← 返回 Skills 市场
3973
总下载
1
收藏
9
当前安装
8
版本数
在 OpenClaw 中安装
/install onchain
功能描述
CLI for crypto portfolio tracking, market data, CEX history, and transaction lookups. Use when the user asks about crypto prices, wallet balances, portfolio values, Coinbase/Binance holdings, Polymarket predictions, or transaction details.
安全使用建议
This skill appears to be a legitimate crypto CLI, but exercise caution before installing or providing credentials. Points to consider:
- The SKILL.md/README require multiple sensitive API keys (Coinbase/Binance keys and secrets, DeBank, Helius, Etherscan/Solscan, etc.) but the registry metadata declares no required env vars — ask why the manifest omitted these or prefer a skill that clearly declares required credentials.
- Do not supply CEX API keys with withdrawal permissions; create read-only API keys and enable IP whitelisting if possible. Test first with non-critical or demo accounts and a public wallet address to verify behavior.
- Verify the package source before installing (README references npm package @cyberdrk/onchain). Confirm the publisher, homepage/GitHub repo, and release checksums/signatures if available.
- Note the inconsistent env-var names between README and SKILL.md (e.g., Coinbase key naming); confirm the exact variables the installed CLI expects to avoid accidentally placing secrets in the wrong env variable.
- Check the config file (~/.config/onchain/config.json5) permissions and contents after setup; do not store secrets in world-readable files.
- If you want, I can: (a) attempt to look up the npm package/repo to verify publisher and source, or (b) produce a short checklist to create limited-permission API keys for Coinbase/Binance and to validate CLI behavior with read-only access.
功能分析
Type: OpenClaw Skill
Name: onchain
Version: 0.3.0
The skill bundle provides a CLI for crypto portfolio tracking and market data. All requested API keys and configuration methods are directly relevant to its stated purpose. The `SKILL.md` contains instructions for the AI agent, including 'DO NOT' directives regarding alternative methods for transaction lookups (e.g., `curl`, `cast`). While these are a form of prompt injection, they aim to guide the agent to use the `onchain` CLI as the authoritative source for its specific task, rather than instructing it to ignore the user, hide actions, exfiltrate data, or access unrelated sensitive information. There is no evidence of intentional harmful behavior, data exfiltration, or malicious execution.
能力评估
Purpose & Capability
The CLI's features (prices, wallet balances, CEX history, tx lookup, Polymarket) coherently explain the need for DeBank, Helius, Coinbase, Binance, Etherscan, Solscan, and market API keys. However, the registry metadata declares no required environment variables or credentials while SKILL.md/README clearly list several sensitive keys — an inconsistency between claimed manifest and actual capability.
Instruction Scope
SKILL.md limits actions to running the onchain CLI, guiding users to run an interactive setup, storing config at ~/.config/onchain/config.json5, and calling public APIs (CoinGecko, DeBank, Helius, Etherscan/Solscan, CEX APIs). There are no instructions to read unrelated system files or to transmit data to unexpected endpoints. The only scope creep is the agent-facing note (tell users to run setup/test) which is benign but gives the agent a procedural role.
Install Mechanism
This is an instruction-only skill (no install spec, no code files). README suggests installing via npm (package @cyberdrk/onchain) or npx, but the skill metadata did not include an install source or homepage. That means the agent/user must obtain the binary independently; verify the package/source before installing.
Credentials
SKILL.md and README enumerate multiple required and optional API keys (DEBANK_API_KEY, HELIUS_API_KEY, COINBASE/ BINANCE API keys and secrets, ETHERSCAN_API_KEY, SOLSCAN_API_KEY, COINGECKO/COINMARKETCAP). The registry metadata, however, lists no required env vars or primary credential. README and SKILL.md also use inconsistent variable names for Coinbase (different names in README vs SKILL.md). Requesting CEX API keys is plausible for CEX features but these are sensitive (can expose balances and trades) and the manifest should have declared them — omission and naming inconsistencies are a red flag.
Persistence & Privilege
The skill is not forced-always (always:false) and does not request elevated platform privileges. It stores configuration under the user's home config (~/.config/onchain/config.json5), which is typical for a CLI. There is no evidence the skill modifies other skills or system-wide settings.
如何使用
- 确保已安装 OpenClaw(本地或 Docker 部署)
- 在对话框中输入安装命令:
/install onchain - 安装完成后,直接呼叫该 Skill 的名称或使用
/onchain触发 - 根据 Skill 的参数说明提供必要输入,即可获得结构化输出
版本历史
v0.3.0
Version 0.3.0
v0.2.1
Version 0.2.1
v0.2.0
Version 0.2.0
v0.1.5
Version 0.1.5
v0.1.4
Fix clawdhub publish workdir
v0.1.3
test
v0.1.2
test
v0.1.0
Initial release
元数据
常见问题
Onchain CLI 是什么?
CLI for crypto portfolio tracking, market data, CEX history, and transaction lookups. Use when the user asks about crypto prices, wallet balances, portfolio values, Coinbase/Binance holdings, Polymarket predictions, or transaction details. 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件,目前累计下载 3973 次。
如何安装 Onchain CLI?
在 OpenClaw 或 Claude Code 对话框中运行命令「/install onchain」即可一键安装,无需额外配置。
Onchain CLI 是免费的吗?
是的,Onchain CLI 完全免费(开源免费),可自由下载、安装和使用。
Onchain CLI 支持哪些平台?
Onchain CLI 跨平台运行,可在任意部署了 OpenClaw / Claude Code 的环境中使用(cross-platform)。
谁开发了 Onchain CLI?
由 arein(@arein)开发并维护,当前版本 v0.3.0。
推荐 Skills