功能描述

BSC Dev Wallet Monitor - 专为跟投 Dev 的用户设计。监控指定 BSC 地址的代币转出（发币）行为，第一时间发现新币发布。支持 Webhook 通知、安全检测、历史记录等功能。

使用说明 (SKILL.md)

BSC Dev Monitor Skill

Name: Bsc Dev Monitor Skill
Author: mybusd

🎯 适用人群

跟投 Dev 的用户 - 追踪项目方地址，第一时间发现新币
Alpha 猎人 - 寻找早期机会代币
套利交易者 - 检测大额转账，捕捉套利机会
风险管理者 - 追踪可疑地址行为

💰 收费模式

按次收费

每次监控请求: 0.001 USDT (1 token)
无论是否有检测
简单明了

当前价格: 0.001 USDT / 次 充值比例: 1 USDT = 1000 tokens 最低充值: 8 USDT (8000 tokens) 平台手续费: 5% 提现: 自动到你的钱包

🔧 使用方法

1. 设置监控

{
  "action": "monitor",
  "address": "0x4f0f84abd0b2d8a7ae5e252fb96e07946dbbb1a4",
  "name": "知名 Dev 地址",
  "webhook_url": "https://your-server.com/webhook",  // 可选：Webhook 通知
  "duration": 86400  // 监控 24 小时，0 表示持续监控
}

2. 查询监控历史

{
  "action": "history",
  "address": "0x4f0f84abd0b2d8a7ae5e252fb96e07946dbbb1a4",
  "limit": 20
}

3. 取消监控

{
  "action": "stop",
  "monitor_id": "monitor_xxxx"
}

📊 检测通知

检测到新币时的返回

{
  "status": "detected",
  "timestamp": "2026-03-05T08:00:00Z",
  "block": 84768918,
  "monitor_id": "monitor_abc123",
  "token": {
    "name": "New Token",
    "symbol": "NEW",
    "decimals": 18,
    "contract": "0x..."
  },
  "amount": "1000000000000000000",
  "txHash": "0x...",
  "from": "0x4f0f84abd0d...1a4",
  "billing": {
    "mode": "per_call",
    "charged": true,
    "amount": "0.001",
    "currency": "USDT"
  }
}

Webhook 通知格式

如果配置了 webhook_url，系统会自动推送：

{
  "event": "token_detected",
  "timestamp": "2026-03-05T08:00:00Z",
  "monitor_id": "monitor_abc123",
  "data": {
    "token": {
      "name": "New Token",
      "symbol": "NEW",
      "contract": "0x..."
    },
    "txHash": "0x...",
    "block": 84768918
  },
  "billing": {
    "charged": true,
    "amount": "0.001 USDT"
  }
}

🔍 高级功能

1. 批量监控

{
  "action": "batch_monitor",
  "addresses": [
    {
      "address": "0x4f0f84abd0d...1a4",
      "name": "Dev A"
    },
    {
      "address": "0x742d35Cc663...bEb",
      "name": "Dev B"
    }
  ],
  "webhook_url": "https://your-server.com/webhook"
}

2. 安全过滤

{
  "action": "monitor",
  "address": "0x...",
  "safety_checks": {
    "honeypot_check": true,      // 蜜罐检测
    "liquidity_check": true,      // 流动性检查
    "min_liquidity": "1000"      // 最小流动性（USDT）
  },
  "only_safe_tokens": true  // 只通知通过安全检查的代币
}
}

3. 智能过滤

{
  "action": "monitor",
  "address": "0x...",
  "filters": {
    "min_amount": "1000000000000000000000",  // 最小金额
    "exclude_contracts": ["0x..."],           // 排除的合约
    "include_symbols": ["PEPE", "DOGE"]       // 只关注指定符号
  }
}

💡 使用场景

场景 1：跟投知名 Dev

// 设置监控
{
  "action": "monitor",
  "address": "0x4f0f84abd0d...1a4",  // 知名 Dev 地址
  "name": "知名 Dev A",
  "webhook_url": "https://your-bot.com/webhook"
}

// 收到通知后，你可以：
// 1. 查看代币信息
// 2. 检查流动性
// 3. 决定是否买入

场景 2：监控多个地址

// 批量设置监控
{
  "action": "batch_monitor",
  "addresses": [
    {"address": "0x...", "name": "Dev A"},
    {"address": "0x...", "name": "Dev B"},
    {"address": "0x...", "name": "Dev C"}
  ]
}

// 任何地址发币都会通知你

场景 3：安全跟投

// 只投资安全的代币
{
  "action": "monitor",
  "address": "0x...",
  "safety_checks": {
    "honeypot_check": true,
    "liquidity_check": true,
    "min_liquidity": "10000"
  },
  "only_safe_tokens": true
}

// 只有通过安全检查的代币才会通知

⚠️ 重要提示

本 Skill 仅监控，不保证代币质量
- 检测到的代币可能存在风险
- 建议自行评估项目基本面
- 配合安全检测功能使用
收费模式说明
- 按次收费：每次监控请求都收费 (0.001 USDT/次)
- 无论是否有检测都会收费
- 最低充值：8 USDT (8000 tokens)
- 平台手续费：5%
- 提现自动到你的钱包
建议操作
- 检测到代币后，先查看合约
- 检查流动性池状态
- 验证代币安全
- 小仓位试水

📞 支持

查看 README.md 了解详细文档
访问 https://clawhub.com/skill/bsc-dev-monitor
提交 Issue 或联系作者

让跟投更简单！ 🚀

安全使用建议

Do not install or run this skill as-is. Specific actions to consider before using it: 1) Treat the package as potentially leaking secrets — the repo contains hard-coded API keys and an account email/password; ask the author to remove secrets from code and docs. 2) Require the developer to replace embedded keys with configuration via environment variables or a secure secrets store, and to declare required env vars in the registry metadata. 3) If any exposed keys are yours or associated with your organization, rotate them immediately (SkillPay key, BSCScan key, ClawHub account password). 4) Remove or audit deployment scripts (auto-deploy.js, deploy.sh) — they perform automated login/upload and should not contain credentials; run them only in an isolated environment after review. 5) Verify the billing model and endpoints (skillpay.me) and confirm you understand per-call charges and what data is sent to third parties. 6) If you must test, run in an isolated sandbox (no real secrets), block outbound network access except to explicitly trusted APIs, and review webhook endpoints before providing them. 7) Ask the maintainer for source provenance, a homepage, and for proof that the ClawHub credentials are not active or compromised. These inconsistencies (public secrets + deployment automation) are suspicious and should be resolved before trusting the skill with real data or credentials.

功能分析

Type: OpenClaw Skill Name: bsc-dev-monitor-v2 Version: 1.0.1 The skill bundle contains multiple critical security risks, most notably hardcoded plaintext credentials (email and password) for a ClawHub account in 'auto-deploy.js'. Additionally, it includes hardcoded API keys for BSCScan and SkillPay across several files ('index-enhanced.js', 'index.js', 'billing.js'). The presence of these sensitive secrets, along with internal deployment scripts and logs, suggests this is a raw development workspace that lacks proper security sanitization, making it highly irregular and potentially a trap for credential harvesting or unauthorized account access.

能力评估

⚠ Purpose & Capability

The skill's functionality (monitor BSC addresses, call BSCScan, send webhooks, bill users) justifies including a BSCScan key and a billing integration — but the package also contains ClawHub account credentials and multiple deployment scripts that embed an account email/password. The registry metadata declares no required env vars/credentials, yet secrets are embedded in code and docs. Embedding a platform account login is not necessary for runtime monitoring and is disproportionate.

⚠ Instruction Scope

SKILL.md describes normal monitor operations and billing, but repository files (auto-deploy.js, DEPLOYMENT-GUIDE.md, DEPLOYMENT files) instruct or automate logging into ClawHub with hard-coded credentials and uploading the skill package. Those deployment instructions go beyond runtime monitoring and expose credentials and an automatic upload path (/root/.openclaw/workspace/...). The skill also documents an in-band API key in SKILL.md (skillpay), exposing secrets in documentation.

ℹ Install Mechanism

There is no external download/install spec in the registry entry (instruction-only), and no remote archive installs from untrusted URLs. That reduces install-time code execution risk. However, the package includes multiple scripts (deploy.sh, auto-deploy.js) that will attempt network actions (login/upload) if run; those scripts assume an environment path and could leak embedded credentials if executed.

⚠ Credentials

The skill declares no required environment variables or primary credential, but multiple secrets are hard-coded: SkillPay API key (sk_f072a7...), BSCScan API key (JM67I...), and a ClawHub email/password ([email protected] / hefang198511633). Requiring no env vars while embedding many secrets is inconsistent and risky — credentials should be provided via controlled env vars or config, not committed in code/docs. The SkillPay key in public docs is particularly sensitive because it controls billing operations.

ℹ Persistence & Privilege

The skill does not request always:true and does not appear to modify other skills. Autonomous invocation is allowed (normal). The main privilege concern is the presence of deployment scripts that use embedded account credentials to upload/publish the skill — that can enable account misuse if the credentials are valid. No explicit system-wide persistence settings are requested.

版本历史

v1.0.1

- Updated billing details: reduced price to 0.001 USDT (per call), added token-based billing explanation, and specified minimum recharge and withdrawal rules. - Added three new files: BILLING-UPDATE-COMPLETE.md, _meta.json, and billing.js. - Updated payment configuration to include skill_id and synchronize with new platform billing standards. - Removed per_detection billing option and related descriptions; now only supports per_call billing. - Clarified sections on pricing, minimum recharge, withdrawal, and platform fee in documentation.

v1.0.0

Initial release – BSC Dev Wallet Monitor for automated tracking of token launches and transfers. - Monitor specified BSC addresses for new token creation or outgoing transfers. - Receive instant notifications via webhook when new tokens are detected. - Includes safety checks (honeypot, liquidity) and historical activity records. - Supports batch monitoring and custom filters (amount, symbols, exclusions). - Flexible per-detection or per-request USDT billing.

元数据

Slug bsc-dev-monitor-v2

版本 1.0.1

许可证 —

累计安装 0

当前安装数 0

历史版本数 2

常见问题