ClawHub

TONSCAN wallet balance

Security checks across malware telemetry and agentic risk

Overview

This is a documentation-only skill for looking up public TON wallet information through TonScan, with the main privacy consideration that queried addresses are sent to TonScan.

Install only if you are comfortable sending TON wallet addresses you ask about to TonScan. Blockchain addresses are public, but the fact that you queried a specific address may still be visible to that external service.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (8)

Vague Triggers

Medium
Confidence
91% confidence
Finding
The manifest description explicitly tells the agent to trigger for broad, casual phrases like 'check this address for me,' which can cause the skill to activate in ordinary conversation without clear user intent. Because the skill sends wallet addresses to a third-party service, over-broad triggering increases the chance of unintended data disclosure and unnecessary outbound requests.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The skill lacks a clear user-facing disclosure that supplied wallet addresses will be transmitted to TonScan, a third-party public API. Even though wallet addresses are public on-chain identifiers, users may not expect the assistant to forward them externally, creating a privacy and consent issue.

External Transmission

Medium
Category
Data Exfiltration
Content
## Primary Endpoint: Address Information
```
GET https://api.tonscan.com/api/bt/getAddressInformation?address={ADDRESS}
```

### Quick Balance Lookup (one-liner)
Confidence
90% confidence
Finding
https://api.tonscan.com/

External Transmission

Medium
Category
Data Exfiltration
Content
### Quick Balance Lookup (one-liner)
```bash
curl -s "https://api.tonscan.com/api/bt/getAddressInformation?address=EQDtFpEwcFAEcRe5mLVh2N6C0x-_hJEM7W61_JLnSF74p4q2" \
  | jq '.json.data.detail.balance'
```
Confidence
89% confidence
Finding
https://api.tonscan.com/

External Transmission

Medium
Category
Data Exfiltration
Content
### Full Response with Human-Readable Balance
```bash
ADDRESS="EQDtFpEwcFAEcRe5mLVh2N6C0x-_hJEM7W61_JLnSF74p4q2"
curl -s "https://api.tonscan.com/api/bt/getAddressInformation?address=${ADDRESS}" \
  | jq '{
      address: .json.data.detail.address,
      balance_nanoton: .json.data.detail.balance,
Confidence
89% confidence
Finding
https://api.tonscan.com/

External Transmission

Medium
Category
Data Exfiltration
Content
import requests

def get_ton_balance(address: str) -> dict:
    url = "https://api.tonscan.com/api/bt/getAddressInformation"
    resp = requests.get(url, params={"address": address})
    resp.raise_for_status()
Confidence
92% confidence
Finding
https://api.tonscan.com/

External Transmission

Medium
Category
Data Exfiltration
Content
## JavaScript / Node.js Example
```javascript
async function getTonBalance(address) {
  const url = new URL("https://api.tonscan.com/api/bt/getAddressInformation");
  url.searchParams.set("address", address);

  const res = await fetch(url);
Confidence
92% confidence
Finding
https://api.tonscan.com/

External Transmission

Medium
Category
Data Exfiltration
Content
**Checking for empty/uninitialized accounts:**
```bash
curl -s "https://api.tonscan.com/api/bt/getAddressInformation?address=..." \
  | jq 'if .json.data.detail.balance == "0" then "Empty wallet" else "Has funds" end'
```
Confidence
87% confidence
Finding
https://api.tonscan.com/

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal