← 返回 Skills 市场

Agent Onchain Watch

Name: Agent Onchain Watch
Author: jinu4you

作者 jinu4you · GitHub ↗ · v1.0.1

cross-platform ⚠ suspicious

289

总下载

当前安装

版本数

在 OpenClaw 中安装

/install agent-onchain-watch

功能描述

지갑 및 컨트랙트 온체인 활동 모니터링 및 요약 에이전트

使用说明 (SKILL.md)

🔗 OnchainWatch Agent

Etherscan API를 활용하여 특정 지갑의 잔액, 트랜잭션, 토큰 이동을 추적하고 리스크를 탐지합니다.

Features

자산 추적: ETH 잔액 및 ERC-20 토큰 이동 내역 조회
리스크 탐지: 고액 송금, 이상 빈도 거래 등 자동 감지
요약 리포트: 온체인 데이터를 이해하기 쉬운 마크다운으로 요약

Usage

ACP Job Payload:

{
  "address": "0xd8dA6BF26964aF9D7eEd9e03E53415D37aA96045",
  "chain": "ethereum"
}

安全使用建议

This skill contains a full TypeScript implementation but the registry claims 'instruction-only' and lists no required credentials—that mismatch is the main red flag. Before installing or running it: 1) Expect to run `npm install` / build; do this in an isolated environment (container) rather than on a production host. 2) Review or provide only scoped API keys: ETHERSCAN_API_KEY (required for real data) and a single LLM key (GROQ_API_KEY or ANTHROPIC_API_KEY or GOOGLE_API_KEY). Avoid reusing high-privilege keys. 3) Note the code loads a .env file from the package; ensure it won't accidentally read sensitive host-level .env files. 4) Be aware transaction data and addresses will be sent to third-party LLM endpoints—if privacy is a concern, don't provide sensitive addresses or run with mock mode (omit ETHERSCAN_API_KEY). 5) Ask the publisher for corrected metadata (declare required env vars and an install spec) or request a packaged release from a known homepage/source before trusting the skill. If you want, I can list the exact lines that read env vars and call external APIs to help you audit them.

功能分析

Type: OpenClaw Skill Name: agent-onchain-watch Version: 1.0.1 The OnchainWatch Agent is a legitimate tool designed to monitor Ethereum wallet activity and generate summaries using LLMs. The code in 'src/fetcher.ts' and 'src/analyzer.ts' correctly implements data retrieval from Etherscan and applies basic risk-detection logic (e.g., flagging high-value transactions). The LLM integration in 'src/llm/' uses standard SDKs and REST APIs for Groq, Anthropic, and Gemini without any signs of prompt injection, data exfiltration, or unauthorized command execution. The inclusion of a mock agent in 'src/index.ts' is for development testing and contains no harmful behavior.

能力评估

⚠ Purpose & Capability

The skill's stated purpose (on-chain monitoring and summarization) is coherent with the code: it calls Etherscan and an LLM to generate summaries. However the registry metadata lists no required environment variables or credentials, while README and source require ETHERSCAN_API_KEY and one of several LLM API keys (GROQ_API_KEY, ANTHROPIC_API_KEY, GOOGLE_API_KEY). The package.json also includes LLM SDKs (anthropic/openai). The missing declared env vars and credentials are an inconsistency: a legitimate onchain monitor would need an Etherscan API key and an LLM API key, so the metadata omission is misleading.

⚠ Instruction Scope

SKILL.md only shows a brief usage payload and high-level description and does not mention that the agent will load a local .env and send address/transaction summaries to third-party LLM APIs. The code explicitly reads .env (dotenv.config with project path) and then sends composed system/user prompts containing the target address and transaction summary to external LLM endpoints. Sending address and activity data to external LLMs is consistent with the stated feature (summary) but SKILL.md fails to disclose that behavior and the .env access.

⚠ Install Mechanism

Registry metadata says 'No install spec — instruction-only', but the package includes package.json, package-lock.json, and a TypeScript codebase that requires an npm install/build (README instructs `npm install` and `npm start`). This mismatch means the skill will likely require installing third-party npm packages to run, yet no install step or provenance for those installs was declared—raising supply-chain and transparency concerns.

⚠ Credentials

The registry reported no required env vars, but the code/README expect ETHERSCAN_API_KEY and at least one LLM API key (GROQ_API_KEY by default, with optional ANTHROPIC_API_KEY or GOOGLE_API_KEY if configured). Requiring multiple provider API keys is plausible for an LLM-backed agent, but the omission from metadata is a transparency problem. Additionally, the LLMFactory will default to Groq and throw if GROQ_API_KEY is missing, so missing keys may break execution. The skill loads .env files from its code, which can expose sensitive variables from that file if present—this side-effect isn't documented in SKILL.md.

✓ Persistence & Privilege

The skill does not request 'always: true' and does not modify other skills or system settings. It reads its own .env and uses network calls to APIs, but it does not appear to request elevated or persistent platform privileges beyond normal operation.

如何使用

确保已安装 OpenClaw（本地或 Docker 部署）
在对话框中输入安装命令：/install agent-onchain-watch
安装完成后，直接呼叫该 Skill 的名称或使用 /agent-onchain-watch 触发
根据 Skill 的参数说明提供必要输入，即可获得结构化输出

版本历史

v1.0.1

- Updated package.json only; no user-facing features or behavior changes. - No updates to documentation (SKILL.md) or core functionality.

v1.0.0

Initial release of onchain-watch agent. - 모니터링 대상 지갑 및 컨트랙트의 온체인 활동 추적 및 요약 기능 제공 - Etherscan API를 사용해 ETH 잔액, ERC-20 토큰 이동 내역 조회 - 고액 송금, 이상 빈도 거래 등 리스크 자동 감지 - 마크다운 형식의 요약 리포트 생성

元数据

Slug agent-onchain-watch

版本 1.0.1

许可证 —

累计安装 1

当前安装数 1

历史版本数 2

常见问题