📡 Simmer Signal Service — 交易信号
v1.0.1基于 Simmer 与 Binance 数据,为 BTC、ETH、SOL 等主流币种提供 BUY/SELL/HOLD 建议及置信度,助您快速捕捉 Polymarket 行情变化。
0· 331·0 当前·0 累计
by 下载技能包
最后更新
2026/4/22
安全扫描
OpenClaw
可疑
medium confidenceNULL
评估建议
What to check before installing/using: 1) Billing mismatch: SKILL.md and comments mention 0.001 USDT per call, but the script charges 0.01 USDT in charge_user() and prints charged amounts of 0.01 — confirm the actual charge rate with the author or in the code before giving any SkillPay API key or funding an account. 2) API keys: SKILLPAY_API_KEY grants billing actions — treat it as highly sensitive; only provide it after verifying the SkillPay endpoint and skill_id. 3) USER_ID is required at run...详细分析 ▾
ℹ 用途与能力
The skill's code and SKILL.md match the described purpose: it fetches Binance prices, calls Simmer for opportunities, and uses SkillPay for billing. Requested API keys (SIMMER_API_KEY and SKILLPAY_API_KEY) are appropriate for those functions. Minor mismatches exist (different SkillPay base URLs used in the code and metadata), but overall the requested capabilities align with the declared purpose.
ℹ 指令范围
Runtime instructions and the code are consistent in guiding the agent to fetch market data and bill via SkillPay; they do not attempt to read unrelated system files. However, SKILL.md instructs users to set USER_ID (wallet address) and the CLI requires a --user-id or USER_ID env var at runtime, yet USER_ID is not declared in the registry's required env list — this is an actionable inconsistency. The docs also promote automated cron runs every 5 minutes (high-frequency billing), which is central to its monetization; users should be aware this will generate repeated network/billing calls.
✓ 安装机制
No install spec is present (instruction-only with an included script). This is the lower-risk option since nothing arbitrary is downloaded during install. The skill depends on 'requests' per requirements.txt, which is reasonable for its network calls.
⚠ 凭证需求
The two required secrets (SKILLPAY_API_KEY and SIMMER_API_KEY) are relevant to billing and data access and therefore justified. Concerns: (1) USER_ID is required at runtime but is not declared as a required env var in the registry metadata; (2) there are inconsistencies in the documented and coded pricing/charging amounts (see below), which affect how much access to billing credentials actually means in practice; (3) the code accepts alternate env names (SKILL_BILLING_API_KEY, SKILLPAY_SKILL_ID, SKILL_ID) which increases the set of environment variables that could be sensitive. Any API key that permits billing should be treated as highly sensitive.
✓ 持久化与权限
The skill does not request always: true, does not modify other skills, and does not ask for system-level config paths. Autonomous invocation is allowed by default (platform behavior) but the skill itself does not request elevated persistence beyond normal operation.
安全有层次,运行前请审查代码。
运行时依赖
无特殊依赖
版本
latestv1.0.12026/3/5
NULL
● 可疑
安装命令
点击复制官方npx clawhub@latest install simmer-signal-service
镜像加速npx clawhub@latest install simmer-signal-service --registry https://cn.longxiaskill.com