ClawHub
Back to skill
v1.0.0

Pond3r Skill - Query Onchain Data

BenignClawScan verdict for this skill. Analyzed May 1, 2026, 5:41 AM.

Analysis

The skill is a coherent Pond3r data-query integration, but it uses a Pond3r API key and can send user-supplied SQL or SQL-file contents to Pond3r.

GuidanceThis looks safe to use for Pond3r crypto data queries if you trust Pond3r and the publisher. Before installing, make sure you are comfortable providing a Pond3r API key, only send SQL or SQL files you intend to share with Pond3r, and do not let the agent create scheduled reports unless you explicitly ask for that.

Findings (3)

Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.

Abnormal behavior control

Checks for instructions or behavior that redirect the agent, misuse tools, execute unexpected code, cascade across systems, exploit user trust, or continue outside the intended task.

Tool Misuse and Exploitation
SeverityLowConfidenceHighStatusNote
scripts/query.mjs
querySql = readFileSync(sqlFile, "utf8").trim(); ... callTool("query", { dataset_id: datasetId, sql: querySql });

The query script can read a user-specified local file and send its contents as the SQL query to Pond3r. This is useful for saved SQL files, but could leak unintended file contents if misused.

User impactIf the agent is given the wrong --sql-file path, local file content could be transmitted to Pond3r as a query string.
RecommendationOnly use --sql-file with intended SQL files, avoid paths containing secrets or private documents, and prefer explicit user confirmation before sending file-based queries.
Rogue Agents
SeverityLowConfidenceMediumStatusNote
reference.md
POST https://api.pond3r.xyz/v1/api/reports ... "schedule": "daily" ... Schedule Options - `daily`, `weekly`, `monthly`

The reference documentation includes a mutating API that can create scheduled reports. The included scripts do not call this endpoint, but the artifact documents an ongoing external action.

User impactIf used, the agent could create recurring reports in the Pond3r account rather than performing only a one-time read-only query.
RecommendationRequire explicit user approval before creating or scheduling Pond3r reports, and confirm schedule, cost, delivery, and cancellation expectations.
Permission boundary

Checks whether tool use, credentials, dependencies, identity, account access, or inter-agent boundaries are broader than the stated purpose.

Identity and Privilege Abuse
SeverityLowConfidenceHighStatusNote
scripts/client.mjs
const apiKey = requireEnv("POND3R_API_KEY"); ... Authorization: `Bearer ${apiKey}`

The skill uses a Pond3r API key from the environment and transmits it to Pond3r for authentication. This is expected for the stated service integration, but it is still credentialed account access.

User impactAnyone using the skill must trust Pond3r and the skill with a Pond3r API key, and queries may be tied to that account or quota.
RecommendationUse a Pond3r key with the least necessary privileges, keep it out of chat logs, rotate it if exposed, and update metadata to declare POND3R_API_KEY.