ClawHub
Back to skill
v1.0.0

Nansen Limit Orders

SuspiciousClawScan verdict for this skill. Analyzed Apr 30, 2026, 1:41 PM.

Analysis

The skill is coherent for Nansen limit orders, but it can run broad Nansen trading commands that create persistent crypto orders and store auth state without documented confirmation guardrails.

GuidanceInstall only if you trust the nansen-cli package and are comfortable letting the agent run Nansen wallet/trading commands. Use a limited wallet/API key, verify every order parameter before execution, set conservative expiries, and check/cancel active orders and alerts after use.

Findings (8)

Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.

Abnormal behavior control

Checks for instructions or behavior that redirect the agent, misuse tools, execute unexpected code, cascade across systems, exploit user trust, or continue outside the intended task.

Tool Misuse and Exploitation
SeverityHighConfidenceHighStatusConcern
SKILL.md
allowed-tools: Bash(nansen:*) ... `nansen trade limit-order create|list|cancel|update` places real resting orders through the Nansen trading API.

The allowed tool pattern exposes all nansen CLI subcommands, while the skill includes high-impact trading operations that can create, update, or cancel real crypto orders.

User impactA mistaken or overbroad tool invocation could place or modify a real crypto order, potentially causing financial loss.
RecommendationNarrow the allowed tool scope to the exact needed nansen subcommands and require explicit user confirmation of wallet, token pair, amount, trigger condition, trigger price, slippage, and expiry before create, update, or cancel actions.
Agentic Supply Chain Vulnerabilities
SeverityMediumConfidenceHighStatusNote
install spec
node | package: nansen-cli | creates binaries: nansen

The skill depends on an external Node package to provide the executable, and the provided install spec does not pin a version.

User impactThe installed CLI package is a trusted part of the trading workflow; if the package source or version changes, the behavior users rely on could change too.
RecommendationPin the nansen-cli package version and publish provenance information such as source repository or verified package identity.
Unexpected Code Execution
SeverityLowConfidenceHighStatusNote
SKILL.md
allowed-tools: Bash(nansen:*)

The skill executes the installed nansen CLI through Bash. This is expected for the skill's purpose, but users should know that local command execution is part of the workflow.

User impactUsing the skill runs local nansen commands, including commands that interact with wallets, trading APIs, and alert setup.
RecommendationRun it only in an environment where the nansen CLI is trusted and configured for the intended wallet/account.
Cascading Failures
SeverityHighConfidenceHighStatusConcern
SKILL.md
places real resting orders through the Nansen trading API ... `--expires` accepts `24h`, `7d`, `30d` (default)

A single incorrect order command can create a real order that persists for a period of time and may execute later. The artifact does not pair this with mandatory pre-flight confirmation or containment steps.

User impactAn incorrect token, amount, price, slippage, wallet, or expiry could remain active and later execute against the user's assets.
RecommendationRequire a dry-run or final confirmation summary before placing orders, encourage short expiries, and instruct users to list active orders after creation or cancellation.
Rogue Agents
SeverityMediumConfidenceHighStatusNote
SKILL.md
The limit order itself is price-triggered ... A companion smart alert is a settlement confirmation ... it fires after the trade settles on-chain.

The skill creates mechanisms that can continue operating after the immediate interaction, such as resting orders and alerts. They are disclosed and purpose-aligned, not hidden rogue behavior.

User impactOrders or alerts may remain active after the chat interaction ends, so later market or on-chain events can trigger trades or notifications.
RecommendationTrack active orders and alerts, set appropriate expiries, and cancel or remove anything no longer wanted.
Permission boundary

Checks whether tool use, credentials, dependencies, identity, account access, or inter-agent boundaries are broader than the stated purpose.

Identity and Privilege Abuse
SeverityMediumConfidenceHighStatusNote
SKILL.md
A Solana wallet configured in `nansen-cli` ... Local, Privy, and WalletConnect wallets are all supported ... `NANSEN_API_KEY`.

The skill requires a Nansen API key and access to a configured wallet, which are sensitive privileges but are directly related to the stated trading purpose.

User impactThe skill can operate in an environment that has access to Nansen account credentials and wallet-based trading authority.
RecommendationUse a dedicated API key and a limited-purpose wallet where possible, and verify wallet/account permissions before using the skill.
Sensitive data protection

Checks for exposed credentials, poisoned memory or context, unclear communication boundaries, or sensitive data that could leave the user's control.

Memory and Context Poisoning
SeverityMediumConfidenceHighStatusNote
SKILL.md
First-time `trade limit-order create` auto-registers a trading vault and caches a JWT at `~/.nansen/limit-order-auth.json` for ~23h.

The skill discloses persistent local auth state. This is purpose-aligned, but it is sensitive state that remains after the immediate command.

User impactA local auth token may remain on disk and could be misused if the machine or user profile is compromised.
RecommendationEnsure local file permissions are secure, avoid shared machines, and provide or follow a cleanup/revocation process for cached auth state.
Insecure Inter-Agent Communication
SeverityLowConfidenceHighStatusNote
SKILL.md
For the alert fallback: a notification channel (Telegram chat ID, Slack or Discord webhook, or generic webhook URL).

The alert fallback can send settlement notifications to external messaging or webhook endpoints. This is disclosed and purpose-aligned, but recipients and webhook ownership matter.

User impactTrade or wallet activity signals could be sent to the wrong chat, workspace, or webhook if configured incorrectly.
RecommendationUse only trusted notification endpoints and verify the destination before creating alerts.