Back to skill
Skillv1.0.4
ClawScan security
trongrid-trx-info · ClawHub's context-aware review of the artifact, metadata, and declared behavior.
Scanner verdict
BenignMar 19, 2026, 9:49 AM
- Verdict
- benign
- Confidence
- high
- Model
- gpt-5-mini
- Summary
- The skill's requests and instructions align with its stated purpose of producing TRX tokenomics reports and it does not ask for unrelated credentials, install software, or perform unexpected file/credential access.
- Guidance
- This skill appears coherent and low-risk: it only describes calling TronGrid MCP methods and doing web searches for market data. Before installing, confirm your agent runtime has network access to TronGrid (and any required API key or rate limits your deployment enforces). Be aware the skill will perform external web searches (CoinGecko/CoinMarketCap/TronScan) for off-chain prices — if you need to avoid external network calls, do not enable it. If your environment requires explicit API keys for TronGrid, consider how those keys are provisioned (the skill does not request or store credentials).
Review Dimensions
- Purpose & Capability
- okThe name/description (TRX fundamentals) matches the runtime instructions (calls to TronGrid MCP methods and off-chain market data lookup). There are no unexpected env vars, binaries, or config paths requested that would be unrelated to blockchain queries and market-data lookups.
- Instruction Scope
- okSKILL.md only instructs on calling TronGrid MCP endpoints (getBurnTrx, getChainParameters, getEnergyPrices, getBandwidthPrices, getBlock, getPaginatedNowWitnessList, getBrokerage, etc.) and performing web searches for market data. It does not direct reading of local files, secrets, or unrelated system state, nor does it post data to non-standard endpoints.
- Install Mechanism
- okInstruction-only skill with no install spec or downloaded artifacts. No code files to execute and no external installers referenced, so there is minimal install risk.
- Credentials
- okThe skill declares no required environment variables or credentials. The operations described (on-chain queries and web lookups) are proportional to its purpose. Note: it assumes access to a TronGrid MCP endpoint; if that endpoint requires an API key in a particular deployment, the skill does not request one explicitly.
- Persistence & Privilege
- okalways:false and no requests to modify agent/system-wide configuration. The skill does not ask for persistent installation or elevated privileges.