solana-monitor Security Report — Trusted | ClawSafe

5 /100

solana-monitor

实时监控 Solana 价格、大额转账、流动性变化，支持 Telegram/邮件警报

Legitimate Solana blockchain monitoring tool with transparent functionality for price tracking, whale transfer detection, and alert notifications via Telegram/Email.

Skill Namesolana-monitor

Duration29.1s

Enginepi

✓

Safe to install

This skill is safe to use. No malicious behavior detected. Standard security practices include never sharing API credentials and using app-specific passwords for email notifications.

Findings 2 items

Severity	Finding	Location
Low	Documentation references non-existent config file Doc Mismatch SKILL.md mentions config/config.yaml for configuration, but the actual implementation uses constructor parameters. No config.yaml file is present. 创建配置文件 `config/config.yaml` → Update SKILL.md to reflect actual configuration method (constructor parameters) or implement config file loading.	`SKILL.md:55`
Info	Dependencies not strictly pinned Supply Chain requirements.txt uses >= for version constraints which allows updates. python-dotenv is imported but not actively used in reviewed code. `python-dotenv>=1.0.0` → Consider pinning exact versions or removing unused dependencies.	`requirements.txt:2`

Resource	Declared	Inferred	Status	Evidence
Network	`READ`	`READ`	✓ Aligned	requests.get/post to CoinGecko API, Solana RPC, Telegram API
Filesystem	`NONE`	`NONE`	—	No file operations in code
Shell	`NONE`	`NONE`	—	No subprocess or os.system calls
Environment	`NONE`	`NONE`	—	No os.environ access; credentials passed via constructor
Skill Invoke	`NONE`	`NONE`	—	No skill invocation capabilities
Clipboard	`NONE`	`NONE`	—	No clipboard access
Browser	`NONE`	`NONE`	—	No browser automation
Database	`NONE`	`NONE`	—	No database access

6 findings

🔗

Medium External URL 外部 URL

https://api.telegram.org/bot

scripts/notifier.py:32

🔗

Medium External URL 外部 URL

https://solscan.io/tx/

scripts/notifier.py:119

🔗

Medium External URL 外部 URL

https://api.coingecko.com/api/v3

scripts/price_monitor.py:17

🔗

Medium External URL 外部 URL

https://api.mainnet-beta.solana.com

scripts/whale_monitor.py:17

📧

Info Email 邮箱地址

[email protected]

README.md:43

📧

Info Email 邮箱地址

[email protected]

README.md:175

File Tree

7 files · 32.6 KB · 1230 lines

Python 3f · 856L Markdown 2f · 330L JSON 1f · 42L Text 1f · 2L

├─ ▾ 📁 scripts

│ ├─ 🐍 notifier.py Python 319L · 9.6 KB

│ ├─ 🐍 price_monitor.py Python 263L · 7.6 KB

│ └─ 🐍 whale_monitor.py Python 274L · 8.5 KB

├─ 📋 _meta.json JSON 42L · 1005 B

├─ 📝 README.md Markdown 187L · 3.5 KB

├─ 📄 requirements.txt Text 2L · 38 B

└─ 📝 SKILL.md Markdown 143L · 2.3 KB

Dependencies 2 items

Package	Version	Source	Known Vulns	Notes
`requests`	`>=2.28.0`	pip	No	Well-maintained HTTP library
`python-dotenv`	`>=1.0.0`	pip	No	Environment variable loader, not actively used in code

Security Positives

✓ Uses only public, well-known APIs (CoinGecko, Solana RPC, Telegram) with no direct IP connections

✓ No credential harvesting - credentials are used legitimately for notification delivery only

✓ No shell execution or subprocess usage

✓ No data exfiltration or C2 communication patterns

✓ Code is readable and transparent with no obfuscation

✓ Dependencies are standard, reputable Python packages (requests, python-dotenv)

✓ All functionality declared in SKILL.md matches actual implementation

Scan Report

Findings 2 items

File Tree

Dependencies 2 items

Security Positives