← 返回 Skills 市场
89
总下载
0
收藏
1
当前安装
1
版本数
在 OpenClaw 中安装
/install nansen-alerts-webhook-listener
功能描述
Set up a local webhook server to receive Nansen smart alerts in real-time with HMAC signature verification and public tunneling. Use when a user wants to lis...
安全使用建议
Do not install or provide secrets yet — ask the publisher why the skill requires 'nansen' and NANSEN_API_KEY when the doc says it only runs a local webhook server. Confirm whether you actually need the nansen CLI; if not, remove that requirement. Before running any generated server script: (1) inspect the exact code the skill will write (ensure HMAC timing-safe comparison is implemented correctly and there are no obvious bugs), (2) keep the tunnel only as long as needed and rotate any webhook secret afterward, (3) if you enable OpenClaw forwarding, verify the target URL and token are safe and declared in the skill metadata, and (4) prefer localtunnel only for short tests — ngrok is recommended for stability but requires its own auth token. If the publisher cannot justify the API key or the nansen install, consider the skill incoherent and avoid supplying credentials.
功能分析
Type: OpenClaw Skill
Name: nansen-alerts-webhook-listener
Version: 1.0.0
The skill provides a legitimate utility for setting up a local Node.js webhook listener to receive Nansen smart alerts. It includes a robust server implementation (nansen-webhook-server.mjs) using only built-in Node.js modules, featuring HMAC-SHA256 signature verification with timing-safe comparisons, payload size limits, and localhost-only binding. The instructions in SKILL.md include explicit security warnings about the risks of using public tunnels (ngrok/localtunnel) and correctly guide the agent to wait for user confirmation and handle secrets securely.
能力标签
能力评估
Purpose & Capability
The skill's name/description say it only sets up a local webhook receiver with HMAC verification and an optional public tunnel. However, the registry metadata requires the 'nansen' binary and declares NANSEN_API_KEY as the primary credential. The SKILL.md explicitly says it does NOT create or modify alerts, so requiring an API key and the nansen CLI is disproportionate and unexplained.
Instruction Scope
The runtime instructions are specific and constrained (bind to 127.0.0.1, POST /webhook, HMAC verification, 1 MB limit, graceful shutdown) which is good. But the instructions also reference additional environment variables (OPENCLAW_GATEWAY_URL, OPENCLAW_AUTH_TOKEN) that are not listed in requires.env, and they include optional forwarding of verified payloads to another local service. The agent is told to create and run a server and to expose it via a tunnel (ngrok/localtunnel) — acceptable for the purpose but the combination of forwarding to OpenClaw and undeclared env usage should be explicit in metadata.
Install Mechanism
The install spec installs an npm package 'nansen-cli' (creates 'nansen' binary). npm installs from the public registry are moderate risk but commonly acceptable. The concern is not the mechanism itself but that installing nansen-cli appears unnecessary for a listener that 'does NOT create or modify alerts'. If the CLI is only for testing, that should be documented; otherwise the requirement is disproportionate.
Credentials
Only NANSEN_API_KEY is declared as required/primary, but the SKILL.md never needs that key to run the webhook receiver (it verifies incoming HMACs with a separately generated WEBHOOK_SECRET). The instructions also reference OPENCLAW_GATEWAY_URL and OPENCLAW_AUTH_TOKEN (used for forwarding) but these are not declared as required or optional env vars. Requiring NANSEN_API_KEY without justification is a red flag — ask why the key is needed and do not supply it unless necessary.
Persistence & Privilege
The skill is not always-enabled and does not request permanent presence or elevated platform privileges. It also does not attempt to modify other skills. Normal autonomous invocation is allowed (default), which is expected for skills.
如何使用
- 确保已安装 OpenClaw(本地或 Docker 部署)
- 在对话框中输入安装命令:
/install nansen-alerts-webhook-listener - 安装完成后,直接呼叫该 Skill 的名称或使用
/nansen-alerts-webhook-listener触发 - 根据 Skill 的参数说明提供必要输入,即可获得结构化输出
版本历史
v1.0.0
nansen-alerts-webhook-listener 1.0.0
- Initial release: Set up a secure local webhook server to receive real-time Nansen smart alert payloads, with HMAC signature verification.
- Supports public tunneling via ngrok (recommended) or localtunnel, enabling Nansen alert delivery to your local machine.
- No external Node.js dependencies—uses only built-in modules for security and simplicity.
- Includes optional integration with OpenClaw Gateway for automatic alert-driven agent turns.
- Implements security best practices: strict signature checks, 1 MB body limit, and minimal endpoint exposure.
- Provides clear, user-guided setup instructions and safety warnings.
元数据
常见问题
Nansen Alerts Webhook Listener 是什么?
Set up a local webhook server to receive Nansen smart alerts in real-time with HMAC signature verification and public tunneling. Use when a user wants to lis... 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件,目前累计下载 89 次。
如何安装 Nansen Alerts Webhook Listener?
在 OpenClaw 或 Claude Code 对话框中运行命令「/install nansen-alerts-webhook-listener」即可一键安装,无需额外配置。
Nansen Alerts Webhook Listener 是免费的吗?
是的,Nansen Alerts Webhook Listener 完全免费,采用 MIT-0 许可证,可自由下载、安装和使用。
Nansen Alerts Webhook Listener 支持哪些平台?
Nansen Alerts Webhook Listener 跨平台运行,可在任意部署了 OpenClaw / Claude Code 的环境中使用(cross-platform)。
谁开发了 Nansen Alerts Webhook Listener?
由 Nansen AI(@nansen-devops)开发并维护,当前版本 v1.0.0。
推荐 Skills