NEAR Agent Skills
PassAudited by ClawScan on May 1, 2026.
Overview
The skill appears to be a read-only NEAR blockchain analytics/gas helper that uses expected public APIs and npm dependencies, with no wallet access or account-changing behavior shown.
This skill looks safe for read-only NEAR analytics use. Before installing, be comfortable with npm dependencies and with sending queried NEAR account IDs or analytics requests to NEAR RPC/Nearblocks services.
Findings (2)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Installing the skill will involve trusting npm packages used to contact NEAR services.
The skill relies on npm dependencies and a TypeScript build step. This is expected for a Node-based blockchain skill, and no postinstall script or hidden downloader is shown, but dependency provenance still matters.
"scripts": { "build": "tsc", "test": "vitest run" }, ... "dependencies": { "near-api-js": "^5.0.1", "node-fetch": "^2.7.0" }Install from a trusted source, keep the lockfile, and review dependency updates before upgrading.
A third-party API provider may see the NEAR account IDs or analytics queries you ask the skill to check.
The gas history function sends the requested account ID to a third-party Nearblocks API. This is purpose-aligned for blockchain analytics, but it discloses which account the user is querying.
fetch(`https://api.nearblocks.io/v1/account/${account_id}/txns?limit=25`)Avoid querying account IDs you consider sensitive, or confirm the third-party API provider is acceptable for your privacy needs.