技能详情(站内镜像,无评论)
作者:eddie @alexbrc20
许可证:MIT-0
MIT-0 ·免费使用、修改和重新分发。无需归因。
版本:v1.0.0
统计:⭐ 0 · 176 · 0 current installs · 0 all-time installs
⭐ 0
安装量(当前) 0
🛡 VirusTotal :良性 · OpenClaw :可疑
Package:alexbrc20/contract-scanner
安全扫描(ClawHub)
- VirusTotal :良性
- OpenClaw :可疑
OpenClaw 评估
The skill claims to scan contracts using external services but its code and instructions do not actually use the declared API key or tools and overpromise features — this mismatch is suspicious and should be clarified before use.
目的
The skill's stated purpose is contract scanning using services like Etherscan/TokenSniffer, but the shipped implementation (scanner.py) only prints simulated, hard-coded results and does not call any blockchain APIs or analyzers. The registry metadata requires ETHERSCAN_API_KEY and lists curl, but neither is used by the provided code. The SKILL.md also advertises features (real-time alerts, API access, deep analysis) that are not implemented i…
说明范围
SKILL.md gives usage/command examples and declares required env/binaries, but the runtime instructions do not describe any network/API usage or data flows. The instructions are high-level and do not show how an ETHERSCAN_API_KEY would be used, nor do they instruct reading user files or other sensitive data. However, the combination of vague instructions and a non-functional scanner implementation is a red flag.
安装机制
There is no install spec (instruction-only pattern) and no external archives are downloaded. Only a single Python file is included. This is the lower-risk install pattern, but note the file content does not match the claimed behavior.
证书
The skill requires ETHERSCAN_API_KEY (a sensitive credential) and lists curl in required binaries, yet the included Python script does not read environment variables, invoke curl, or perform network queries. Requesting a sensitive API key without using it is disproportionate and suspicious because it offers no clear justification for needing that secret.
持久
The skill is not always-enabled, does not request persistent system-wide changes, and contains no install-time behavior that would grant it ongoing privileges. There is no evidence it modifies other skills or system config.
安装(复制给龙虾 AI)
将下方整段复制到龙虾中文库对话中,由龙虾按 SKILL.md 完成安装。
请把本段交给龙虾中文库(龙虾 AI)执行:为本机安装 OpenClaw 技能「Contract Scanner」。简介:Scan smart contracts for security risks. Detect honeypots, high taxes, and mali…。
请 fetch 以下地址读取 SKILL.md 并按文档完成安装:https://raw.githubusercontent.com/openclaw/skills/refs/heads/main/skills/alexbrc20/contract-scanner/SKILL.md
(来源:yingzhi8.cn 技能库)SKILL.md
---
name: contract-scanner
version: 1.0.0
description: |
Scan smart contracts for security risks.
Detect honeypots, high taxes, and malicious code.
Protect yourself from scams!
metadata:
openclaw:
emoji: 🛡️
requires:
env:
- ETHERSCAN_API_KEY
bins:
- python3
- curl
pricing:
type: freemium
free:
description: "每日 3 次检测"
limits:
dailyScans: 3
pro:
price: 1.99
currency: USD
period: monthly
description: "无限检测,实时风险告警"
features:
- "无限合约检测"
- "实时风险告警"
- "代码深度分析"
- "历史安全评分"
- "批量检测"
- "API 访问"
---
# 🛡️ Contract Scanner - 合约安全检测
Scan smart contracts for security risks and scams.
## Features
- 🔍 Honeypot detection
- 💸 Tax analysis (buy/sell)
- 🔐 Ownership check
- 📊 Risk scoring
- ⚠️ Real-time alerts
## Usage
```bash
# Scan a contract
/contract-scanner check 0x123...abc
# Check tax
/contract-scanner tax 0x123...abc
# Verify ownership
/contract-scanner owner 0x123...abc
```
## Risk Levels
- 🟢 **Low** - Safe to trade
- 🟡 **Medium** - Some risks, be careful
- 🟠 **High** - High risk, avoid
- 🔴 **Critical** - Scam/honeypot, DO NOT BUY