← 返回 Skills 市场
459
总下载
0
收藏
2
当前安装
7
版本数
在 OpenClaw 中安装
/install meme-scanner
功能描述
基于 GMGN 官方 API 的 Meme 币扫链工具。自动扫描热门代币,进行 AI 评分与风险分析,并推送格式化通知。完全使用 GMGN API,数据准确可靠。
安全使用建议
This skill appears to implement the advertised GMGN-based scanner, but contains an older v1 script that still includes a hard-coded Ave.ai API key and calls Ave.ai endpoints — despite SKILL.md claiming Ave.ai was removed. Before installing: 1) Ask the publisher why the v1 file and embedded AVE_API_KEY are present; remove or sanitize any embedded keys. 2) Only run this skill in an isolated environment (or sandbox/VM) because it asks you to start Chrome with remote debugging (ws://localhost:9222), which can expose your browser to remote commands. 3) Review and, if appropriate, delete the v1 script (or confirm its intended use). 4) Ensure required Python deps (websockets, aiohttp) are installed intentionally and verify the scripts’ network targets (gmgn.ai and, if v1 remains, ave-api.com). 5) If you don't trust the source or cannot confirm the Ave.ai key is expendable, do not install or run it. If you want higher confidence, request a clean release that only includes the v2 script, documents the Chrome/CDP requirement in metadata, and does not contain embedded secrets.
功能分析
Type: OpenClaw Skill
Name: meme-scanner
Version: 2.0.0
The skill bundle is classified as suspicious due to the presence of a hardcoded API key for `prod.ave-api.com` in `scripts/meme_scanner.py` and the use of Chrome DevTools Protocol (CDP) to execute arbitrary JavaScript in a browser context to scrape `gmgn.ai`. While these high-risk capabilities and vulnerabilities (credential exposure) are plausibly aligned with the stated purpose of a cryptocurrency scanner, they introduce significant security risks. No evidence of intentional malice, data exfiltration, or harmful prompt injection was found in the analyzed files.
能力评估
Purpose & Capability
The skill claims to be 'fully using GMGN official API' (v2) and the v2 script does call GMGN endpoints via CDP which is coherent. However the package contains an older v1 script that still calls Ave.ai and includes a hard-coded AVE_API_KEY constant. The registry metadata declares no required env vars or binaries, but the runtime actually requires a Chrome instance with remote debugging/extension (CDP). These mismatches (leftover Ave.ai usage and undeclared Chrome CDP requirement) are inconsistent with the stated purpose.
Instruction Scope
SKILL.md instructs the agent/user to start Chrome with remote debugging on port 9222 and connect OpenClaw to it (CDP) to bypass Cloudflare. The scripts then use the CDP to execute fetch() in the browser context. Requiring the user to run a remote browser and enabling CDP is a material runtime requirement that is not represented in metadata. The SKILL.md also references another skill's documentation (Token Analyzer) for setup, creating external dependencies and scope creep.
Install Mechanism
There is no install spec (instruction-only), which minimizes automated installation risk. However, the package does include two Python scripts that will be executed by the user/agent and require Python packages (websockets, aiohttp). SKILL.md mentions websockets but there is no explicit dependency installation step. The absence of an install step plus embedded scripts means a user/agent could run code without an explicit, auditable install process.
Credentials
Registry metadata declares no required environment variables, yet scripts contain a hard-coded AVE_API_KEY and AVE_API_BASE in the v1 script. Embedding a third‑party API key in the repository is unexpected and unnecessary for the v2 'GMGN-only' claim — this is an unexplained credential leak/leftover. The scripts also write to /root/.openclaw/workspace/scanned_tokens.json (workspace file) — that file access is reasonable for scan state but is a persistent local artifact to be aware of.
Persistence & Privilege
The skill does not request always:true and does not modify other skills or system settings. It reads and writes a single workspace file for scanned token state, which is proportional for its functionality. Agent autonomy (disable-model-invocation=false) is the platform default and not flagged here.
如何使用
- 确保已安装 OpenClaw(本地或 Docker 部署)
- 在对话框中输入安装命令:
/install meme-scanner - 安装完成后,直接呼叫该 Skill 的名称或使用
/meme-scanner触发 - 根据 Skill 的参数说明提供必要输入,即可获得结构化输出
版本历史
v2.0.0
完全重构为使用 GMGN 官方 API,移除 Ave.ai 依赖,新增创建时间显示、Why Alpha 分析、Narrative Vibe 识别等功能
v1.1.0
修复:只推送 Early Score >= 8 的代币
v1.0.4
Reverted to JSON array output with ensure_ascii=False for reliable message parsing by sub-agent in cron tasks. This is a final fix attempt for Unicode escape and message delivery issues.
v1.0.3
Final attempt to fix Unicode escape issues in cron jobs by directly outputting TOOL_CODE_START/END from script.
v1.0.2
Reverted Early Score threshold to 8/10 for pushing notifications based on user feedback.
v1.0.1
Updated Early Score threshold to 9/10 for pushing notifications.
v1.0.0
Initial release with meme token scanning functionality.
元数据
常见问题
Meme Scanner 是什么?
基于 GMGN 官方 API 的 Meme 币扫链工具。自动扫描热门代币,进行 AI 评分与风险分析,并推送格式化通知。完全使用 GMGN API,数据准确可靠。 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件,目前累计下载 459 次。
如何安装 Meme Scanner?
在 OpenClaw 或 Claude Code 对话框中运行命令「/install meme-scanner」即可一键安装,无需额外配置。
Meme Scanner 是免费的吗?
是的,Meme Scanner 完全免费(开源免费),可自由下载、安装和使用。
Meme Scanner 支持哪些平台?
Meme Scanner 跨平台运行,可在任意部署了 OpenClaw / Claude Code 的环境中使用(cross-platform)。
谁开发了 Meme Scanner?
由 0xshahai(@hanguang254)开发并维护,当前版本 v2.0.0。
推荐 Skills