BNBCHAIN Protocol & Matrices Analysis — Powered by ClipX
Security checks across static analysis, malware telemetry, and agentic risk
Overview
The skill appears to be a disclosed BNB Chain analytics client that runs local Python code to query a private ClipX API, with no credentials or local secret access shown.
This looks acceptable for a thin analytics client. Before installing, be comfortable with running the included Python script, sending analytics queries to the private ClipX API, and relying on third-party data for BNB Chain rankings or market information.
Static analysis
No static analysis findings were reported for this release.
VirusTotal
VirusTotal findings are pending for this skill version.
Risk analysis
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
When invoked, the agent may run the included Python client and make network requests to ClipX to retrieve analytics.
The agent is instructed to run a local Python CLI that makes outbound API requests. This is disclosed and central to the skill's analytics purpose, but users should know the skill executes local code and contacts a remote service.
Calls the ClipX BNBChain API via `python "{baseDir}/api_client_cli.py"` to fetch text-only BNB Chain metrics and rankings.Use the skill when you are comfortable with a local Python client contacting the ClipX API, and keep high-impact decisions based on the results subject to independent verification.
The metrics and tables shown to the user are controlled by a third-party/private API rather than fully contained in the skill package.
The backend that gathers and prepares the data is outside the published artifact set. This is clearly disclosed and matches the thin-client design, but it means users must trust the remote service's provenance and output.
This skill calls a **private ClipX API** hosted separately. The API is not published to ClawHub.
Treat the analytics as third-party data, verify important financial or operational decisions elsewhere, and only use the default API if you trust the ClipX service.
A queried BNB Chain address may be visible to the ClipX API operator, potentially revealing which account or wallet the user is interested in.
If the optional address metrics mode is used, the user-provided blockchain address is sent to the ClipX API. This is purpose-aligned for a balance/transaction-count lookup, but it is still a data flow to a remote provider.
result = call_api("/api/bnb/metrics/address", {"address": args.address})Avoid querying addresses you do not want shared with the remote API provider, or use a trusted/self-hosted API base if available.