HederaToolbox
WarnAudited by ClawScan on May 10, 2026.
Overview
The skill is mostly coherent for Hedera data queries, but it appears to use a public Hedera account ID as the billing key for paid actions and does not clearly require confirmation before paid or irreversible on-chain writes.
Treat this as a paid remote service. Start with a very small HBAR balance, confirm how the provider prevents anyone with your public account ID from spending that balance, and require manual approval before any paid call or HCS write record.
Findings (3)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
A prepaid HBAR balance could potentially be spent or associated with actions using only the public account ID if the service does not enforce stronger authorization outside the provided artifact.
The artifact says a public Hedera account ID becomes the persistent billing key, while also saying no private key or wallet signing is used. The provided artifact does not show a separate secret or signature-based control to prevent others who know the public account ID from using prepaid balance.
No registration, no API keys to manage — send HBAR to the platform wallet once, and your Hedera account ID becomes your permanent key.
Use only a small balance unless the provider documents stronger authentication, such as signed requests or a separate secret API token, and verify how balance-spending authorization is enforced.
The agent may spend prepaid HBAR or create durable on-chain records if it invokes these tools during a task.
The skill exposes paid tool calls and an irreversible on-chain write capability, but the provided instructions do not clearly require explicit user confirmation before paid or persistent write actions.
When active, your agent can call 20 Hedera blockchain tools... hcs_write_record | 5.00 ħ ... On-chain writes: Tools like `hcs_write_record` write HCS messages signed by the platform operator key
Before enabling the skill, require explicit approval for each paid call and especially for any HCS write, and review the exact record content before submission.
Your blockchain-related queries and identifiers will be visible to the HederaToolbox service and handled under its privacy policy.
The skill clearly discloses that user queries and blockchain identifiers are sent to a remote MCP/API service. This is expected for the stated purpose, but users should understand the data flow.
Data sent off-platform: Tool calls (account IDs, contract addresses, token IDs, query parameters) are sent to `api.hederatoolbox.com`.
Avoid sending sensitive investigative targets or private business context unless you are comfortable with the provider's privacy and retention practices.