Blockscout for Web3 Dev
PassAudited by ClawScan on May 10, 2026.
Overview
This is a documentation-only Blockscout API helper; the main thing to notice is that it expects a PRO API key and may make live authenticated API calls.
Install this if you intend to use the Blockscout PRO API. Configure the API key through a scoped environment variable or gitignored secret file, do not paste it into chat, monitor API usage, and disable or avoid this skill for generic web3 development that should not depend on Blockscout.
Findings (4)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
The agent may refuse to continue or steer away from non-Blockscout options until a PRO API key is configured.
The skill can be invoked for broad web3 requests and then changes the agent's stopping conditions when no Blockscout key is available.
Trigger on broader phrasing like "build a web3 app" ... If no key is found anywhere, stop ... must not ... write or sketch code ... propose alternative data sources
Use this skill when you specifically want Blockscout PRO API help; for generic web3 development or alternative data sources, ask the agent not to invoke this skill.
Exploratory calls may send queried addresses or parameters to Blockscout and may consume API quota or paid usage.
The skill explicitly expects the agent to make live authenticated provider calls during planning/debugging, not only in final user code.
the agent needs the key for its own research and debug calls ... Probing an endpoint to confirm its real response shape, validating a parameter combination by trying it
Use a scoped/test API key where possible, monitor usage, and ask the agent to confirm before high-volume or sensitive queries.
The agent may access and use an API key tied to your Blockscout account, which could expose account usage and consume quota.
The skill directs the agent to access sensitive credential locations to find a Blockscout PRO API key.
Look for a key in the agent's environment ... A project-local secrets file ... A key the user previously placed in the agent's stored memory or persistent profile
Store only the intended Blockscout key in a scoped environment variable or gitignored project secret, avoid pasting keys into chat, and rotate the key if exposed.
A saved API key could persist beyond the current task and be reused later if the user confirms.
The skill allows cross-session reuse of saved credentials, while also requiring confirmation and masking.
Confirm before reusing a key from stored memory or a prior session ... Never echo the full key value back
Review what secrets are saved in the agent profile, remove stale keys, and confirm reuse only when the current task should use that Blockscout account.