ClawHub

Zerion API

v1.0.0

Query real-time crypto wallet portfolios, transactions, DeFi positions, NFTs, token prices, and gas fees across EVM chains and Solana using Zerion's API.

0· 1.2k·0 current·0 all-time
by@abishekdharshan·duplicate of @abishekdharshan/zerion-api
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Suspicious
medium confidence
Purpose & Capability
SKILL.md clearly describes a Zerion MCP integration (portfolio, transactions, prices, NFTs). That purpose matches the files' prose. However the package metadata lists no primary credential or required env vars while the SKILL.md repeatedly states an API key is required and shows MCP configuration — a small but important mismatch in declared requirements. The README claims installation via 'npx clawhub install abishekdharshan/zerion-api' and an author name (Abi Dharshan) while owner ID in registry differs, which raises provenance questions but does not itself contradict the claimed capability.
Instruction Scope
Runtime instructions are limited to querying Zerion's MCP endpoint and configuring an API key in MCP settings. The instructions do not ask the agent to read unrelated local files, environment variables, or to send data to third‑party endpoints beyond developers.zerion.io. Example queries reference wallet addresses (expected for this domain).
Install Mechanism
There is no install spec and no code files — the skill is instruction-only (lower disk-write risk). However README includes an 'npx clawhub install abishekdharshan/zerion-api' command that suggests an external package/source may exist; since no install spec is present here, that discrepancy should be resolved before running any installer fetched from that source.
!
Credentials
The skill requires an API key for Zerion MCP according to SKILL.md, but the registry metadata lists no required environment variables or primary credential. The skill will need a secret (API key) to operate; the metadata omission prevents automated policy checks and user warnings. Verify what permissions the API key has and how it's stored in MCP config (to avoid accidental exposure).
Persistence & Privilege
always is false and disable-model-invocation is false (normal). As an instruction-only skill it doesn't request persistent system privileges or config writes in the provided files. Autonomous invocation is possible (platform default) — combine that with the API key risk noted above.
What to consider before installing
This skill appears to be a simple Zerion MCP integration, but before installing you should: (1) confirm the skill's source and author — the README author (Abi Dharshan) and the registry owner ID differ; only install from a trusted origin; (2) expect to provide a Zerion API key — verify its scope/permissions and how MCP stores it (avoid placing secrets in world-readable configs); (3) be cautious about installing any package fetched via the README's 'npx clawhub install ...' command — inspect that package's code first since this skill bundle contains no install spec or code to review; (4) remember the agent can invoke the skill autonomously by default — combined with an API key this could enable unexpected queries using your credential. If you cannot verify provenance or review the installer/source, treat this skill as untrusted.

Like a lobster shell, security has layers — review code before you run it.

latestvk977vep75vgqxsf4hcf7t2dnv580jmh9

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments