Pond3r Skill - Query Onchain Data
PassAudited by ClawScan on May 10, 2026.
Overview
This appears to be a disclosed Pond3r data-query integration, with expected risks around using a Pond3r API key and sending queries to Pond3r.
Before installing, confirm you trust Pond3r with your analytics queries and API key. Configure a dedicated POND3R_API_KEY, avoid sending private local file contents through --sql-file, and require explicit approval before using any scheduled report-creation API.
Findings (4)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
The skill needs access to a Pond3r API key and can use that key when the agent runs the scripts.
The script reads a Pond3r API key from the environment and uses it to authenticate requests to Pond3r.
const apiKey = requireEnv("POND3R_API_KEY"); ... Authorization: `Bearer ${apiKey}`Use a Pond3r key intended for this integration, rotate it if exposed, and note that the registry metadata does not declare the env var even though the docs and code require it.
Pond3r will receive the queries, dataset identifiers, and authentication header needed to serve results.
The skill relies on a remote MCP/provider endpoint, so queries and related request data are sent outside the local runtime.
URL | `https://mcp.pond3r.xyz/mcp` ... Auth | `Authorization: Bearer <API_KEY>`
Do not include unrelated private information in queries or SQL comments, and only configure the MCP server if you trust Pond3r with the submitted analytics requests.
If misused, the agent could send an overly broad query or the contents of an unintended local file as SQL to Pond3r.
The CLI forwards SQL from command-line arguments or a local file to the Pond3r query tool. This is core functionality, but the local script does not itself restrict the file path or validate SELECT-only SQL.
querySql = readFileSync(sqlFile, "utf8").trim(); ... callTool("query", { dataset_id: datasetId, sql: querySql });Use explicit SELECT queries with LIMIT clauses, keep --sql-file pointed only at intended SQL files, and rely on user approval for broad or expensive analysis requests.
If an agent follows the reference API, it could create scheduled reports in the user's Pond3r account.
An included reference document describes creating scheduled Pond3r reports, which is an account-mutating action broader than the main read-only query scripts.
POST https://api.pond3r.xyz/v1/api/reports ... "schedule": "daily"
Treat report creation or scheduling as a separate, explicit user-approved action; do not allow the agent to create recurring reports unless that is what the user asked for.