← 返回 Skills 市场
Crypto Alert
作者
JimmyClanker
· GitHub ↗
· v1.0.0
· MIT-0
109
总下载
0
收藏
0
当前安装
1
版本数
在 OpenClaw 中安装
/install jimmy-crypto-alert
功能描述
Monitor cryptocurrency prices and send alerts when thresholds are crossed. No API key required — uses Binance public API. Supports BTC, ETH, SOL, and 10+ tok...
使用说明 (SKILL.md)
Crypto Alert Monitor
Monitor cryptocurrency prices and send alerts when thresholds are crossed. No API key required — uses Binance public API.
Usage
# Check a single token
bash scripts/check-price.sh btc
# Check multiple tokens
bash scripts/check-price.sh btc eth sol
# Set an alert
bash scripts/set-alert.sh btc 100000 "BTC above 100K"
# Check alerts
bash scripts/check-alerts.sh
Configuration
Edit scripts/config.sh to set your Telegram bot token and chat ID for alerts.
How It Works
- Uses CoinGecko public API (rate limit: 10-30 calls/minute)
- Stores state in
~/.crypto-alert-state.json - Alerts trigger via Telegram bot (optional)
- Threshold format:
above:Xorbelow:X
安全使用建议
This package appears to be a simple, local crypto-price checker that stores alerts in ~/.crypto-alert-state.json and queries public Binance/CoinGecko APIs. Before installing or running it:
- Review the scripts yourself (they are short and included). They use curl and python3 and will create/modify ~/.crypto-alert-state.json.
- Note SKILL.md mentions Telegram alerts and a scripts/config.sh file: that file is missing and none of the scripts send Telegram messages. If you expect push alerts, do not assume they exist — either implement/verify Telegram sending yourself or contact the author.
- Run the scripts in a restricted environment (non-root user or container) if you are unsure. Because they make network calls, be aware they will contact public Binance and CoinGecko endpoints.
- If you plan to add Telegram support, check where/when tokens would be read and ensure you store tokens securely rather than embedding them in world-readable files.
- If you need stronger assurance, ask the publisher for the missing config implementation or for an updated release that implements alert delivery as described.
功能分析
Type: OpenClaw Skill
Name: jimmy-crypto-alert
Version: 1.0.0
The skill bundle contains a code injection vulnerability in `scripts/set-alert.sh`, where shell variables are directly interpolated into a Python string literal within a heredoc. This allows for arbitrary Python code execution if a user provides a specially crafted message or token name. While the scripts functionally align with the stated purpose of monitoring cryptocurrency prices via Binance and CoinGecko APIs, the insecure implementation of state management and lack of input sanitization pose a significant security risk.
能力评估
Purpose & Capability
The name/description (monitor prices, send alerts) align with the included scripts: check-price.sh queries Binance and set-alert.sh/check-alerts.sh manage a JSON state file. However SKILL.md instructs the user to edit scripts/config.sh to set a Telegram bot token/chat ID for alerts, but no scripts/config.sh is included and none of the shipped scripts implement sending alerts via Telegram. This is a mismatch between the claimed alert-delivery feature and the actual code.
Instruction Scope
Runtime instructions are limited and explicit (run the provided scripts). The scripts only access the user's home directory (~/.crypto-alert-state.json), call public APIs (CoinGecko and Binance) over the network, and invoke python3/curl. They do not read other system files or environment variables beyond HOME, nor do they exfiltrate data to unknown endpoints. The SKILL.md's Telegram instructions refer to a config file that does not exist and the code does not source a config, which is misleading.
Install Mechanism
No install spec and no external downloads — the skill is instruction-only with included shell/Python scripts. Nothing is written to disk by an installer; the only runtime write is the state file in the user's home directory, which is expected for this functionality.
Credentials
The skill declares no required credentials and the code does not require secrets. SKILL.md suggests configuring a Telegram bot token/chat ID, but the repository lacks that config and the scripts don't use it. Requesting no credentials is proportionate to the visible code, but the doc could mislead users into providing a token they don't need or the author may have forgotten to include alert-sending functionality.
Persistence & Privilege
The skill does not request persistent platform privileges (always:false). It writes a single JSON state file under the user's home directory (~/.crypto-alert-state.json) which is consistent with its purpose. It does not modify other skills or system-wide settings.
如何使用
- 确保已安装 OpenClaw(本地或 Docker 部署)
- 在对话框中输入安装命令:
/install jimmy-crypto-alert - 安装完成后,直接呼叫该 Skill 的名称或使用
/jimmy-crypto-alert触发 - 根据 Skill 的参数说明提供必要输入,即可获得结构化输出
版本历史
v1.0.0
Initial release of crypto-alert.
- Monitor cryptocurrency prices for BTC, ETH, SOL, and 10+ tokens.
- Send alerts when price thresholds are crossed, with no API key required.
- Supports single or multi-token checks via simple shell scripts.
- Optional Telegram integration for real-time alert notifications.
- Uses Binance public API for pricing and supports basic local configuration.
元数据
常见问题
Crypto Alert 是什么?
Monitor cryptocurrency prices and send alerts when thresholds are crossed. No API key required — uses Binance public API. Supports BTC, ETH, SOL, and 10+ tok... 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件,目前累计下载 109 次。
如何安装 Crypto Alert?
在 OpenClaw 或 Claude Code 对话框中运行命令「/install jimmy-crypto-alert」即可一键安装,无需额外配置。
Crypto Alert 是免费的吗?
是的,Crypto Alert 完全免费,采用 MIT-0 许可证,可自由下载、安装和使用。
Crypto Alert 支持哪些平台?
Crypto Alert 跨平台运行,可在任意部署了 OpenClaw / Claude Code 的环境中使用(cross-platform)。
谁开发了 Crypto Alert?
由 JimmyClanker(@jimmyclanker)开发并维护,当前版本 v1.0.0。
推荐 Skills