trongrid-account-profiling
AdvisoryAudited by Static analysis on Apr 30, 2026.
Overview
No suspicious patterns detected.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
If the configured MCP server is not the expected TronGrid service, results could be inaccurate or queries could go to an unintended provider.
The skill depends on a separately configured TronGrid MCP integration rather than bundled code. This is disclosed and aligned with the purpose, but the trustworthiness of the configured MCP server matters.
metadata: version: "1.0.0" mcp-server: trongrid ... - **Prerequisite**: [TronGrid MCP Guide](https://developers.tron.network/reference/mcp-api)
Use a trusted TronGrid MCP configuration and review the MCP server permissions before relying on the skill.
A provider can see which public TRON addresses are being queried, even though the underlying blockchain data is public.
The skill instructs the agent to query wallet addresses and transaction activity through MCP/provider tools. This is necessary for the stated purpose, but it means the user's target address and analysis request cross an external service boundary.
`getAccountTransactions` — Recent transaction history ... `getAccountTrc20Transactions` — TRC-20 transfer history ... `getInternalTransactions` — Contract-triggered internal transfers
Use the skill when you are comfortable sending the target address to the configured TronGrid MCP provider, and avoid querying addresses if the fact of your interest in them is sensitive.