Dune Analytics API
ReviewAudited by ClawScan on May 10, 2026.
Overview
This looks like a normal Dune Analytics helper, but it can use your Dune API key to spend credits and change or upload data in your Dune account.
This skill is reasonable to use if you are comfortable giving it access to your Dune API key. Before running it, check which query, table, or local file it will use; prefer private queries and private uploads; confirm before overwriting, deleting, or updating Dune resources; and be cautious if a private query would fall back to public.
Findings (4)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Actions taken by the skill may run under the user's Dune account and can consume Dune credits or affect account resources.
The skill requires the user's Dune API key, which is expected for the integration but grants delegated access to the user's Dune account.
requires:
env:
- DUNE_API_KEY
primaryEnv: DUNE_API_KEYUse the API key only in trusted workspaces, monitor credit usage, and revoke or rotate the key if it is no longer needed.
A mistaken invocation could overwrite query SQL, replace uploaded table data, upload the wrong local file, or consume Dune credits.
The documented helper commands can update saved query SQL and upload or overwrite Dune table data. These are purpose-aligned but account-mutating operations.
`dune_query.py` | `update_sql --query-id ID --sql "..."` | Update query SQL ... `dune_upload.py` | `upload_csv --file data.csv --table-name tbl` | Quick CSV upload (overwrites)
Confirm query IDs, table names, file paths, privacy settings, and overwrite behavior before running mutation or upload commands.
A query that the user expected to be private could be created publicly, exposing SQL or embedded constants in the public Dune namespace.
The reference example falls back from private query creation to public query creation after an error, warning the user only after the public query is created.
except Exception as e:
# Private queries require a paid plan, fall back to public
query = client.create_query(..., is_private=False)
print("⚠️ Private query not available on your plan, created as public instead.")Ask for explicit user approval before falling back to a public query, especially when SQL includes wallet lists, proprietary logic, or sensitive constants.
Future or environment-specific versions of dune-client could behave differently from the version the skill author tested.
The skill depends on an external Python package installed by the user, and the artifact does not pin a package version.
`pip install dune-client`
Install from a trusted Python environment and consider pinning a reviewed dune-client version for reproducible behavior.