WhaleWatch CLI

Agent-native whale wallet tracker for ETH and BTC chains. Track large crypto wallet movements, score whale activity, detect accumulation/distribution pattern...

This skill appears to be what it claims: a thin agent wrapper that runs a separate 'whalecli' tool and parses its JSON. Before installing or enabling autonomous use: 1) verify the external 'whalecli' package (PyPI/GitHub links in SKILL.md) to ensure you trust that code; 2) be aware that alerts can be configured to post to arbitrary webhooks — those endpoints will receive on-chain/wallet data, so only configure trusted URLs; 3) the skill expects an Etherscan API key stored in a local config file (not as a required env var) — supply keys only if you accept that access; 4) SKILL.md references automatic triggers and betting integrations (Simmer/Polymarket) — if you allow the agent to invoke the skill autonomously, decide whether automatic scans or pre-bet checks are acceptable in your environment. If you want higher assurance, inspect the upstream 'whalecli' package source on GitHub/PyPI before running pip install.

Type: OpenClaw Skill Name: whalecli Version: 0.1.0 The skill is classified as suspicious due to its high-risk capabilities, particularly the explicit instruction in `SKILL.md` for the AI agent to perform autonomous financial transactions (e.g., `place_simmer_bet`) based on market signals. While this aligns with the stated purpose of 'closed-loop signal→bet workflows', it represents a significant risk for unauthorized financial actions if the agent is compromised or misinterprets instructions. Additionally, the `whalecli alert set --webhook` command exposes a capability to send data to arbitrary external endpoints, which could be abused for data exfiltration, even if presented as a legitimate feature.