Etherscan
PassAudited by ClawScan on May 1, 2026.
Overview
This is a read-only Etherscan API guide; the main thing to watch is that it uses an Etherscan API key and sends lookup details to Etherscan.
This skill appears safe for its stated purpose. Before installing, be comfortable supplying an Etherscan API key, remember that lookup parameters are sent to Etherscan, and ensure any displayed URLs or logs omit the actual key.
Findings (2)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Address, contract, transaction, and block-range lookups will be sent to the Etherscan API service.
The skill documents external curl/API requests. These are read-only and directly aligned with the Etherscan lookup purpose, but users should understand that queries are sent to Etherscan.
curl -s "https://api.etherscan.io/v2/api?chainid=167000&module=contract&action=getabi&address=<contract>&apikey=$ETHERSCAN_API_KEY"
Use the skill for intended blockchain lookups and review generated URLs before sharing them, especially when they contain sensitive lookup intent or an API key placeholder.
The API key can consume your Etherscan quota and should be treated as a secret.
The skill expects an Etherscan API key even though registry metadata declares no required env vars or primary credential. The key is expected for the service and the skill says not to expose it in output.
Collect these before querying: - `ETHERSCAN_API_KEY`
Provide only an Etherscan API key you are comfortable using with this skill, keep it out of chat/output, and verify that returned URLs redact the key as instructed.