← 返回 Skills 市场
308
总下载
0
收藏
1
当前安装
8
版本数
在 OpenClaw 中安装
/install sol-bsc-dev-monitor
功能描述
Unified Dev Wallet Monitor for BSC and Solana - Monitor only, manual buy only, no private keys
安全使用建议
Things to consider before installing/running:
- Do not run this on systems containing private keys or production wallets until you audit it locally — the author embeds a SkillPay API key in the source which is sensitive and unusual.
- The README/SKILL.md reference node index.js for billing/auto-charge operations but index.js is missing: the advertised billing/autocharging flow appears incomplete or broken. Ask the author for the missing file or an explanation before using billing features.
- The billing API key (sk_* value) is hardcoded in billing.js/billing-final.js and in SKILL.md frontmatter. If you plan to use this package, consider removing or rotating that key and configuring billing via environment variables or your own billing account.
- Several code paths look buggy (Solana transaction parsing and some counters). These are likely to cause false negatives/positives or runtime errors, not direct exfiltration, but you should review and test in an isolated environment first.
- Network calls to skillpay.me, configured RPC endpoints, and public DEX sites are expected; review and decide whether those endpoints are acceptable for your environment.
- If you want to proceed: run in an isolated VM/container with no secrets, review/fix the missing index.js or disable billing calls, and inspect or remove the embedded API key. If you cannot verify the missing pieces or the API key provenance, do not use it for real monitoring/billing.
功能分析
Type: OpenClaw Skill
Name: sol-bsc-dev-monitor
Version: 1.0.10
The skill bundle is a multi-chain developer wallet monitor for BSC and Solana designed to track token transfers and deployments. It operates as a 'monitor-only' tool, explicitly stating it does not require private keys and only provides manual buy links to legitimate DEXs like Jupiter and PancakeSwap. The bundle includes a billing integration via the SkillPay API (skillpay.me) to manage per-call usage fees. While the code contains several functional bugs and compatibility issues (e.g., incorrect Solana balance parsing logic in `index-sol-safe.js`, syntax errors in comments, and hardcoded developer API keys), there is no evidence of malicious intent, data exfiltration, or unauthorized system access.
能力评估
Purpose & Capability
The stated purpose—monitor-only for BSC and Solana—is broadly consistent with the provided monitoring scripts (index-bsc.js and index-sol-safe.js). Billing-related files exist (billing.js / billing-final.js) which is reasonable given the SKILL.md describes paid per-call usage. However the SKILL.md and README reference an index.js for billing/auto-charge operations but no index.js exists in the file manifest — a missing file that breaks the advertised billing/auto-charge flow.
Instruction Scope
SKILL.md instructs the agent to call node index.js for balance/payment/monitor-with-auto-charge actions, but index.js is absent. The SKILL.md frontmatter includes a billing API key and explicit per-call billing configuration; the code indeed performs outbound billing requests to skillpay.me using a hardcoded API key. The monitoring instructions themselves only read public blockchain data and local logs (consistent with monitor-only claims), but the missing index.js and the embedded API key are scope and operational inconsistencies that need resolution.
Install Mechanism
This is an instruction/code-only skill with no install spec. Dependencies are standard JS libs (ethers, @solana/web3.js, axios). No remote downloads or archive extraction are present in the manifest — low install risk. The presence of code files means running npm install will pull normal public packages as listed in README.
Credentials
The skill declares no required environment variables, yet the repository and SKILL.md embed a billing API key (skillpay) directly in code and frontmatter. Embedding a secret/API key in published code is poor practice and increases risk: that key could be used by the author or anyone with the package to call the billing API. Apart from billing, the skill does not request private keys or unrelated credentials (which matches the monitor-only claim).
Persistence & Privilege
No elevated platform privileges are requested (always:false). The skill does not claim to modify other skills or system-wide settings. It writes logs and detection JSON files to local directories (logs-*/, detections-*/), which is expected for a monitoring tool.
如何使用
- 确保已安装 OpenClaw(本地或 Docker 部署)
- 在对话框中输入安装命令:
/install sol-bsc-dev-monitor - 安装完成后,直接呼叫该 Skill 的名称或使用
/sol-bsc-dev-monitor触发 - 根据 Skill 的参数说明提供必要输入,即可获得结构化输出
版本历史
v1.0.10
Version 1.0.10 – Adds billing SDK and updates documentation
- Added new file: `billing-final.js` for billing and balance functionality.
- Updated documentation to clarify billing flow, platform fees, and manual-buy-only process.
- Provided usage examples for billing actions (balance check, charging, payment link) and detailed monitoring flows.
- Clarified that private keys are never collected or used; tool remains monitor-only.
- Added more detailed configuration, API references, and output/result samples.
v1.0.9
- Major update: skill is now monitor-only with no private key or auto-buy support.
- Removed auto-buy and trading functionality; only token transfer monitoring is available.
- Private keys are no longer required—no wallet access or transactions.
- Price per call reduced; updated billing details and added balance/payment-link API docs.
- Usage instructions focus on safe, research-only monitoring with manual buy links for users.
- Cleaned up code and documentation for a simplified, security-first, monitor-only experience.
v1.0.5
- No code or documentation changes detected in this release.
- Version updated to 1.0.5, but content remains unchanged from the previous version.
v1.0.4
- Added SECURITY.md for improved documentation of security practices.
- Added utils.js for utility functions.
- Removed outdated and redundant documentation files: LOCATIONS.md, QUICK-START.md, SECURITY-FINAL-STATUS.md, SECURITY-NOTICES.md, VERIFICATION-REPORT.md.
- No functional changes to core features.
v1.0.3
- Added SECURITY-FINAL-STATUS.md and SECURITY-NOTICES.md files.
- Updated Solana test/run instructions to use index-sol-safe.js for improved security and clarity.
v1.0.2
- Added LOCATIONS.md and VERIFICATION-REPORT.md documentation files.
- No changes to the core functionality.
v1.0.1
- Added QUICK-START.md with setup or usage instructions.
- Added index-sol-safe.js for Solana monitoring.
- Removed index-sol.js (replaced or deprecated).
- No changes to the main SKILL.md content.
v1.0.0
Initial release of Unified Dev Monitor with Auto-Buy for BSC and Solana.
- Monitor developer addresses on both BSC and Solana chains.
- Automatic buy feature for detected new tokens via PancakeSwap (BSC) and PumpSwap (Solana).
- Flexible per-call billing (0.01 USDT) using SkillPay.me.
- Extensive environment and auto-buy configuration options.
- Detailed logging, development, and security guidance included.
元数据
常见问题
sol-bsc-dev-monitor-skill 是什么?
Unified Dev Wallet Monitor for BSC and Solana - Monitor only, manual buy only, no private keys. 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件,目前累计下载 308 次。
如何安装 sol-bsc-dev-monitor-skill?
在 OpenClaw 或 Claude Code 对话框中运行命令「/install sol-bsc-dev-monitor」即可一键安装,无需额外配置。
sol-bsc-dev-monitor-skill 是免费的吗?
是的,sol-bsc-dev-monitor-skill 完全免费(开源免费),可自由下载、安装和使用。
sol-bsc-dev-monitor-skill 支持哪些平台?
sol-bsc-dev-monitor-skill 跨平台运行,可在任意部署了 OpenClaw / Claude Code 的环境中使用(cross-platform)。
谁开发了 sol-bsc-dev-monitor-skill?
由 mybusd(@mybusd)开发并维护,当前版本 v1.0.10。
推荐 Skills