tool writes/reads a state file at ~/.supah-guardian-state.json to store watched wallets and lastCheck. This is reasonable for a watchlist feature but is persistent data on the user's filesystem and could reveal watched wallet addresses to other local parties. The skill does not request system-wide privileges or modify other skills.
How to Use
- Make sure OpenClaw is installed (local or Docker)
- Run the install command in chat:
/install supah-portfolio-guardian - After installation, invoke the skill by name or use
/supah-portfolio-guardian - Provide required inputs per the skill's parameter spec and get structured output
Version History
v1.3.0
Removed all API key references, subscription pricing. x402 only.
v1.2.0
Security: declared required bins, env vars, outbound network, x402 payment details in metadata.
v1.1.0
x402 only: removed free tier, added Moralis attribution, standardized pricing
v1.0.0
Initial release: Position risk management and portfolio analysis. x402 micropayments.
Metadata
Frequently Asked Questions
What is SUPAH Portfolio Guardian?
Automated wallet monitoring with real-time alerts. Track portfolio value, detect suspicious transactions, monitor approvals, and get risk warnings across Bas... It is an AI Agent Skill for Claude Code / OpenClaw, with 123 downloads so far.
How do I install SUPAH Portfolio Guardian?
Run "/install supah-portfolio-guardian" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.
Is SUPAH Portfolio Guardian free?
Yes, SUPAH Portfolio Guardian is completely free, licensed under MIT-0. You can download, install and use it at no cost.
Which platforms does SUPAH Portfolio Guardian support?
SUPAH Portfolio Guardian is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).
Who created SUPAH Portfolio Guardian?
It is built and maintained by supah-based (@supah-based); the current version is v1.3.0.
More Skills