← 返回 Skills 市场
valuescan-monitor-skill
作者
ValueScan-ai
· GitHub ↗
· v1.0.2
· MIT-0
74
总下载
0
收藏
0
当前安装
1
版本数
在 OpenClaw 中安装
/install valuescan-moni
功能描述
ValueScan后台实时监控Skill。订阅Stream推送(大盘分析/代币信号),将数据持久化写入本地文件,可选飞书机器人通知。
安全使用建议
Before installing, verify the skill source and consider the following: (1) packaging mismatch — the registry claims no credentials but SKILL.md and scripts require API Key + Secret; confirm this is expected. (2) Credentials will be stored in plaintext at ~/.vs-monitor/config.json — avoid using high-privilege or long-lived keys, and restrict file permissions (chmod 600) or run the monitor in a container/VM. (3) The skill starts/kills background processes based on PID files — do not run as root and ensure PID files point to the intended processes. (4) Only configure the optional Feishu webhook if you trust the destination (it will receive message contents). (5) Inspect the provided scripts yourself (they are included) and consider running them in an isolated environment. If these issues are acceptable and provenance is verified, the code appears to implement the described monitoring behavior; otherwise do not install.
功能分析
Type: OpenClaw Skill
Name: valuescan-moni
Version: 1.0.2
The skill bundle is a legitimate monitoring tool for the ValueScan cryptocurrency platform. It provides Python and TypeScript scripts (`monitor.py`, `monitor.ts`) to subscribe to SSE streams for market analysis and token signals, with optional Feishu (Lark) notifications. While it stores API credentials in plaintext in `~/.vs-monitor/config.json` and manages background processes via PID files, these behaviors are explicitly documented in `SKILL.md` and are necessary for the tool's stated functionality. No evidence of malicious exfiltration, unauthorized execution, or prompt injection was found.
能力标签
能力评估
Purpose & Capability
Name/description, SKILL.md, and the included scripts consistently implement a realtime SSE monitor for ValueScan that writes events to disk and optionally posts to a Feishu webhook — that capability is coherent with the stated purpose. However, registry metadata (no required env vars, 'instruction-only' claim) contradicts SKILL.md which declares required API Key/Secret and dependency runtimes; the package claims to be instruction-only but includes runnable code (Python/TS/JS). These packaging inconsistencies should be resolved.
Instruction Scope
Runtime instructions are narrowly scoped to: collect APIKey/Secret, create ~/.vs-monitor/config.json, start/stop background monitor processes (PID files), write event data to user-specified outputDir, and optionally POST to a configured Feishu webhook. This matches the skill purpose. Two points to note: (1) the agent is instructed to start/kill processes and write files under the user's home — this requires shell access and can affect local processes if PID files are tampered with; (2) credentials are explicitly written to disk in plaintext per SKILL.md.
Install Mechanism
There is no automated install spec (no archive download or package installation), which reduces supply-chain risk, but the SKILL.md and scripts require Python and Node dependencies (pip packages and npm deps) to be installed manually. The presence of multiple language implementations (py/ts/js) is benign but worth noting — the skill ships runnable code even though registry metadata suggested instruction-only.
Credentials
Requesting an API Key and Secret is appropriate for subscribing to ValueScan streams. However: (1) SKILL.md/ scripts will store those credentials in plaintext at ~/.vs-monitor/config.json (explicitly noted) — this is a material risk and increases credential exposure; (2) registry metadata did not declare required credentials, an inventory mismatch that could lead to unexpected disclosure; (3) writing to arbitrary outputDir and allowing a webhook URL lets data leave the host if a webhook is configured or maliciously changed.
Persistence & Privilege
Skill does not request always:true or system-wide privileges. It manages its own files under ~/.vs-monitor and writes PID files for the monitor processes. The skill can be invoked autonomously (platform default), which combined with stored credentials would increase blast radius — exercise usual caution, but this is not an unusual privilege level for a monitoring skill.
如何使用
- 确保已安装 OpenClaw(本地或 Docker 部署)
- 在对话框中输入安装命令:
/install valuescan-moni - 安装完成后,直接呼叫该 Skill 的名称或使用
/valuescan-moni触发 - 根据 Skill 的参数说明提供必要输入,即可获得结构化输出
版本历史
v1.0.2
- Initial release of the ValueScan 实时监控 Skill.
- Supports subscribing to ValueScan Stream for real-time market and token signal push.
- Persists analysis/signal data to local files with structured directory rules.
- Optional Feishu bot notification when data is written.
- Includes process management with PID files for independent market/signal monitoring.
- Guided first-time setup for credentials, output directory, and Feishu webhook.
元数据
常见问题
valuescan-monitor-skill 是什么?
ValueScan后台实时监控Skill。订阅Stream推送(大盘分析/代币信号),将数据持久化写入本地文件,可选飞书机器人通知。 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件,目前累计下载 74 次。
如何安装 valuescan-monitor-skill?
在 OpenClaw 或 Claude Code 对话框中运行命令「/install valuescan-moni」即可一键安装,无需额外配置。
valuescan-monitor-skill 是免费的吗?
是的,valuescan-monitor-skill 完全免费,采用 MIT-0 许可证,可自由下载、安装和使用。
valuescan-monitor-skill 支持哪些平台?
valuescan-monitor-skill 跨平台运行,可在任意部署了 OpenClaw / Claude Code 的环境中使用(cross-platform)。
谁开发了 valuescan-monitor-skill?
由 ValueScan-ai(@valuescan-io)开发并维护,当前版本 v1.0.2。
推荐 Skills