📦 zapper-api — 查询DeFi资产

v1.0.0

通过Zapper API一站式查询钱包余额、DeFi持仓、NFT、交易记录与代币价格，支持50+链，秒级返回用户链上全景资产视图。

0· 1.3k·0 当前·0 累计

by @zivhm

API工具数据分析云服务

下载技能包

最后更新

2026/2/26

安全扫描

VirusTotal

无害

查看报告

OpenClaw

安全

high confidence

NULL

评估建议

This skill appears to be a straightforward Zapper API client. Before installing, confirm you trust the publisher (source is listed as unknown) and prefer exporting ZAPPER_API_KEY as an environment variable rather than storing it in ~/.config/zapper/addresses.json if you want to avoid keeping the key in plaintext. Review the shipped scripts locally (scripts/zapper.py) yourself to verify there are no hidden network calls beyond https://public.zapper.xyz/graphql. Use a limited or free-tier API key ...

详细分析 ▾

✓ 用途与能力

Name/description, SKILL.md, and scripts/zapper.py all implement a Zapper GraphQL client. Requiring python3 and a ZAPPER_API_KEY is proportional and expected for this purpose; the only config path referenced (~/.config/zapper/addresses.json) is for wallet labels and an optional apiKey.

✓ 指令范围

Runtime instructions and the script limit activity to resolving addresses, calling Zapper's public GraphQL endpoint, and printing JSON/text results. The SKILL.md does suggest storing the API key in ~/.config/zapper/addresses.json but also documents using the ZAPPER_API_KEY env var; there are no instructions to read unrelated system files or exfiltrate data to unexpected endpoints.

✓ 安装机制

No install spec is provided (instruction-only plus a Python script). That is low-risk; the script uses only standard library urllib for network calls and requires python3 on PATH.

✓ 凭证需求

Declared primaryEnv is ZAPPER_API_KEY and no other secrets are requested. The single API key is appropriate for a client that queries a remote API. The skill optionally reads a single user config file for wallets and an apiKey, which is reasonable but does mean the API key may be stored in plaintext if the user follows that config pattern.

✓ 持久化与权限

always is false and the skill does not request persistent system-wide privileges or modify other skills. The script only reads the user's config file and environment; it does not write to system paths or alter other components.

安全有层次，运行前请审查代码。

运行时依赖

无特殊依赖

版本

latestv1.0.02026/2/6

NULL

● 无害

安装命令

点击复制

官方npx clawhub@latest install zapper-api

镜像加速npx clawhub@latest install zapper-api --registry https://cn.longxiaskill.com

数据来源：ClawHub ↗ · 中文优化：龙虾技能库