← 返回 Skills 市场
2663629531

Token Risk Explainer

作者 2663629531 · GitHub ↗ · v0.1.0
cross-platform ⚠ suspicious
278
总下载
0
收藏
2
当前安装
1
版本数
在 OpenClaw 中安装
/install token-risk-explainer-skill
功能描述
Explain crypto token risk in plain Chinese and English from Binance Web3 token audit and market metadata. Use this skill when users want a contract-level ris...
安全使用建议
This skill otherwise looks coherent with its stated purpose, but be aware of these practical issues before installing: 1) Billing: by default the code uses a SkillPay billing client and will try to read SKILLPAY_APIKEY; if SKILLPAY_APIKEY is not set and SKILLPAY_BILLING_MODE is not set to 'noop' the skill will raise an error when it tries to bill. SKILL.md mentions SKILLPAY_APIKEY and SKILLPAY_PRICE_USDT but the registry metadata lists no required environment variables — treat that as a mismatch. 2) Network endpoints: the skill calls https://web3.binance.com (or whatever you set via BINANCE_WEB3_BASE_URL) to fetch token audits/meta and may call the SkillPay service (default https://skillpay.me) for billing. The data sent includes contract addresses and token metadata/audit results (not private keys), but it is transmitted to external services. 3) If you want to test safely, run the scripts in a sandbox and either (a) set SKILLPAY_BILLING_MODE=noop or (b) run with a known test SKILLPAY_APIKEY and SKILLPAY_BASE_URL pointed to a test endpoint. 4) If you require a guarantee that no billing/telemetry occurs, inspect or modify build_billing_client/maybe_bill to force noop billing. 5) The code is readable and doesn't request private wallet keys, but the environment var mismatch and implicit billing behavior are the main risks; if you rely on the registry metadata alone you could encounter runtime errors or unexpected external billing calls. If you want higher assurance, ask the author to update the declared required env vars and to document the CLI flags (e.g., --skip-billing) explicitly.
功能分析
Type: OpenClaw Skill Name: token-risk-explainer-skill Version: 0.1.0 The token-risk-explainer-skill is a legitimate tool designed to analyze and report on cryptocurrency token risks using Binance Web3 API data. The codebase, including scripts/token_risk_explainer.py and scripts/web3_client.py, follows standard practices for API interaction, data processing, and risk scoring. While it includes a billing module (scripts/billing.py) that requires an API key (SKILLPAY_APIKEY), this is transparently documented and used solely for its stated purpose of processing usage charges. No evidence of data exfiltration, malicious execution, or prompt injection was found.
能力评估
Purpose & Capability
Code and instructions align with the declared purpose: the scripts call a Binance Web3 API (default base URL https://web3.binance.com) to resolve tokens, fetch token metadata and audits, build risk factors, and produce bilingual summaries and community drafts. The included tests and FACTOR_COPY map support the stated behavior.
Instruction Scope
SKILL.md runtime commands are straightforward (run the Python script with explain/compare/watchlist/health). However the instructions and code reference environment variables and behavior not declared in the registry metadata: billing is performed via a SkillPay client that reads SKILLPAY_APIKEY (and optional SKILLPAY_BASE_URL, SKILLPAY_CHARGE_URL, SKILLPAY_CHARGE_PATH), and the web3 client reads BINANCE_WEB3_BASE_URL and BINANCE_HTTP_TIMEOUT_SEC. The SKILL.md mentions SKILLPAY_APIKEY and SKILLPAY_PRICE_USDT in a 'Billing Hook' section, but the top-level metadata claims no required env vars. At runtime, build_billing_client will raise a BillingError if SKILLPAY_BILLING_MODE is 'skillpay' (the default) and SKILLPAY_APIKEY is missing, so the skill can fail unless billing is skipped or mode set to noop. The code sends contract addresses and derived metadata to external endpoints (Binance Web3 and SkillPay) — expected for the purpose but worth noting.
Install Mechanism
There is no install spec; this is effectively an instruction-and-script bundle. Requirements include only 'requests' in requirements.txt. No arbitrary downloads, extract operations, or unusual installers are present. The provided publish script references a clawhub CLI (for publishing to a registry) but it is not required for runtime.
Credentials
The amount and type of environment variables read by the code are reasonable for the functionality (API base URL override, timeouts, and a billing API key). However the manifest claims 'Required env vars: none' while runtime billing requires SKILLPAY_APIKEY unless billing is disabled/skipped. Other env vars used but not documented in metadata include BINANCE_WEB3_BASE_URL, BINANCE_HTTP_TIMEOUT_SEC, SKILLPAY_BILLING_MODE, SKILLPAY_BASE_URL, SKILLPAY_CHARGE_URL, SKILLPAY_CHARGE_PATH, SKILLPAY_PRICE_USDT, and SKILLPAY_USER_REF. None of these require sensitive secrets except SKILLPAY_APIKEY, but that secret is required in the 'skillpay' billing mode and this requirement is not accurately reflected in the top-level metadata.
Persistence & Privilege
The skill does not request persistent 'always' inclusion and does not attempt to modify other skills or system configuration. It makes outbound HTTP requests (Binance Web3 and SkillPay) but does not request system-level privileges or access local secret stores beyond environment variables.
如何使用
  1. 确保已安装 OpenClaw(本地或 Docker 部署)
  2. 在对话框中输入安装命令:/install token-risk-explainer-skill
  3. 安装完成后,直接呼叫该 Skill 的名称或使用 /token-risk-explainer-skill 触发
  4. 根据 Skill 的参数说明提供必要输入,即可获得结构化输出
版本历史
v0.1.0
Initial public release
元数据
Slug token-risk-explainer-skill
版本 0.1.0
许可证
累计安装 2
当前安装数 2
历史版本数 1
常见问题

Token Risk Explainer 是什么?

Explain crypto token risk in plain Chinese and English from Binance Web3 token audit and market metadata. Use this skill when users want a contract-level ris... 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件,目前累计下载 278 次。

如何安装 Token Risk Explainer?

在 OpenClaw 或 Claude Code 对话框中运行命令「/install token-risk-explainer-skill」即可一键安装,无需额外配置。

Token Risk Explainer 是免费的吗?

是的,Token Risk Explainer 完全免费(开源免费),可自由下载、安装和使用。

Token Risk Explainer 支持哪些平台?

Token Risk Explainer 跨平台运行,可在任意部署了 OpenClaw / Claude Code 的环境中使用(cross-platform)。

谁开发了 Token Risk Explainer?

由 2663629531(@2663629531)开发并维护,当前版本 v0.1.0。

推荐 Skills
self-improving agent
Captures learnings, errors, and corrections to enable continuous improvement. Use when: (1) A command or operation fails unexpectedly, (2) User corrects Clau...
⬇ 463283 · by pskoett
Skill Vetter
Security-first skill vetting for AI agents. Use before installing any skill from ClawdHub, GitHub, or other sources. Checks for red flags, permission scope, and suspicious patterns.
⬇ 259410 · by spclaudehome
Polymarket
Query Polymarket prediction markets. Check odds, find trending markets, search events, track price movements.
⬇ 232503 · by joelchance
Self-Improving + Proactive Agent
Self-reflection + Self-criticism + Self-learning + Self-organizing memory. Agent evaluates its own work, catches mistakes, and improves permanently. Use when...
⬇ 200423 · by ivangdavila
Github
Interact with GitHub using the `gh` CLI. Use `gh issue`, `gh pr`, `gh run`, and `gh api` for issues, PRs, CI runs, and advanced queries.
⬇ 191113 · by steipete
ontology
Typed knowledge graph for structured agent memory and composable skills. Use when creating/querying entities (Person, Project, Task, Event, Document), linkin...
⬇ 190156 · by oswalpalash

💬 留言讨论