ClawHub

bitcoin-mcp

v0.1.0

47 Bitcoin tools for your AI agent — fee intelligence, mempool analysis, address lookups, transaction decoding, and more. MCP server backed by the Satoshi API.

0· 176·0 current·0 all-time
byAndrew Barnes@bortlesboat
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Benign
medium confidence
Purpose & Capability
The skill is a wrapper/MCP server for bitcoin-mcp and correctly references an external Satoshi/bitcoinsapi.com backend — that aligns with the description. However, the metadata and install spec list the binary as 'uv' while runtime examples and the included setup script check for and invoke 'uvx' (e.g., 'uvx bitcoin-mcp'). This is an inconsistency that may cause install/runtime confusion (you likely need the uv package that provides an 'uvx' command).
Instruction Scope
SKILL.md only instructs how to register the MCP server, how to test status, and points to external docs. The included setup script only checks for the presence of 'uvx' and runs 'uvx bitcoin-mcp --version' — it does not read unrelated local files, request credentials, or perform other out-of-scope operations. Note: the service is 'zero config' because it relies on an external API, so runtime calls will reach bitcoinsapi.com.
Install Mechanism
The install mechanism uses a brew formula 'uv' which is a standard package source (lower risk than arbitrary downloads). There is no code in the skill that downloads or extracts remote archives during install; the only script provided is a local helper. No suspicious install URLs or extract actions are present.
Credentials
The skill declares no required environment variables or credentials, which is consistent with the 'zero config / no API key' claim. However, because the MCP implementation uses an external API (bitcoinsapi.com), any data you send to the skill (addresses, PSBTs, raw txs) may be transmitted to that third-party service — so lack of credentials is consistent but implies networked data flow to an external provider.
Persistence & Privilege
The skill does not request always:true and does not modify other skills or system-wide agent settings. It only provides an MCP server registration snippet and a local status/test helper, which is within reasonable scope.
Assessment
This skill is internally consistent with its stated purpose, but before installing: 1) verify that installing the 'uv' brew package on your system provides the 'uvx' command (SKILL.md and the helper script invoke 'uvx', while the metadata lists 'uv'); 2) understand that the MCP relies on a third‑party API (bitcoinsapi.com) — any transaction data, addresses, or PSBTs you analyze will be sent to that provider, so do not send sensitive/private data if you require confidentiality; 3) review the upstream GitHub and PyPI packages (links are provided in SKILL.md) if you want to audit the actual bitcoin-mcp implementation before use; and 4) ensure network access is permitted and you trust the external API, or run a local node-based solution if you need offline/local analysis.

Like a lobster shell, security has layers — review code before you run it.

latestvk9734ypan9vmcesmgr42wqn9wx82yq98

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Runtime requirements

Clawdis
Binsuv

Install

Install uv (brew)
Bins: uv
brew install uv

Comments