← 返回 Skills 市场
dokbawi80

Is Token Safe?

作者 dokbawi80 · GitHub ↗ · v1.0.0
cross-platform ⚠ suspicious
677
总下载
0
收藏
2
当前安装
1
版本数
在 OpenClaw 中安装
/install is-token-safe
功能描述
Evaluates a crypto token's contract for scam risks and flags its safety level with reasons for trading and decision-making purposes.
使用说明 (SKILL.md)

IsTokenSafe\r

\r Checks whether a given crypto token is potentially malicious or risky.\r \r

What it does\r

  • Analyzes token contract metadata\r
  • Flags common scam or rug-pull patterns\r
  • Provides a quick safety signal for trading bots and agents\r \r

Use cases\r

  • Automated trading bots\r
  • Polymarket / prediction market agents\r
  • Token discovery pipelines\r \r

Input\r

  • Token address\r \r

Output\r

  • Risk level (low / medium / high)\r
  • Reason summary\r
安全使用建议
This package is inconsistent: the documentation and scan.js implement a token scanner that calls a public Base RPC and an external honeypot API, but the declared entrypoint (index.js) does nothing. Before installing or enabling: 1) ask the author to fix the entrypoint so the runtime executes the scanner you expect (or explain why index.js is the real entry); 2) require a package.json or install instructions for ethers/axios; 3) confirm you are OK with the token address being sent to https://api.honeypot.is and using the Base RPC (privacy/telemetry concerns); and 4) if you need scans for other chains, request chain selection rather than a hardcoded 'base'. Because of the entrypoint mismatch and missing dependency metadata, treat this skill as suspicious until the author clarifies/corrects these issues.
功能分析
Type: OpenClaw Skill Name: is-token-safe Version: 1.0.0 The skill is functionally broken as its entry point (`index.js.js`) is a no-op, simply returning the input without performing any token analysis. The actual analysis logic resides in `scan.js.js`, which is a standalone script and not called by `index.js.js`. While `scan.js.js` makes external network calls to `https://mainnet.base.org` (blockchain RPC) and `https://api.honeypot.is` (token safety API), these are legitimate for the skill's stated purpose and do not involve exfiltration of sensitive data or malicious execution. The `SKILL.md` documentation contains no prompt injection attempts. The bundle is benign, though non-functional as intended.
能力评估
Purpose & Capability
The SKILL.md and description say the skill analyzes token contracts, and scan.js implements that. However skill.json points to index.js, which is a trivial passthrough that does not perform any scanning. This divergence means the package on-disk does not match the declared runtime entrypoint and the skill may be non-functional or intentionally obfuscated.
Instruction Scope
SKILL.md describes token analysis (input: token address -> risk level). The actual scan logic (in scan.js) contacts external services: a public Base RPC (https://mainnet.base.org) and the honeypot.is API, sending the token address and chain param. That network transmission is expected for a token scanner but is not documented in SKILL.md (no mention of which chain is assumed — scan.js hardcodes 'base').
Install Mechanism
There is no install spec or dependency manifest. scan.js requires Node modules (ethers, axios) but these are not declared; the skill may fail to run in a strict environment or rely on preinstalled packages. No downloads or external installers are present.
Credentials
The skill requests no environment variables, no credentials, and no config paths. The code does not attempt to read local secrets or files.
Persistence & Privilege
The skill is not always-enabled and requests no elevated persistence or changes to other skills/config. It only performs transient network calls in the scan logic.
如何使用
  1. 确保已安装 OpenClaw(本地或 Docker 部署)
  2. 在对话框中输入安装命令:/install is-token-safe
  3. 安装完成后,直接呼叫该 Skill 的名称或使用 /is-token-safe 触发
  4. 根据 Skill 的参数说明提供必要输入,即可获得结构化输出
版本历史
v1.0.0
Initial release of IsTokenSafe. Provides quick risk analysis for crypto tokens to help bots and agents avoid scams.
元数据
Slug is-token-safe
版本 1.0.0
许可证
累计安装 2
当前安装数 2
历史版本数 1
常见问题

Is Token Safe? 是什么?

Evaluates a crypto token's contract for scam risks and flags its safety level with reasons for trading and decision-making purposes. 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件,目前累计下载 677 次。

如何安装 Is Token Safe??

在 OpenClaw 或 Claude Code 对话框中运行命令「/install is-token-safe」即可一键安装,无需额外配置。

Is Token Safe? 是免费的吗?

是的,Is Token Safe? 完全免费(开源免费),可自由下载、安装和使用。

Is Token Safe? 支持哪些平台?

Is Token Safe? 跨平台运行,可在任意部署了 OpenClaw / Claude Code 的环境中使用(cross-platform)。

谁开发了 Is Token Safe??

由 dokbawi80(@dokbawi80)开发并维护,当前版本 v1.0.0。

推荐 Skills
self-improving agent
Captures learnings, errors, and corrections to enable continuous improvement. Use when: (1) A command or operation fails unexpectedly, (2) User corrects Clau...
⬇ 463283 · by pskoett
Skill Vetter
Security-first skill vetting for AI agents. Use before installing any skill from ClawdHub, GitHub, or other sources. Checks for red flags, permission scope, and suspicious patterns.
⬇ 259410 · by spclaudehome
Polymarket
Query Polymarket prediction markets. Check odds, find trending markets, search events, track price movements.
⬇ 232503 · by joelchance
Self-Improving + Proactive Agent
Self-reflection + Self-criticism + Self-learning + Self-organizing memory. Agent evaluates its own work, catches mistakes, and improves permanently. Use when...
⬇ 200423 · by ivangdavila
Github
Interact with GitHub using the `gh` CLI. Use `gh issue`, `gh pr`, `gh run`, and `gh api` for issues, PRs, CI runs, and advanced queries.
⬇ 191113 · by steipete
ontology
Typed knowledge graph for structured agent memory and composable skills. Use when creating/querying entities (Person, Project, Task, Event, Document), linkin...
⬇ 190156 · by oswalpalash

💬 留言讨论