Safety Report

Crypto Watcher

Name: Crypto Watcher
Rating: 5 (2 reviews)
Author: 0xRaini

Monitor ETH wallets and DeFi positions across chains with alerts for balance changes, gas prices, health factors, and large token transfers.

700Downloads

4Installs

2Stars

1Versions

API Integration11,971 Monitoring & Logging3,137 Notifications & Alerts1,853 Healthcare1,086

Security Analysis

high confidence

Clean0.04 risk

The skill's code, instructions, and external calls match its stated purpose (watching public crypto addresses and DeFi data); there are no unexplained credential or file accesses and no signs of data-exfiltration behavior.

Feb 11, 20264 files1 concern

Purpose & Capabilityok

Name/intent (wallet and DeFi monitoring) matches required files and behavior: the CLI reads a local config of public wallet addresses, queries public RPC endpoints, CoinGecko, and DefiLlama, and reports balances and gas. The included dependency (viem) is appropriate for Ethereum RPC interactions.

Instruction Scopeok

Runtime instructions and the SKILL.md align with the implementation. The CLI reads/writes only ~/.config/crypto-watcher/config.json (to store watched addresses), calls public APIs/RPCs, and prints output. It does not request private keys, system tokens, or unrelated files.

Install Mechanismnote

The package includes source, package.json and package-lock but no explicit install spec in the skill metadata. That is not malicious but means dependencies (viem, etc.) must be installed by the runtime environment before the CLI will run. The dependency sources are standard npm packages (viem and its dependencies) listed in package-lock.json.

Credentialsok

The skill declares no required environment variables, and the code does not read environment secrets. All external endpoints used are public (CoinGecko, DefiLlama, public RPC URLs). No credentials, tokens, or private keys are requested or stored.

Persistence & Privilegeok

The skill is not always-enabled and does not modify other skills or system-wide settings. It does persist its own config at ~/.config/crypto-watcher/config.json, which is appropriate for its purpose.

Guidance

This skill appears to do what it says: monitor public wallet addresses and DeFi info. Before installing, consider: (1) the CLI will make outbound network calls to public RPCs and APIs (CoinGecko, DefiLlama) — run it in an environment you trust; (2) it stores watched addresses in ~/.config/crypto-watcher/config.json (no private keys) — do not store private keys or seed phrases there; (3) there is no install spec in the skill metadata, so ensure dependencies (node, compatible node version, and npm-installed dependencies like viem) are available in your runtime; (4) if you need stronger assurance, review or run the code in an isolated environment (container) to observe network behavior. Overall, no unexplained permissions or credential access were found.

Latest Release

v1.0.0

Initial release of crypto-watcher. - Track ETH and token balances across multiple chains. - Monitor DeFi positions, LP health, and staking rewards. - Get alerts for low gas prices and large token transfers. - Configure alert thresholds for gas, balance changes, and DeFi position health. - Integrates with heartbeat checks for automated monitoring.

More by @0xRaini

Soulmate

3 stars

Nightly Build

0 stars

Skill Audit by Raini

0 stars

SkillTree

0 stars

YouTube Digest

0 stars

Molt-Solver

0 stars

Published by @0xRaini on ClawHub