evm-analyst
PassAudited by ClawScan on May 9, 2026.
Overview
This instruction-only blockchain analysis skill is purpose-aligned and contains no code, but users should verify the external Dune queries and be aware that addresses or transaction hashes may be sent to external services.
This skill appears safe for read-only Polygon fund-flow analysis. Before installing, verify the Dune query IDs and SQL if you need audit-grade accuracy, and only provide addresses, transaction hashes, or logs that you are comfortable having queried through external blockchain analytics services.
Findings (4)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Results may depend on external Dune query definitions that are outside this reviewed package.
The package includes reference SQL, but says actual execution follows the SQL stored on Dune, so users cannot verify the exact executed query solely from this package.
SQL 模板存在本文件中作为参考;实际执行时以 Dune 上的 SQL 为准。
Before relying on results, verify the registered Dune query IDs and their SQL directly in Dune, especially for high-stakes accounting or investigation work.
The package contents appear purpose-aligned, but the version labeling is not fully consistent across artifacts.
The supplied registry metadata lists version 1.0.3, while internal package metadata and SKILL.md use 0.2.1-slim; this is a provenance/version consistency issue rather than evidence of unsafe behavior.
"slug": "evm-analyst", "version": "0.2.1-slim"
Confirm that the installed package version is the one you intended to use.
Unknown topic hashes, and potentially related analysis context depending on implementation, may be queried through OpenChain.
The skill may contact an external API to decode unknown event signatures, which is expected for blockchain analysis but still sends lookup data to an outside service.
未命中再调 OpenChain Signature Database API (https://api.openchain.xyz/signature-database/v1/lookup)
Use only addresses, transaction hashes, and logs you are comfortable querying through external blockchain data services.
Blockchain addresses and transaction hashes provided for analysis may be sent to Dune when the agent runs queries.
The skill is designed to run external Dune queries with user-supplied parameters such as addresses, transaction hashes, and date ranges.
所有 query 调用通过 Dune Python SDK 进行
Avoid submitting addresses or transaction hashes if merely linking them to your investigation would be sensitive.