NEAR Protocol CLI installation and setup guide.
WarnAudited by ClawScan on May 10, 2026.
Overview
This is a coherent NEAR CLI guide, but it gives agents broad mainnet blockchain transaction and credential-handling commands without clear approval or safety boundaries.
Only install this if you trust the NEAR CLI source and are comfortable with an agent helping with blockchain operations. Do not let the agent send, stake, deploy, or export credentials unless you have reviewed the exact command, account, network, recipient, amount, and expected result.
Findings (3)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
An agent following these examples could initiate irreversible blockchain transactions if the user has local NEAR credentials available.
This example signs and sends a mainnet token transfer using the local keychain. It is purpose-aligned for a NEAR CLI guide, but it is financially high impact and the artifacts do not add explicit confirmation or safety boundaries for agents before execution.
near tokens <sender-account> send-near <receiver-account> <amount> network-config mainnet sign-with-keychain send
Require explicit user confirmation for recipient, amount, network, account, fees, and final transaction preview before any command that includes signing or sending.
Exported account credentials could let anyone control the associated NEAR account and funds if copied into chat, logs, or files.
The guide documents exporting account credentials. This is expected for account management, but it exposes highly sensitive blockchain credentials and the artifacts do not specify safe handling, output limits, or when an agent should refuse to display or store secrets.
near account export-account
Avoid agent-driven credential export by default; if absolutely necessary, warn the user and keep secrets out of chat history, logs, shared files, and persistent memory.
Users rely on the current contents of the remote installer and GitHub release channel when running the command.
The guide recommends a common install pattern that downloads and immediately runs a latest-release shell script from GitHub. This is disclosed and relevant to installing the NEAR CLI, but it relies on remote installer provenance at execution time.
curl --proto '=https' --tlsv1.2 -LsSf https://github.com/near/near-cli-rs/releases/latest/download/near-cli-rs-installer.sh | sh
Prefer official release verification where available, review installer contents before running, and consider pinned versions for reproducible setup.