ClawHub

Spacescan

v1.0.0

Access Chia blockchain data including blocks, transactions, addresses, CAT tokens, NFTs, network stats, and XCH price via Spacescan.io API with an API key.

1· 1.5k·0 current·0 all-time
by@koba42corp
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
Name/README/SKILL.md and the included code implement a client for Spacescan.io (Chia blockchain explorer). The only credential referenced (SPACESCAN_API_KEY) is appropriate for that purpose. No unrelated binaries, credentials, or config paths are requested.
Instruction Scope
SKILL.md and index.js only instruct the agent/user to call the Spacescan API and to set SPACESCAN_API_KEY. The README suggests appending the key to shell profiles (echo 'export ...' >> ~/.zshrc) and using npm link to create global commands — these are benign but do persist to user shell/global PATH if the user follows them, so users should be aware before running those commands.
Install Mechanism
There is no registry install spec; the bundle provides an install.sh that runs npm install and the package.json declares standard npm dependencies (axios). Dependencies come from the npm registry (package-lock.json). No arbitrary HTTP downloads, shorteners, or extraction from unknown servers were found.
Credentials
Only SPACESCAN_API_KEY is required and the code explicitly reads process.env.SPACESCAN_API_KEY. No other secrets or unrelated environment variables/config paths are requested.
Persistence & Privilege
The skill is not always-enabled and does not modify other skills or system agent configs. Installation guidance includes npm link (creates global CLI entries) and shell-profile edits which create persistent system changes if executed — these are user-driven, not automatic, but users should be aware.
Assessment
This skill appears to be what it says: a Spacescan.io client that needs only a Spacescan API key. Before installing, verify you obtained your key from the official https://www.spacescan.io/apis page; avoid pasting the key into public places or git history. If you prefer not to append the key into ~/.zshrc or ~/.bashrc, keep it in a session-only environment or use a secret manager. Running the provided install.sh will run npm install (check dependencies and run npm audit if desired) and the README suggests npm link which places a global 'scan'/'spacescan' binary — only run that if you want a global CLI. Finally, review network calls/logging policies (to ensure the API key isn't accidentally logged) and consider rate limits on the free tier.

Like a lobster shell, security has layers — review code before you run it.

latestvk975mcj5erf8fgrz8z6rz05tan804ekm

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments