← Back to Skills Marketplace
valuescan-monitor-skill
by
ValueScan-ai
· GitHub ↗
· v1.0.2
· MIT-0
74
Downloads
0
Stars
0
Active Installs
1
Versions
Install in OpenClaw
/install valuescan-moni
Description
ValueScan后台实时监控Skill。订阅Stream推送(大盘分析/代币信号),将数据持久化写入本地文件,可选飞书机器人通知。
Usage Guidance
Before installing, verify the skill source and consider the following: (1) packaging mismatch — the registry claims no credentials but SKILL.md and scripts require API Key + Secret; confirm this is expected. (2) Credentials will be stored in plaintext at ~/.vs-monitor/config.json — avoid using high-privilege or long-lived keys, and restrict file permissions (chmod 600) or run the monitor in a container/VM. (3) The skill starts/kills background processes based on PID files — do not run as root and ensure PID files point to the intended processes. (4) Only configure the optional Feishu webhook if you trust the destination (it will receive message contents). (5) Inspect the provided scripts yourself (they are included) and consider running them in an isolated environment. If these issues are acceptable and provenance is verified, the code appears to implement the described monitoring behavior; otherwise do not install.
Capability Analysis
Type: OpenClaw Skill
Name: valuescan-moni
Version: 1.0.2
The skill bundle is a legitimate monitoring tool for the ValueScan cryptocurrency platform. It provides Python and TypeScript scripts (`monitor.py`, `monitor.ts`) to subscribe to SSE streams for market analysis and token signals, with optional Feishu (Lark) notifications. While it stores API credentials in plaintext in `~/.vs-monitor/config.json` and manages background processes via PID files, these behaviors are explicitly documented in `SKILL.md` and are necessary for the tool's stated functionality. No evidence of malicious exfiltration, unauthorized execution, or prompt injection was found.
Capability Tags
Capability Assessment
Purpose & Capability
Name/description, SKILL.md, and the included scripts consistently implement a realtime SSE monitor for ValueScan that writes events to disk and optionally posts to a Feishu webhook — that capability is coherent with the stated purpose. However, registry metadata (no required env vars, 'instruction-only' claim) contradicts SKILL.md which declares required API Key/Secret and dependency runtimes; the package claims to be instruction-only but includes runnable code (Python/TS/JS). These packaging inconsistencies should be resolved.
Instruction Scope
Runtime instructions are narrowly scoped to: collect APIKey/Secret, create ~/.vs-monitor/config.json, start/stop background monitor processes (PID files), write event data to user-specified outputDir, and optionally POST to a configured Feishu webhook. This matches the skill purpose. Two points to note: (1) the agent is instructed to start/kill processes and write files under the user's home — this requires shell access and can affect local processes if PID files are tampered with; (2) credentials are explicitly written to disk in plaintext per SKILL.md.
Install Mechanism
There is no automated install spec (no archive download or package installation), which reduces supply-chain risk, but the SKILL.md and scripts require Python and Node dependencies (pip packages and npm deps) to be installed manually. The presence of multiple language implementations (py/ts/js) is benign but worth noting — the skill ships runnable code even though registry metadata suggested instruction-only.
Credentials
Requesting an API Key and Secret is appropriate for subscribing to ValueScan streams. However: (1) SKILL.md/ scripts will store those credentials in plaintext at ~/.vs-monitor/config.json (explicitly noted) — this is a material risk and increases credential exposure; (2) registry metadata did not declare required credentials, an inventory mismatch that could lead to unexpected disclosure; (3) writing to arbitrary outputDir and allowing a webhook URL lets data leave the host if a webhook is configured or maliciously changed.
Persistence & Privilege
Skill does not request always:true or system-wide privileges. It manages its own files under ~/.vs-monitor and writes PID files for the monitor processes. The skill can be invoked autonomously (platform default), which combined with stored credentials would increase blast radius — exercise usual caution, but this is not an unusual privilege level for a monitoring skill.
How to Use
- Make sure OpenClaw is installed (local or Docker)
- Run the install command in chat:
/install valuescan-moni - After installation, invoke the skill by name or use
/valuescan-moni - Provide required inputs per the skill's parameter spec and get structured output
Version History
v1.0.2
- Initial release of the ValueScan 实时监控 Skill.
- Supports subscribing to ValueScan Stream for real-time market and token signal push.
- Persists analysis/signal data to local files with structured directory rules.
- Optional Feishu bot notification when data is written.
- Includes process management with PID files for independent market/signal monitoring.
- Guided first-time setup for credentials, output directory, and Feishu webhook.
Metadata
Frequently Asked Questions
What is valuescan-monitor-skill?
ValueScan后台实时监控Skill。订阅Stream推送(大盘分析/代币信号),将数据持久化写入本地文件,可选飞书机器人通知。 It is an AI Agent Skill for Claude Code / OpenClaw, with 74 downloads so far.
How do I install valuescan-monitor-skill?
Run "/install valuescan-moni" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.
Is valuescan-monitor-skill free?
Yes, valuescan-monitor-skill is completely free, licensed under MIT-0. You can download, install and use it at no cost.
Which platforms does valuescan-monitor-skill support?
valuescan-monitor-skill is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).
Who created valuescan-monitor-skill?
It is built and maintained by ValueScan-ai (@valuescan-io); the current version is v1.0.2.
More Skills