ClawHub

Nansen Agent Guide

Security checks across malware telemetry and agentic risk

Overview

This is a coherent Nansen routing guide that uses a declared Nansen API key and Nansen CLI commands, with no evidence of hidden code, persistence, or misuse.

This skill appears safe to install if you trust the nansen-cli package and intend to use Nansen. Provide a Nansen API key only in a trusted environment, watch credit usage for agent and expert calls, and avoid sending sensitive research prompts or wallet details unless you intend them to be processed by Nansen.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal

Risk analysis

Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.

#
ASI02: Tool Misuse and Exploitation
Low
What this means

The agent may run Nansen commands that query the external service and spend Nansen credits.

Why it was flagged

The skill permits Nansen CLI execution and includes agent calls that can consume credits. This is disclosed and central to the routing-guide purpose, but users should be aware of cost and command scope.

Skill content
allowed-tools: Bash(nansen:*) ... Cost: 200 credits (fast) / 750 credits (expert)
Recommendation

Review expensive Nansen agent or --expert calls before use, and keep commands tied to the user's research request.

#
ASI03: Identity and Privilege Abuse
Low
What this means

Anyone using the skill through this environment could make Nansen API calls under the configured API key.

Why it was flagged

The skill requires a Nansen API key, which is expected for Nansen CLI usage but still grants access to the user's Nansen account or credits.

Skill content
requires:
  env:
    - NANSEN_API_KEY
  bins:
    - nansen
primaryEnv: NANSEN_API_KEY
Recommendation

Use an appropriately scoped Nansen API key if available, monitor credit usage, and avoid sharing the key outside the intended environment.

#
ASI04: Agentic Supply Chain Vulnerabilities
Info
What this means

Installing the skill requires trusting the nansen-cli package that supplies the command-line tool.

Why it was flagged

The skill depends on installing an external Node package to provide the Nansen binary. This is expected for the stated purpose, but package provenance and version pinning are not detailed in the provided install spec.

Skill content
[0] node | package: nansen-cli | creates binaries: nansen
Recommendation

Install from a trusted package registry/source and verify the package identity before providing your Nansen API key.