Deepblue Defi Api
PassAudited by ClawScan on May 1, 2026.
Overview
This is a coherent read-only DeFi data API skill, with the main caution that wallet and token lookups are sent to an external service.
This skill appears safe to install as a read-only API reference. Before using wallet scans, remember that queried wallet or token addresses and your request metadata go to deepbluebase.xyz, and treat token scores or buy signals as informational rather than financial advice.
Findings (2)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
A wallet address is public on-chain data, but sending it to this service may reveal that the user or agent is interested in that wallet.
The wallet scan endpoint sends a wallet address to an external API. This is purpose-aligned for public on-chain wallet research, but it still exposes the user’s query interest to the API operator.
curl https://deepbluebase.xyz/wallet/0xWALLET_ADDRESS/scan
Use wallet scan endpoints only for addresses you are comfortable sharing with deepbluebase.xyz, and avoid treating the service as private analytics.
A user may assume wallet queries and IP-related request data are never retained, even though the artifact describes rate limiting that depends on requester IP.
The skill makes strong privacy assurances while also describing IP-based rate limits. This is not evidence of malicious behavior, but users should not over-rely on absolute privacy claims from an external service.
No wallet addresses, queries, or IP addresses are stored or logged ... 10 requests per day per IP
Treat the API as an external third-party service and avoid sending queries that require strong confidentiality.