← 返回 Skills 市场
535
总下载
0
收藏
3
当前安装
1
版本数
在 OpenClaw 中安装
/install passive-income-tracker
功能描述
Track earnings, payouts, and uptime from multiple passive crypto income apps with daily summaries and export options in USD/EUR.
安全使用建议
This skill conceptually fits its purpose (aggregating earnings) but the package is instruction-only and does not include the CLI or code that it references. Before installing or running anything you should: 1) Inspect the referenced GitHub repository code yourself (or ask for it) to verify how tokens are stored/encrypted and how alerts (WhatsApp/Telegram) are delivered. 2) Avoid pasting long-lived secrets or passwords on the command line; prefer short-lived API keys or read-only tokens and use a secure secret entry method. 3) Verify the repository's authenticity (owner, commits, issues) and prefer running the code on an isolated machine or VM. 4) If you proceed, confirm exactly where credentials are saved and how encryption is implemented; do not rely solely on the SKILL.md claim of 'encrypted at rest'. 5) Consider whether automatic messaging requires additional credentials and where those will be stored.
功能分析
Type: OpenClaw Skill
Name: passive-income-tracker
Version: 1.0.0
The skill is classified as suspicious primarily due to its reliance on the `exec` tool, which, without reviewing the underlying Python code, presents a significant vulnerability risk for shell injection or unauthorized command execution. While the `SKILL.md` explicitly states 'No telemetry, no cloud sync' and 'API tokens stored encrypted at rest' (mitigating exfiltration concerns), the handling of sensitive API tokens and local node keys, combined with the powerful `exec` capability, warrants caution. There is no evidence of prompt injection attempts or intentional malicious behavior like data exfiltration to external, unauthorized endpoints.
能力评估
Purpose & Capability
Name and description match the intended function (aggregating passive-crypto earnings), and the listed credentials (service tokens, node keys) are plausible for that task. However, the skill advertises a CLI with many commands and claims 'encrypted at rest' storage but provides no code or install mechanism in the bundle (instruction-only). That mismatch (declared commands + implementation absent) is unexpected and reduces trust.
Instruction Scope
SKILL.md instructs obtaining sensitive data: copying a Grass.io session token from browser storage, supplying Storj API keys and wallet addresses, and reading a Mysterium keystore file (~/.mysterium/keystore/node.key). Those actions are coherent with the stated purpose but involve high-sensitivity secrets and local file access. The doc also promises automatic WhatsApp/Telegram messaging but gives no details on how messaging is authenticated or configured — a gap that could hide additional credential prompts or third-party services.
Install Mechanism
No install specification and no code files are bundled (instruction-only). The SKILL.md references executing a 'passive-income-tracker' CLI and claims encrypted local storage, yet the registry package contains no installer or binaries. This forces users to fetch and run external code (GitHub repo link is provided), which is a legitimate path but increases risk because the skill package itself doesn't supply or verify the implementation.
Credentials
The skill does not request environment variables via the registry metadata (none declared), which is consistent. It does, however, instruct users to supply many sensitive credentials (session tokens, API keys, email+password for Honeygain, node keystore). Those credentials are proportionate to the stated integrations but are sensitive; the documentation claims encrypted storage and 'no telemetry' without providing the code to verify how secrets are protected. Passing credentials on the command line (examples use CLI flags) risks exposure in shell history.
Persistence & Privilege
The skill is not marked always:true and does not request elevated or persistent platform privileges. It names standard OpenClaw tools (exec, message, web_fetch) in its metadata, which is normal. There is no evidence it modifies other skills or global agent configuration.
如何使用
- 确保已安装 OpenClaw(本地或 Docker 部署)
- 在对话框中输入安装命令:
/install passive-income-tracker - 安装完成后,直接呼叫该 Skill 的名称或使用
/passive-income-tracker触发 - 根据 Skill 的参数说明提供必要输入,即可获得结构化输出
版本历史
v1.0.0
Passive Income Tracker 1.0.0 — Initial Release
- Unified dashboard to track daily, weekly, and monthly earnings across multiple crypto passive income apps (Grass.io, Storj, Mysterium, Honeygain, EarnApp, Peer2Profit, and custom sources)
- Automated daily/weekly summaries and payout alerts sent to WhatsApp or Telegram
- Live USD/EUR conversion for crypto earnings and payout threshold tracking
- Service uptime correlation and low earnings alerting
- Export earnings history to CSV or JSON for reporting or tax purposes
- All data stored locally with user privacy in mind, supports encrypted API token storage
元数据
常见问题
Clawhub Skill Passive Income Tracker 是什么?
Track earnings, payouts, and uptime from multiple passive crypto income apps with daily summaries and export options in USD/EUR. 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件,目前累计下载 535 次。
如何安装 Clawhub Skill Passive Income Tracker?
在 OpenClaw 或 Claude Code 对话框中运行命令「/install passive-income-tracker」即可一键安装,无需额外配置。
Clawhub Skill Passive Income Tracker 是免费的吗?
是的,Clawhub Skill Passive Income Tracker 完全免费(开源免费),可自由下载、安装和使用。
Clawhub Skill Passive Income Tracker 支持哪些平台?
Clawhub Skill Passive Income Tracker 跨平台运行,可在任意部署了 OpenClaw / Claude Code 的环境中使用(cross-platform)。
谁开发了 Clawhub Skill Passive Income Tracker?
由 mariusfit(@mariusfit)开发并维护,当前版本 v1.0.0。
推荐 Skills