← 返回 Skills 市场
0xartex

Token Research

作者 0xArtex · GitHub ↗ · v1.0.0 · MIT-0
cross-platform ⚠ suspicious
329
总下载
0
收藏
1
当前安装
1
版本数
在 OpenClaw 中安装
/install token-research
功能描述
Comprehensive token research for EVM chains (Base, ETH, Arbitrum) and Solana. Use this skill when you want to research crypto tokens, deep-dive projects or m...
安全使用建议
What to check before installing: - Ask the publisher to declare required environment variables (at minimum: TWITTERAPI_KEY and any block-explorer API keys) in the skill metadata. Right now the skill references $TWITTERAPI_KEY but requires.env is empty. - Inspect the '~/workspace/scripts/ape-call.sh' referenced by the skill (or any 'call owner' mechanism). That script will be executed (or the skill will attempt to call it). Verify it does not exfiltrate research data or contact unknown endpoints. - Confirm how 'call owner' and 'send DM' steps are implemented and whether messaging credentials (Telegram/Discord/WhatsApp tokens) are needed — these are not declared. Do not grant messaging credentials until you verify the owner endpoint and message contents. - The skill instructs spawning parallel sub-agents and auto-deep-diving top picks. If you want to avoid autonomous multi-agent or background activity, restrict the skill's autonomous invocation or disable batch auto-deep-dive behavior. - The skill writes reports and appends watchlists under reports/ and watchlists/. Ensure you run it in an isolated workspace or that you trust these files will be appended only as described (the skill mandates 'APPEND only — never overwrite'). - Because the script makes many outbound network calls, review rate-limit and API-key usage (Etherscan/GoPlus) to avoid unexpected failures or leaking keys in logs. - If you are unsure about the owner or scripts, run the included fetch_token_data.sh in a sandboxed environment first and/or request the author to remove mandatory 'call owner' commands or to make owner notification optional. Bottom line: functionality is plausible for token research, but missing environment/credential declarations and mandatory 'call owner' outbound actions are red flags you should resolve before installing or enabling autonomous use.
功能分析
Type: OpenClaw Skill Name: token-research Version: 1.0.0 The skill bundle contains instructions in SKILL.md that create a shell injection vulnerability by directing the AI agent to execute a local script (~/workspace/scripts/ape-call.sh) using unsanitized data (ticker symbols and narratives) fetched from external APIs like DexScreener and Twitter. Furthermore, the instructions mandate autonomous 'deep dives' and notifications without user confirmation, which increases the risk of the agent being manipulated by malicious content found in external token metadata or social media posts (prompt injection). The reliance on an external, non-bundled script for 'MANDATORY' alerts is also a significant security and functional dependency.
能力评估
Purpose & Capability
The declared purpose (token research for EVM chains + Solana) aligns with the code and instructions: dexscreener, GoPlus, Etherscan/Basescan calls and web searches. However, the skill also mandates contacting an 'owner' (via a local script and messaging) and auto-appending watchlists/reports in the workspace — behaviors that go beyond pure read-only research and require filesystem and external messaging capabilities that are not declared.
Instruction Scope
SKILL.md instructs the agent to call external APIs (DexScreener, GoPlus, Twitter API endpoint), to run a local script at ~/workspace/scripts/ape-call.sh, to send Telegram/Discord/WhatsApp DMs and to spawn parallel sub-agents and auto-deep-dive top picks without user confirmation. It also requires appending watchlist and report files. These instructions direct network calls and writes and compel outbound communication (owner calls/DMs) that are not limited or qualified in the metadata.
Install Mechanism
No install spec; an instruction-only skill plus a single included shell script (fetch_token_data.sh). No arbitrary downloads or extract operations. The presence of a helper script is expected for this purpose.
Credentials
The SKILL.md and examples require/use environment variables (e.g., $TWITTERAPI_KEY) and imply use of API keys (Etherscan, possibly GoPlus) but the registry metadata lists no required env vars or primary credential. The skill also expects access to ~/workspace scripts and to be able to send messages to the 'owner' — credentials or tokens for messaging platforms are neither declared nor justified in the manifest.
Persistence & Privilege
always:false (good). But the instructions require appending files under reports/ and watchlists/ and mandate calling an owner and spawning sub-agents in batch mode. Those are persistent side-effects (file writes and potentially long-running monitoring) and autonomous actions that should be explicitly declared and consented to; currently they are embedded only in SKILL.md.
如何使用
  1. 确保已安装 OpenClaw(本地或 Docker 部署)
  2. 在对话框中输入安装命令:/install token-research
  3. 安装完成后,直接呼叫该 Skill 的名称或使用 /token-research 触发
  4. 根据 Skill 的参数说明提供必要输入,即可获得结构化输出
版本历史
v1.0.0
Initial release — introduces structured workflow for comprehensive token research across EVM and Solana. - Mandatory call-and-message protocol for high-potential tokens (WATCH/APE), with strict volume-driven triggers. - Enforces social research on X/Twitter for every token; mandates skipping pure memes except in specific high-volume cases. - Outlines deep and shallow research procedures, including use of APIs (DexScreener, GoPlus, Etherscan/Basescan, Twitter). - Implements systematic directory structure for research reports and monthly tiered watchlists with clear update rules. - Provides detailed, step-by-step research process template for fundamentals and Twitter-based due diligence.
元数据
Slug token-research
版本 1.0.0
许可证 MIT-0
累计安装 1
当前安装数 1
历史版本数 1
常见问题

Token Research 是什么?

Comprehensive token research for EVM chains (Base, ETH, Arbitrum) and Solana. Use this skill when you want to research crypto tokens, deep-dive projects or m... 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件,目前累计下载 329 次。

如何安装 Token Research?

在 OpenClaw 或 Claude Code 对话框中运行命令「/install token-research」即可一键安装,无需额外配置。

Token Research 是免费的吗?

是的,Token Research 完全免费,采用 MIT-0 许可证,可自由下载、安装和使用。

Token Research 支持哪些平台?

Token Research 跨平台运行,可在任意部署了 OpenClaw / Claude Code 的环境中使用(cross-platform)。

谁开发了 Token Research?

由 0xArtex(@0xartex)开发并维护,当前版本 v1.0.0。

推荐 Skills
self-improving agent
Captures learnings, errors, and corrections to enable continuous improvement. Use when: (1) A command or operation fails unexpectedly, (2) User corrects Clau...
⬇ 463283 · by pskoett
Skill Vetter
Security-first skill vetting for AI agents. Use before installing any skill from ClawdHub, GitHub, or other sources. Checks for red flags, permission scope, and suspicious patterns.
⬇ 259410 · by spclaudehome
Polymarket
Query Polymarket prediction markets. Check odds, find trending markets, search events, track price movements.
⬇ 232503 · by joelchance
Self-Improving + Proactive Agent
Self-reflection + Self-criticism + Self-learning + Self-organizing memory. Agent evaluates its own work, catches mistakes, and improves permanently. Use when...
⬇ 200423 · by ivangdavila
Github
Interact with GitHub using the `gh` CLI. Use `gh issue`, `gh pr`, `gh run`, and `gh api` for issues, PRs, CI runs, and advanced queries.
⬇ 191115 · by steipete
ontology
Typed knowledge graph for structured agent memory and composable skills. Use when creating/querying entities (Person, Project, Task, Event, Document), linkin...
⬇ 190156 · by oswalpalash

💬 留言讨论