ClawHub

MetaComp VisionX KYT

v1.0.1

Check Web3 wallet or transaction security using MetaComp VisionX. Trigger when user mentions wallet address (0x..., Bitcoin, Tron), transaction hash, or asks...

1· 48·0 current·0 all-time
by@metacompai
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
Name/description (Web3 wallet/transaction KYT) match the declared requirement of a METACOMP_TOKEN and an npm package @metacomp/visionx-kyt-mcp that provides a CLI. There are no unrelated credentials, binaries, or config paths requested.
Instruction Scope
SKILL.md gives extensive, prescriptive output formats and explicitly instructs the agent to call MetaComp endpoints (e.g., get_wallet_security/get_transaction_security). It also requires asking the user whether they are sender or recipient and to stop until answered. This is expected for a KYT tool, but it means the skill will transmit user-supplied wallet addresses and tx hashes to MetaComp; users should be aware that on-chain identifiers and derived risk data are sent off-host.
Install Mechanism
Install spec is an npm package (@metacomp/visionx-kyt-mcp) that provides a CLI binary (visionx-kyt-mcp). Using npm is reasonable for a JS-based CLI, but npm packages execute code on install/run — review the package and its source (or the upstream repo) before installing.
Credentials
Only a single API credential (METACOMP_TOKEN) is required and declared as the primary credential. That is proportionate for a service that queries MetaComp's KYT API. No unrelated secrets or system paths are requested.
Persistence & Privilege
Skill is not always-enabled and does not request elevated or persistent agent privileges. There is no instruction to modify other skills or system-wide configs. Installing the npm CLI will add a binary, which is normal for a tool-based skill.
Assessment
This skill appears to do what it claims: it will call MetaComp's KYT service and needs your METACOMP_TOKEN. Before installing: (1) confirm you trust metacomp.ai and the published npm package; review the package source (GitHub repo) and npm page; (2) treat METACOMP_TOKEN like any API key — use a least-privilege key and rotate/revoke if needed; (3) expect that wallet addresses and transaction hashes you provide will be sent to MetaComp for analysis (do not provide private keys or other secrets); (4) the skill will prompt you to confirm whether you are the sender or recipient and will pause until you answer — this prevents accidental analysis, but be cautious about sharing counterparty addresses you don’t control; (5) if you need stricter isolation, run the CLI in a sandboxed environment or review traffic to ensure it only talks to MetaComp endpoints.

Like a lobster shell, security has layers — review code before you run it.

bitcoinvk97aqt4p391fq2mymne64dw1p5845vn7blockchainvk97aqt4p391fq2mymne64dw1p5845vn7ethereumvk97aqt4p391fq2mymne64dw1p5845vn7kytvk97aqt4p391fq2mymne64dw1p5845vn7latestvk97aqt4p391fq2mymne64dw1p5845vn7securityvk97aqt4p391fq2mymne64dw1p5845vn7tronvk97aqt4p391fq2mymne64dw1p5845vn7walletvk97aqt4p391fq2mymne64dw1p5845vn7web3vk97aqt4p391fq2mymne64dw1p5845vn7

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Runtime requirements

🔐 Clawdis
EnvMETACOMP_TOKEN
Primary envMETACOMP_TOKEN

Install

Install MetaComp VisionX KYT MCP server (requires METACOMP_TOKEN API key from metacomp.ai)
Bins: visionx-kyt-mcp
npm i -g @metacomp/visionx-kyt-mcp

Comments