← 返回 Skills 市场
jimmyclanker

Multichain Portfolio Tracker

作者 JimmyClanker · GitHub ↗ · v1.0.0 · MIT-0
cross-platform ⚠ suspicious
84
总下载
0
收藏
0
当前安装
1
版本数
在 OpenClaw 中安装
/install multichain-portfolio-tracker
功能描述
Track multi-chain crypto portfolio with real-time prices, P&L, and alerts. Supports EVM (Ethereum, Base, Arbitrum, Polygon, Optimism), Solana, and manual ent...
安全使用建议
This skill appears to implement what it claims, but before installing or running it: (1) understand that the scripts query public RPC providers and CoinGecko — those external services will receive the wallet addresses and token symbols you check (they can log requests and IPs). If you care about privacy, replace the hard-coded RPC URLs with your own RPC provider or a private node. (2) The SKILL.md mentions pnl.sh but that file is missing — expect limited P&L functionality until you add/implement it. (3) Inspect the scripts locally (they are simple bash/python) and run them in a restricted environment if you are unsure. (4) If you want to avoid third-party logging entirely, configure trusted RPC endpoints or API keys that you control. If you want me to, I can point out exactly which lines to change to swap in custom RPC URLs or remove any specific endpoint.
功能分析
Type: OpenClaw Skill Name: multichain-portfolio-tracker Version: 1.0.0 The skill bundle contains multiple command and script injection vulnerabilities where user-controlled data from 'portfolio.json' is passed unsanitized into shell commands and Python execution strings. Specifically, in 'scripts/alerts.sh', 'scripts/check-wallet.sh', and 'scripts/portfolio.sh', variables like token symbols, addresses, and chain names are embedded directly into 'python3 -c' calls or heredocs, allowing for arbitrary code execution if the configuration file is populated with malicious payloads (e.g., via prompt injection against the agent). While the tool appears to be a legitimate crypto tracker using public APIs (CoinGecko) and RPCs (LlamaRPC, Solana), the lack of input sanitization poses a significant security risk.
能力评估
Purpose & Capability
Name/description match what the files implement: price checks, wallet balance queries, portfolio aggregation, and alerts. The scripts operate without requiring API keys which matches the README. Minor inconsistency: SKILL.md references a pnl.sh script for P&L calculation but no pnl.sh is present in the supplied manifest.
Instruction Scope
Scripts read a local portfolio.json (expected) and call external services (CoinGecko and several public RPC endpoints). Those network calls will send wallet addresses and requested token symbols to third-party endpoints (e.g., eth.llamarpc.com, mainnet.base.org, api.coingecko.com), which can log IPs and queried addresses—this is a privacy/exfiltration risk not called out in the README. Otherwise the instructions limit themselves to the task and do not attempt to read unrelated files or credentials.
Install Mechanism
Instruction-only skill with no install spec; scripts run using system bash/python3. No downloads or archive extraction are performed by the skill itself.
Credentials
No environment variables or credentials are requested, which is proportional. However the hard-coded use of third-party RPC endpoints (not locally controlled) means sensitive data (wallet addresses and IPs) will be sent to those providers; consider whether you trust those endpoints or want to substitute your own RPC URLs.
Persistence & Privilege
The skill is user-invocable and not always-enabled. It does not attempt to modify other skills or system settings and does not request persistent presence.
如何使用
  1. 确保已安装 OpenClaw(本地或 Docker 部署)
  2. 在对话框中输入安装命令:/install multichain-portfolio-tracker
  3. 安装完成后,直接呼叫该 Skill 的名称或使用 /multichain-portfolio-tracker 触发
  4. 根据 Skill 的参数说明提供必要输入,即可获得结构化输出
版本历史
v1.0.0
Initial release: multi-chain portfolio tracking with real-time CoinGecko prices, wallet balance checks (EVM + Solana), price alerts, P&L calculation. No API keys needed.
元数据
Slug multichain-portfolio-tracker
版本 1.0.0
许可证 MIT-0
累计安装 0
当前安装数 0
历史版本数 1
常见问题

Multichain Portfolio Tracker 是什么?

Track multi-chain crypto portfolio with real-time prices, P&L, and alerts. Supports EVM (Ethereum, Base, Arbitrum, Polygon, Optimism), Solana, and manual ent... 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件,目前累计下载 84 次。

如何安装 Multichain Portfolio Tracker?

在 OpenClaw 或 Claude Code 对话框中运行命令「/install multichain-portfolio-tracker」即可一键安装,无需额外配置。

Multichain Portfolio Tracker 是免费的吗?

是的,Multichain Portfolio Tracker 完全免费,采用 MIT-0 许可证,可自由下载、安装和使用。

Multichain Portfolio Tracker 支持哪些平台?

Multichain Portfolio Tracker 跨平台运行,可在任意部署了 OpenClaw / Claude Code 的环境中使用(cross-platform)。

谁开发了 Multichain Portfolio Tracker?

由 JimmyClanker(@jimmyclanker)开发并维护,当前版本 v1.0.0。

推荐 Skills
self-improving agent
Captures learnings, errors, and corrections to enable continuous improvement. Use when: (1) A command or operation fails unexpectedly, (2) User corrects Clau...
⬇ 463283 · by pskoett
Skill Vetter
Security-first skill vetting for AI agents. Use before installing any skill from ClawdHub, GitHub, or other sources. Checks for red flags, permission scope, and suspicious patterns.
⬇ 259410 · by spclaudehome
Polymarket
Query Polymarket prediction markets. Check odds, find trending markets, search events, track price movements.
⬇ 232503 · by joelchance
Self-Improving + Proactive Agent
Self-reflection + Self-criticism + Self-learning + Self-organizing memory. Agent evaluates its own work, catches mistakes, and improves permanently. Use when...
⬇ 200423 · by ivangdavila
Github
Interact with GitHub using the `gh` CLI. Use `gh issue`, `gh pr`, `gh run`, and `gh api` for issues, PRs, CI runs, and advanced queries.
⬇ 191115 · by steipete
ontology
Typed knowledge graph for structured agent memory and composable skills. Use when creating/querying entities (Person, Project, Task, Event, Document), linkin...
⬇ 190156 · by oswalpalash

💬 留言讨论