← 返回 Skills 市场
princedoss77

Crypto Address Checker

作者 princedoss77 · GitHub ↗ · v1.0.0
cross-platform ⚠ suspicious
738
总下载
0
收藏
0
当前安装
1
版本数
在 OpenClaw 中安装
/install crypto-address-checker
功能描述
Real-time cryptocurrency scam detection with database-first architecture. Protects users from phishing, honeypots, rug pulls, and ponzi schemes. No external...
使用说明 (SKILL.md)

🔍 Crypto Scam Detector v2.0

Database-first cryptocurrency scam detection for OpenClaw

Analyzes crypto addresses for phishing, honeypots, rug pulls, and ponzi schemes using a local database with background sync from Etherscan. Zero external API calls during user checks = instant results!

✨ What's New in v2.0

🚀 Major Architecture Upgrade

  • Database-first design - All checks query local SQLite database
  • Instant results - No API latency during checks (\x3C5ms)
  • No rate limits - User queries never hit Etherscan API
  • Background sync worker - Separate process pulls from Etherscan
  • Transaction message analysis - Decodes and analyzes hex data
  • Auto-queue system - Unknown addresses automatically queued for sync
  • Deep scanning - Detects suspicious keywords in transaction data

🔍 Enhanced Detection

Now catches scams the old version missed:

  • ✅ "Lazarus Vanguard" hacking group references
  • ✅ "Orbit Bridge Hacker" mentions
  • ✅ Private key phishing attempts
  • ✅ Exploit recruitment messages
  • ✅ And much more...

📦 What's Included

crypto-scam-detector/
├── SKILL.md                    # This file
├── DATABASE_ARCHITECTURE.md    # Technical documentation
├── database.py                 # SQLite database layer
├── crypto_check_db.py          # Database-only checker (instant)
├── sync_worker.py              # Background Etherscan sync worker
├── secure_key_manager.py       # Encrypted API key storage
├── install.sh                  # Auto-installer
├── setup.sh                    # API key setup wizard
├── check_address.sh            # Convenience script (sync if needed)
├── requirements.txt            # Python dependencies
└── venv/                       # Virtual environment (created on install)

🚀 Quick Start

1. Install

cd ~/.openclaw/workspace/skills/crypto-scam-detector
bash install.sh

2. Configure Etherscan API Key (Optional but Recommended)

Option A: Interactive Setup (Encrypted storage)

./setup.sh
# Follow the wizard to encrypt your API key

Option B: Environment Variable

export ETHERSCAN_API_KEY="your_key_here"

Get free API key: https://etherscan.io/myapikey

3. Check an Address

# Check address (instant, database-only)
python3 crypto_check_db.py 0x1234567890abcdef1234567890abcdef12345678

4. Run Background Sync Worker

Manual mode:

python3 sync_worker.py
# Runs continuously, processes queue

Batch mode:

python3 sync_worker.py --max-jobs 20
# Process 20 addresses then exit

Cron schedule (recommended):

# Add to crontab
*/10 * * * * cd ~/.openclaw/workspace/skills/crypto-scam-detector && source venv/bin/activate && ETHERSCAN_API_KEY="key" python3 sync_worker.py --max-jobs 30

💡 How It Works

Architecture Flow

User checks address
       ↓
┌──────────────────┐
│ crypto_check_db  │ ← Queries local database ONLY
└────────┬─────────┘   (No external API calls)
         │
         ↓
┌──────────────────────┐
│ Local SQLite DB      │
│ ~/.config/crypto-    │
│  scam-detector/      │
│                      │
│ • Addresses          │
│ • Transactions       │
│ • Risk scores        │
│ • Scam indicators    │
│ • Sync queue         │
└────────▲─────────────┘
         │
         │ Background sync
         │
┌────────┴─────────────┐
│ sync_worker.py       │ ← Pulls from Etherscan
│                      │   (Uses your API key)
│ • Reads queue        │
│ • Calls Etherscan    │
│ • Decodes TX data    │
│ • Analyzes messages  │
│ • Stores in DB       │
└──────────────────────┘

User Flow

  1. Check address: python3 crypto_check_db.py 0x...
  2. If in database: Instant results with full analysis
  3. If NOT in database:
    • Returns "unknown" status
    • Automatically adds to sync queue
    • Shows: "⏳ Check again in a few minutes"
  4. Background worker syncs it (next cron run or manual trigger)
  5. Check again: Full analysis now available

🔍 Detection Capabilities

Scam Types Detected

Type Detection Method
Phishing Keyword analysis: "private key", "seed phrase", "verify wallet"
Honeypot Contract code analysis (unverified contracts)
Rug Pull Transaction pattern analysis
Exploit Groups Keywords: "Lazarus", "hack", "exploit", "breach"
Social Engineering Keywords: "urgent", "claim reward", "airdrop winner"

Risk Scoring

Algorithm factors:

  • Suspicious transaction count (+25 per TX, max +50)
  • Account age (new addresses: +10)
  • Balance patterns (large balance + suspicious TX: +20)
  • Contract verification (unverified: +30)

Risk Levels:

  • 0-19: ✅ Low Risk
  • 20-49: ℹ️ Medium Risk
  • 50-79: ⚠️ High Risk
  • 80-100: 🚨 Critical Risk

📋 Commands Reference

Check Address

# Human-readable output
python3 crypto_check_db.py 0x...

# JSON output
python3 crypto_check_db.py 0x... --json

Sync Worker

# Add address to queue
python3 sync_worker.py --add-address 0x...

# Run worker (continuous)
python3 sync_worker.py

# Process N addresses then stop
python3 sync_worker.py --max-jobs 20

# Custom delay between addresses
python3 sync_worker.py --delay 2.0

# Show database stats
python3 sync_worker.py --stats

Convenience Script

# Check and auto-sync if needed
./check_address.sh 0x...
# Automatically syncs if not in DB, then shows results

🎯 Example Output

Critical Risk Address

🚨 Analysis for 0x098b716b8aaf21512996dc57eb0615e2383e2f96

Risk Score: 100/100 - CRITICAL RISK
Last Updated: 2026-02-20 07:14:32

🚨 KNOWN SCAM DETECTED!

⚙️ Smart Contract
⚠️ NOT VERIFIED on Etherscan
   Transactions: 38
   Balance: 101.802430 ETH

🚨 5 Scam Indicator(s) Detected:
   • Suspicious keyword detected: 'lazarus' (confidence: 80%)
   • Suspicious keyword detected: 'hack' (confidence: 80%)
   • Suspicious keyword detected: 'exploit' (confidence: 80%)
   • Suspicious keyword detected: 'private key' (confidence: 80%)

⚠️ 5 Suspicious Transaction(s):
   • 0x74f7fbfe5a0bd3...
     Reason: Suspicious keyword detected: 'lazarus'
     Message: "Greetings Lazarus Vanguard..."

📋 Recommendations:
  🚫 DO NOT send funds to this address
  ⚠️ This address has been flagged as high risk
  📞 Report the source that gave you this address

Unknown Address (Not Yet Synced)

⏳ Analysis for 0xnew_address_not_in_db

Risk Score: 0/100 - UNKNOWN
Last Updated: N/A

⏳ Address not yet in database
   Address not in database. Added to sync queue.

📋 Recommendations:
  ⏳ This address will be analyzed soon
  🔍 Check again in a few minutes
  ⚠️ Exercise caution until analysis completes

⚙️ Configuration

Database Location

Default: ~/.config/crypto-scam-detector/crypto_data.db

Etherscan API Rate Limits

  • Free tier: 5 calls/second, 100,000 calls/day
  • Each address: 4 API calls (balance, TX count, TX list, code)
  • Default delay: 1.5 seconds between addresses (safe for free tier)

Recommended Cron Schedule

# Every 10 minutes, process 30 addresses
*/10 * * * * cd ~/.openclaw/workspace/skills/crypto-scam-detector && source venv/bin/activate && ETHERSCAN_API_KEY="key" python3 sync_worker.py --max-jobs 30 --delay 2.0

# Handles ~4,320 addresses per day

🛡️ Security

  • Encrypted API key storage - AES-256 with PBKDF2
  • No third-party sharing - API key only sent to Etherscan
  • Local processing - All analysis happens on your machine
  • No telemetry - Zero data collection
  • Open source - Fully auditable code

📊 Database Schema

Tables

  • addresses - Address info, risk scores, balances, metadata
  • transactions - Suspicious transactions with decoded messages
  • scam_indicators - Individual red flags per address
  • sync_queue - Addresses waiting to be synced

See DATABASE_ARCHITECTURE.md for full technical details.

🔄 Sync Frequency

Default behavior:

  • First check → address queued for sync
  • Worker processes queue (manual or cron)
  • Subsequent checks → instant from database

Recommended: Run worker via cron every 5-10 minutes

💻 OpenClaw Integration

Via Chat

"Check if 0x1234... is a scam"
"Is this address safe: 0xabc..."
"Verify 0xdef... before I send ETH"

Automatic Detection

When you check an address, OpenClaw:

  1. Runs crypto_check_db.py
  2. If not in DB → queues for sync
  3. Returns current status
  4. Suggests checking again after sync

🐛 Troubleshooting

"Address not in database"

Solution: Wait for background worker to sync it, or manually trigger:

python3 sync_worker.py --add-address 0x...
python3 sync_worker.py --max-jobs 1

"Etherscan API key not configured"

Solution: Set API key via environment or setup wizard:

./setup.sh  # or
export ETHERSCAN_API_KEY="your_key"

Rate limit errors

Solution: Increase delay between addresses:

python3 sync_worker.py --delay 3.0

📈 Performance

  • Check latency: \x3C5ms (database query)
  • Sync time: ~2 seconds per address (4 API calls)
  • Database size: ~1KB per address
  • Capacity: Handles millions of addresses

🆚 Comparison: v1 vs v2

Feature v1.1.3 (Old) v2.0.0 (New)
Check speed 2-5 seconds (API calls) \x3C5ms (database)
Rate limits Yes (every check) No (checks only query DB)
TX message analysis ❌ Not analyzed ✅ Fully analyzed
False negatives High (missed scams) Low (deep analysis)
Architecture Direct API calls Database + background worker
API key usage Every check Only background worker

📜 License

MIT License - Free and open source

🤝 Support

🏆 Credits

Developed by Trust Claw Team for NeoClaw Hackathon 2026

Built with:

  • SQLite - Local database
  • Etherscan API - Blockchain data
  • ChainAbuse API - Community scam reports
  • Python asyncio - Async operations

🔐 Stay safe in crypto! Always verify addresses before sending funds.

安全使用建议
This package appears to be a legitimate local DB-based scam detector, but there are important inconsistencies you should resolve before installing: - ETHERSCAN_API_KEY is required for syncing unknown addresses, but the registry metadata does not declare it. Expect the skill to use network calls for unknown addresses or when running the sync worker/cron; if you do not set a key, realtime sync will fail or the scripts will prompt you. - The top-line claim 'No external API calls during user checks' is only true when an address is already present in the local DB. Unknown addresses trigger immediate Etherscan fetches (crypto_check_db.py calls a syncer) or the convenience script will run sync_worker. Clarify whether you want those realtime network calls. - inspect requirements.txt before pip install to confirm third-party dependencies are trusted; review secure_key_manager.py to understand how it encrypts and stores your API key (where the passphrase comes from, PBKDF iterations, storage path ~ ~/.config/crypto-scam-detector/encrypted_keys.json). Make sure no hardcoded remote endpoints or backdoors exist in sync_worker.py or secure_key_manager.py. - The installer runs silently (redirects output), which is convenient but hides install-time errors; run install.sh interactively or inspect it first. If you plan to use this skill: 1) Audit secure_key_manager.py and sync_worker.py to confirm Etherscan (and any additional services like ChainAbuse) are the only external endpoints used and that keys are handled securely. 2) Ensure you are comfortable storing an API key on the host and with running a background worker (cron/systemd) that uses it. 3) Consider running the skill in an isolated environment (dedicated user account or container) until you confirm behavior. Because these inconsistencies could be innocent (sloppy docs) but also lead to unexpected network calls or key exposure, treat the package as suspicious until you confirm these points.
功能分析
Type: OpenClaw Skill Name: crypto-address-checker Version: 1.0.0 The skill is designed for legitimate cryptocurrency scam detection, using a local database and Etherscan API for data synchronization. It handles API keys securely with AES-256 encryption and explicitly states no telemetry or third-party data sharing. However, the `requirements.txt` file includes dependencies for a web server (`fastapi`, `uvicorn`), despite the skill's `command` being a CLI-based Python script (`python3 crypto_check_db.py`) and the `mcp_server.py` (from a previous version) being explicitly removed. This discrepancy, while not directly malicious, introduces unnecessary web server capabilities that are not aligned with the stated CLI-only operation, making the package slightly suspicious due to potentially unused or lingering risky components.
能力评估
Purpose & Capability
The code and docs align with a database-first crypto-scam detector that uses Etherscan for background sync. That capability matches the name/description. However the registry/metadata claims no required env vars or primary credential, while the code expects an ETHERSCAN_API_KEY (via environment or encrypted storage) for sync operations. Also SKILL.md's repeated claim 'No external API calls during user checks' is misleading: checks that hit the DB only are offline, but the code will perform realtime Etherscan sync (network calls) when an address is missing.
Instruction Scope
SKILL.md and scripts direct the agent to create a local DB under ~/.config/crypto-scam-detector, run install.sh, optionally run setup.sh (encrypted key storage), and run sync_worker.py which makes external API calls to Etherscan. The human-facing claim 'Zero external API calls during user checks' omits that the checker will trigger immediate sync/network calls for unknown addresses. Scripts reference ETHERSCAN_API_KEY and call network APIs; instructions also suggest adding cron/systemd services. These behaviors go beyond purely local-only checks and are not consistently documented as required.
Install Mechanism
install.sh creates a Python virtualenv and pip-installs requirements from requirements.txt; there are no opaque downloads or unexpected remote URLs in the provided files. The install script runs silently by redirecting stdout/stderr but otherwise performs standard operations. This is a standard install pattern (moderate risk if requirements include untrusted packages — review requirements.txt).
Credentials
The skill metadata declares no required env vars or primary credential, but the runtime code and scripts clearly use ETHERSCAN_API_KEY (environment OR encrypted storage via secure_key_manager). The skill also stores data under the user's home config directory. Requiring an API key for Etherscan is legitimate for background sync, but the metadata should list it; the mismatch is a red flag and could lead a user to run the skill without understanding network calls or key storage behavior.
Persistence & Privilege
The skill does not request always:true and does not attempt to modify other skills. It recommends running a background worker via cron or systemd (which requires the user to configure a service/cron). That is normal for a background sync worker; no privileged system-level changes are requested by the package itself.
如何使用
  1. 确保已安装 OpenClaw(本地或 Docker 部署)
  2. 在对话框中输入安装命令:/install crypto-address-checker
  3. 安装完成后,直接呼叫该 Skill 的名称或使用 /crypto-address-checker 触发
  4. 根据 Skill 的参数说明提供必要输入,即可获得结构化输出
版本历史
v1.0.0
**Major v2.0 release: Complete architecture and feature overhaul for database-first scam detection.** - Replaces external API calls with a fast, local SQLite database—user checks are instant and always offline. - Adds a background sync worker that pulls data from Etherscan and auto-queues unknown addresses for later analysis. - Deeply analyzes transactions, decoding and scanning for scam indicators including targeted groups and phishing attempts. - Expands scam detection with new categories: "Lazarus Vanguard", "Orbit Bridge Hacker", private key phishing, and more. - Introduces flexible risk scoring, human-readable and JSON outputs, cron support, new installation/setup experience, and secure API key storage. - Full documentation and command reference are now included.
元数据
Slug crypto-address-checker
版本 1.0.0
许可证
累计安装 0
当前安装数 0
历史版本数 1
常见问题

Crypto Address Checker 是什么?

Real-time cryptocurrency scam detection with database-first architecture. Protects users from phishing, honeypots, rug pulls, and ponzi schemes. No external... 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件,目前累计下载 738 次。

如何安装 Crypto Address Checker?

在 OpenClaw 或 Claude Code 对话框中运行命令「/install crypto-address-checker」即可一键安装,无需额外配置。

Crypto Address Checker 是免费的吗?

是的,Crypto Address Checker 完全免费(开源免费),可自由下载、安装和使用。

Crypto Address Checker 支持哪些平台?

Crypto Address Checker 跨平台运行,可在任意部署了 OpenClaw / Claude Code 的环境中使用(cross-platform)。

谁开发了 Crypto Address Checker?

由 princedoss77(@princedoss77)开发并维护,当前版本 v1.0.0。

推荐 Skills
self-improving agent
Captures learnings, errors, and corrections to enable continuous improvement. Use when: (1) A command or operation fails unexpectedly, (2) User corrects Clau...
⬇ 463283 · by pskoett
Skill Vetter
Security-first skill vetting for AI agents. Use before installing any skill from ClawdHub, GitHub, or other sources. Checks for red flags, permission scope, and suspicious patterns.
⬇ 259410 · by spclaudehome
Polymarket
Query Polymarket prediction markets. Check odds, find trending markets, search events, track price movements.
⬇ 232503 · by joelchance
Self-Improving + Proactive Agent
Self-reflection + Self-criticism + Self-learning + Self-organizing memory. Agent evaluates its own work, catches mistakes, and improves permanently. Use when...
⬇ 200423 · by ivangdavila
Github
Interact with GitHub using the `gh` CLI. Use `gh issue`, `gh pr`, `gh run`, and `gh api` for issues, PRs, CI runs, and advanced queries.
⬇ 191115 · by steipete
ontology
Typed knowledge graph for structured agent memory and composable skills. Use when creating/querying entities (Person, Project, Task, Event, Document), linkin...
⬇ 190156 · by oswalpalash

💬 留言讨论