Token Scan — 代币安全扫描

v1.0.0

一键扫描代币合约安全风险，输出结构化报告：安全评分、税率、持币集中度、LP锁仓状态，支持BSC等多链。

0· 139·0 当前·0 累计

by @certik-ai (CertiK)

数据与API

使用场景：使用Token Scan — 代币安全扫描进行数据与API使用Token Scan — 代币安全扫描

下载技能包

最后更新

2026/3/17

安全扫描

VirusTotal

无害

查看报告

OpenClaw

安全

high confidence

The skill is internally consistent: it calls CertiK's public token-scan endpoint with a simple bundled Python script, requires no credentials, and the instructions match the code and described purpose.

评估建议

This skill appears to do exactly what it says: it sends the chain and contract address to CertiK's public token-scan API and returns JSON. Before installing, consider: (1) network calls to open.api.certik.com will reveal which contract addresses you query — if that is sensitive for your organization, avoid using it; (2) the script prints raw JSON, so the agent should format/sanitize outputs before exposing them to users; (3) SKILL.md recommends validating address formats but the bundled script d...

详细分析 ▾

✓ 用途与能力

Name/description match the implementation: the bundled script and SKILL.md call the public CertiK token-scan API (open.api.certik.com) to retrieve a token risk scan. There are no unrelated credentials, binaries, or services requested.

ℹ 指令范围

SKILL.md restricts usage to supported chains and instructs validation of addresses and use of the bundled Python script (with a curl fallback). The Python script itself simply performs an HTTP GET and does not perform address-format validation; the SKILL.md places some validation responsibility on the agent. This is a minor mismatch but not malicious.

✓ 安装机制

No install spec — instruction-only with a small included Python script. No downloads from arbitrary URLs, no archives extracted, and nothing is written to disk beyond executing the provided script. Low install risk.

✓ 凭证需求

The skill requests no environment variables, no credentials, and no config paths. It makes outbound HTTPS calls to a single third-party endpoint (CertiK). The network access is proportional to the stated purpose.

✓ 持久化与权限

always is false and the skill does not request persistent system privileges or modify other skills. Autonomous invocation is allowed but is the platform default; this skill does not request elevated persistence.

安全有层次，运行前请审查代码。

运行时依赖

无特殊依赖

版本

latestv1.0.02026/3/17

Initial release of token-scan skill. - Provides structured security risk analysis for token contracts on 11 supported chains (bsc, eth, solana, arbitrum, base, polygon, avax, tron, ton, plasma, sui). - Returns risk score, alert count, alert severity, token tax info, holder concentration, and LP lock status. - Alerts are sorted by severity, with top 8 highest-priority items shown if more exist. - Interprets real buy/sell tax when available and clarifies difference from deduction factors. - Explains supported chain/address formats and enforces input validation. - Reports scan status (in progress, success, or error) clearly to the user.

● 无害

安装命令

点击复制

官方npx clawhub@latest install token-scan

镜像加速npx clawhub@latest install token-scan --registry https://cn.longxiaskill.com 镜像可用

本土化适配说明

Token Scan — 代币安全扫描安装说明：安装命令：npx clawhub@latest install token-scan

需要定制？告诉我你的需求 →

运行时依赖

版本

安装命令

本土化适配说明

相关技能推荐