Skip to main content

price-threshold-alert

Monitors cryptocurrency price movements and sends real-time alerts for significant events like ATHs and sharp price changes.

Install this skill

or
0/100

Security score

The price-threshold-alert skill was audited on May 30, 2026 and we found 17 security issues across 3 threat categories, including 10 high-severity. Review the findings below before installing.

Categories Tested

Security Issues

high line 7

Template literal with variable interpolation in command context

SourceSKILL.md
7> **${var}** — Optional. Pass one or more `target_price` levels (comma-separated USD numbers, scientific notation allowed) to fire a one-time alert when the price crosses any of them. Empty = only ATH
high line 28

Template literal with variable interpolation in command context

SourceSKILL.md
28- `memory/logs/${today}.md` — one log block per run, even on `OK`.
high line 63

Template literal with variable interpolation in command context

SourceSKILL.md
63- `targets.${price}.side` is `above` if `current_price < target` when the target was first observed (operator is waiting for the price to climb to it), and `below` otherwise. Set once, never flipped.
high line 64

Template literal with variable interpolation in command context

SourceSKILL.md
64- `targets.${price}.hit_at` is set the run the cross happens. `announced_at` is set the run the notification fires. They differ only if the run lands inside a dedup window — but target alerts never re
high line 70

Template literal with variable interpolation in command context

SourceSKILL.md
70- If `${var}` matches `^dry-run` → `MODE=dry-run`. Strip the prefix; remainder (if any) is treated as targets.
high line 73

Template literal with variable interpolation in command context

SourceSKILL.md
73- For each token: if it parses as a positive float (scientific notation OK, e.g. `5e-6`), include it. Reject zero / negative / non-numeric tokens and log `PRICE_ALERT_BAD_TARGET: ${token}` — continue
high line 74

Template literal with variable interpolation in command context

SourceSKILL.md
74- If after filtering the remainder was non-empty but yielded zero valid targets → log `PRICE_ALERT_BAD_VAR: ${var}` and exit (no notify).
medium line 92

Template literal with variable interpolation in command context

SourceSKILL.md
92```bash
high line 99

Template literal with variable interpolation in command context

SourceSKILL.md
99- Filter `.pairs[]` to entries where `.chainId == "${CHAIN}"`.
medium line 156

Template literal with variable interpolation in command context

SourceSKILL.md
156```
medium line 168

Template literal with variable interpolation in command context

SourceSKILL.md
168```
medium line 182

Template literal with variable interpolation in command context

SourceSKILL.md
182```
high line 219

Template literal with variable interpolation in command context

SourceSKILL.md
219Append to `memory/logs/${today}.md`:
medium line 221

Template literal with variable interpolation in command context

SourceSKILL.md
221```
high line 249

Template literal with variable interpolation in command context

SourceSKILL.md
249| `PRICE_ALERT_BAD_VAR` | `${var}` had non-empty, non-`dry-run` text but yielded zero valid targets | No |
medium line 93

Curl to non-GitHub URL

SourceSKILL.md
93RESP=$(curl -fsS "https://api.dexscreener.com/latest/dex/tokens/${CONTRACT}" 2>/dev/null || echo "")
low line 93

External URL reference

SourceSKILL.md
93RESP=$(curl -fsS "https://api.dexscreener.com/latest/dex/tokens/${CONTRACT}" 2>/dev/null || echo "")
Scanned on May 30, 2026
View Security Dashboard
Installation guide →
GitHub Stars 14
Rate this skill
Categorymarketing
UpdatedJune 4, 2026
openclawapigrowth-marketerproduct-marketermarketing-analystmarketing
aaronjmars/miroshark-aeon