安全决策报告
whale-alert-monitor
Hardcoded billing API key exposed in source code; payment.py makes undeclared external network calls to skillpay.me that are not mentioned in SKILL.md; all scripts use mock/simulated data with no real blockchain APIs called.
最直接的威胁证据
高危
Hardcoded billing API key in payment.py BILLING_API_KEY is defined as a string literal on line 12 of payment.py and transmitted in the X-API-Key header to https://skillpay.me. If this file is exposed (e.g., through skill publication, debugging, or a supply-chain attack), the key can be stolen and abused for billing fraud. This key is not pinned to an environment variable as best practice requires.
payment.py:12 为什么得出这个结论
3/4 个维度触发 阻止
声明与实际能力
发现 3 项声明之外的能力或越权行为。
阻止
隐藏执行与外联
提取到 1 个高危 IOC 或外联信号。
阻止
攻击链与高危发现
报告包含 0 步攻击链,另有 1 项高危或严重发现。
复核
依赖与供应链卫生
发现 2 项需要关注的依赖或供应链线索。
风险分是怎么被拉高的
Hardcoded API key in source +15
BILLING_API_KEY = 'sk_f03aa8f8...' is hardcoded in payment.py:12 and sent to external skillpay.me
Undeclared external network calls +10
payment.py sends requests to https://skillpay.me/api/v1/billing/* — not declared in SKILL.md capabilities
SkillPay pricing not declared as a capability +5
SKILL.md describes functionality but buries the 0.01 USDT/call charge in an inline comment without declaring network:WRITE or environment access
Mock-only data, no real APIs called +-5
All scripts generate random simulated blockchain data; Etherscan/Alchemy keys in env vars are never used, reducing actual risk
最关键的证据
高危
Hardcoded billing API key in payment.py
BILLING_API_KEY is defined as a string literal on line 12 of payment.py and transmitted in the X-API-Key header to https://skillpay.me. If this file is exposed (e.g., through skill publication, debugging, or a supply-chain attack), the key can be stolen and abused for billing fraud. This key is not pinned to an environment variable as best practice requires.
payment.py:12 Replace with: BILLING_API_KEY = os.getenv('SKILLPAY_API_KEY', '') and require the environment variable to be set.
中危
Undeclared external network calls in payment.py
SKILL.md declares network usage only for Telegram/Discord notifications. However, payment.py silently makes HTTP GET/POST requests to https://skillpay.me during verify_payment() and charge_user(). The skill payload (payment.py) is included in the published skill but its external network behavior is not documented.
payment.py:26 Document all external domains (skillpay.me) in SKILL.md. Add network:WRITE to declared capabilities. Alternatively, decouple billing from the skill runtime.
中危
Silent payment enforcement on skill invocation
require_payment() in payment.py raises SystemExit if balance is insufficient. This means the skill refuses to function without payment, but this behavior is only visible as an inline comment in SKILL.md, not as a declared dependency or pre-condition.
payment.py:88 Document the payment requirement prominently in SKILL.md with a dedicated section, including the billing provider and pricing model.
低危
Environment variable access not declared
Multiple scripts read API keys and tokens from os.environ (ETHERSCAN_API_KEY, TELEGRAM_BOT_TOKEN, TELEGRAM_CHAT_ID, DISCORD_WEBHOOK_URL) but SKILL.md does not declare environment:READ as a capability.
whale_tracker.py:17 Add environment:READ to declared capabilities and list all required environment variables in SKILL.md.
低危
File write operations not declared
Scripts write to local files (whale_profile.json, alert_history.json, whale_monitor.log) but filesystem:WRITE is not declared in SKILL.md.
whale_tracker.py:231 Add filesystem:WRITE to declared capabilities if file writes are intentional at runtime.
提示
All scripts use mock/simulated data
No script makes actual Etherscan, Alchemy, or Moralis API calls. All data is generated via random number generation. The ETHERSCAN_API_KEY read from environment is never used. This reduces the real-world risk but raises questions about the skill's utility.
whale_tracker.py:67 Either implement real API integration or clearly label the scripts as demonstration/mock tools.
声明能力 vs 实际能力
网络访问 阻止
声明 READ
→ 推断 READ+WRITE
payment.py:15 — requests.post to skillpay.me with API key 环境变量 阻止
声明 NONE
→ 推断 READ
whale_tracker.py:17 — os.getenv('ETHERSCAN_API_KEY'); alert_manager.py:105 — os.getenv('TELEGRAM_BOT_TOKEN') 文件系统 阻止
声明 NONE
→ 推断 READ+WRITE
whale_tracker.py:231 — open(filename,'w'); monitor_daemon.py:44 — logging.FileHandler 命令执行 通过
声明 NONE
→ 推断 NONE
No subprocess or shell execution found 可疑产物与外联
高危 API 密钥
API_KEY = "sk_f03aa8f8bbcf79f7aa11c112d904780f22e62add1464e3c41a79600a451eb1d2" payment.py:12
中危 钱包地址
0x742d35Cc6634C0532925a3b8D4E6D3b6e8d3e8D3 SKILL.md:78
中危 钱包地址
0x3f5CE5FBFe3E9af3971dD833D26bA9b5C936f0bE SKILL.md:96
中危 钱包地址
0x71660c4005BA85c37ccec55d0C4493E66Fe775d3 SKILL.md:101
中危 外部 URL
https://skillpay.me payment.py:11
中危 外部 URL
https://api.etherscan.io/api references/api-configuration.md:8
中危 外部 URL
https://eth-mainnet.g.alchemy.com/v2/ references/api-configuration.md:54
中危 外部 URL
https://deep-index.moralis.io/api/v2/ references/api-configuration.md:89
中危 外部 URL
https://eth-mainnet.g.alchemy.com/v2/KEY references/api-configuration.md:112
中危 外部 URL
https://eth-mainnet.g.alchemy.com/v2/$ references/api-configuration.md:137
中危 外部 URL
https://etherscan.io references/api-configuration.md:138
中危 外部 URL
https://bsc-dataseed.binance.org references/api-configuration.md:142
依赖与供应链
| 包名 | 版本 | 来源 | 漏洞 | 备注 |
|---|---|---|---|---|
| requests | * | pip | 否 | Version not pinned; used for billing and notification HTTP calls |
| pyyaml | * | pip | 否 | Used for config loading in monitor_daemon.py |
文件构成
11 个文件 · 2441 行
Python 7 个文件 · 1864 行Markdown 3 个文件 · 558 行JSON 1 个文件 · 19 行
需关注文件 · 5
scripts/alert_manager.py https://api.telegram.org/bot
SKILL.md 0x742d35Cc6634C0532925a3b8D4E6D3b6e8d3e8D3 · 0x3f5CE5FBFe3E9af3971dD833D26bA9b5C936f0bE · 0x71660c4005BA85c37ccec55d0C4493E66Fe775d3
payment.py Hardcoded billing API key in payment.py · Undeclared external network calls in payment.py · Silent payment enforcement on skill invocation · API_KEY = "sk_f03aa8f8bbcf79f7aa11c112d904780f22e62add1464e3c41a79600a451eb1d2" · https://skillpay.me
references/api-configuration.md https://api.etherscan.io/api · https://eth-mainnet.g.alchemy.com/v2/ · https://deep-index.moralis.io/api/v2/ · https://eth-mainnet.g.alchemy.com/v2/KEY · https://eth-mainnet.g.alchemy.com/v2/$ · https://etherscan.io · https://bsc-dataseed.binance.org · https://bscscan.com · https://arb-mainnet.g.alchemy.com/v2/$ · https://arbiscan.io · https://opt-mainnet.g.alchemy.com/v2/$ · https://optimistic.etherscan.io
references/wallet-labels.md 0xdB3c617cDd2fBf0c8611C04A49d34C7B332e2BB6 · 0x5a52E96BAcdaBb82fd05763E25335261B270Efcb · 0x503828976D22510aad0201ac7EC88293211D23Da · 0x6b75d8AF000000e20B7a7DD000000090D0000000 · 0xf89d7b9c864f589bbF53f821d7EfC68c91d70958 · 0x2B6eD29a95753C3Ad948348e3e7b1A251039FBB9
其他文件 · exchange_flow.py · whale_tracker.py · transfer_monitor.py · holding_analyzer.py · monitor_daemon.py · _meta.json
安全亮点
No subprocess, shell, or eval() execution found anywhere in the codebase
No credential harvesting from ~/.ssh, ~/.aws, or other sensitive paths
No base64-encoded payloads or obfuscated code
No curl|bash or wget|sh remote script execution
Notification channels (Telegram/Discord) use environment variables, not hardcoded tokens
No hidden instructions in HTML comments or documentation
Scripts are well-structured Python with clear logging