ENS (Ethereum Name Service)
PassAudited by ClawScan on May 1, 2026.
Overview
The ENS skill is coherent and purpose-aligned, with normal but important wallet, transaction, and external-API considerations for an ENS helper.
Before installing, be comfortable that this skill may query third-party ENS services with names or wallet addresses and may assist with paid Ethereum-mainnet ENS actions. Always verify the resolved 0x address, ENS name, chain, amount, fees, and contract changes before approving any transaction.
Findings (5)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
A user may spend ETH or change ENS records if they proceed with registration, renewal, or management steps.
The skill can guide paid on-chain ENS registration or management actions. This is aligned with the ENS purpose, but blockchain actions are high-impact and should remain user-approved.
Registration happens on **Ethereum mainnet only**. Requires ETH for the name price + gas.
Review the ENS name, contract/action, chain, price, gas, and wallet prompt before signing any transaction.
The agent may associate a user's wallet address with an ENS name during normal use.
The skill may use the user's wallet address to look up ENS information. This is purpose-aligned, but it touches account identity information.
After getting a user's wallet via `defi_get_wallet`, optionally check for a reverse ENS name.
Allow wallet access only when needed, and do not approve signing or transaction prompts unless the details are expected.
Resolution may fail or fall back to local command execution if the expected tools or dependencies are unavailable.
The instructions reference an optional API key, Node runtime, and viem dependency even though the supplied metadata declares no required env vars or install spec. This is not suspicious by itself, but users should know which provider/runtime will be used.
Requires `GRAPH_API_KEY` env var. ... If APIs are down and `node` is available (viem is in the project deps):
Publishers should declare optional credentials and runtime assumptions; users should prefer the documented API paths unless they trust the local Node/viem environment.
Third-party services may see which ENS names or wallet addresses are being queried.
The skill sends ENS names or wallet addresses to external profile/resolution providers. This is expected for ENS lookup, but it is a data boundary users should notice.
curl -s "https://api.web3.bio/profile/vitalik.eth"
Avoid querying sensitive wallet addresses through third-party providers unless you are comfortable with that exposure.
ENS-to-address mappings may remain available during the current session and influence later replies.
The skill suggests session-level caching of ENS resolution results. The cache is bounded to the session, but it can preserve wallet/name associations in agent context.
Don't resolve on every message — cache the result for the session.
Clear or avoid session context if wallet/ENS associations are sensitive, and re-check ENS records before transactions because they can change.