📦 Token Scan — 代币安全扫描
v1.0.0一键扫描代币合约安全风险,输出结构化报告:安全评分、税率、持币集中度、LP锁仓状态,支持BSC等多链。
0· 139·0 当前·0 累计
by 下载技能包
最后更新
2026/3/17
安全扫描
OpenClaw
安全
high confidenceThe skill is internally consistent: it calls CertiK's public token-scan endpoint with a simple bundled Python script, requires no credentials, and the instructions match the code and described purpose.
评估建议
This skill appears to do exactly what it says: it sends the chain and contract address to CertiK's public token-scan API and returns JSON. Before installing, consider: (1) network calls to open.api.certik.com will reveal which contract addresses you query — if that is sensitive for your organization, avoid using it; (2) the script prints raw JSON, so the agent should format/sanitize outputs before exposing them to users; (3) SKILL.md recommends validating address formats but the bundled script d...详细分析 ▾
✓ 用途与能力
Name/description match the implementation: the bundled script and SKILL.md call the public CertiK token-scan API (open.api.certik.com) to retrieve a token risk scan. There are no unrelated credentials, binaries, or services requested.
ℹ 指令范围
SKILL.md restricts usage to supported chains and instructs validation of addresses and use of the bundled Python script (with a curl fallback). The Python script itself simply performs an HTTP GET and does not perform address-format validation; the SKILL.md places some validation responsibility on the agent. This is a minor mismatch but not malicious.
✓ 安装机制
No install spec — instruction-only with a small included Python script. No downloads from arbitrary URLs, no archives extracted, and nothing is written to disk beyond executing the provided script. Low install risk.
✓ 凭证需求
The skill requests no environment variables, no credentials, and no config paths. It makes outbound HTTPS calls to a single third-party endpoint (CertiK). The network access is proportional to the stated purpose.
✓ 持久化与权限
always is false and the skill does not request persistent system privileges or modify other skills. Autonomous invocation is allowed but is the platform default; this skill does not request elevated persistence.
安全有层次,运行前请审查代码。
运行时依赖
无特殊依赖
版本
latestv1.0.02026/3/17
Initial release of token-scan skill. - Provides structured security risk analysis for token contracts on 11 supported chains (bsc, eth, solana, arbitrum, base, polygon, avax, tron, ton, plasma, sui). - Returns risk score, alert count, alert severity, token tax info, holder concentration, and LP lock status. - Alerts are sorted by severity, with top 8 highest-priority items shown if more exist. - Interprets real buy/sell tax when available and clarifies difference from deduction factors. - Explains supported chain/address formats and enforces input validation. - Reports scan status (in progress, success, or error) clearly to the user.
● 无害
安装命令
点击复制官方npx clawhub@latest install token-scan
镜像加速npx clawhub@latest install token-scan --registry https://cn.longxiaskill.com镜像同步中