ClawHub

Nansen Polymarket Insider Scan

v0.1.0

Scan a resolved Polymarket market for wallets exhibiting suspicious trading patterns: fresh funding, single-market focus, extreme ROI, late entry at high pri...

0· 118·1 current·1 all-time
byNansen AI@nansen-devops
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Benign
medium confidence
Purpose & Capability
Name, description, declared binaries (nansen), primaryEnv (NANSEN_API_KEY) and the CLI commands in SKILL.md all align: the skill calls Nansen research endpoints to identify suspicious wallets on Polymarket. No unrelated services, binaries, or config paths are requested.
Instruction Scope
SKILL.md contains only Nansen CLI commands and local computations (ROI, scoring). It does not instruct reading unrelated files, other environment variables, or sending data to external endpoints beyond the Nansen API. It includes rate-limit pauses and error handling guidance.
Install Mechanism
Install uses an npm package (nansen-cli) that provides the nansen binary — this is a reasonable, expected mechanism for this functionality. Because the skill's source/homepage is unknown in the registry metadata, verify the npm package identity/maintainer before installing to avoid typosquat or malicious packages.
Credentials
Only a single credential (NANSEN_API_KEY) is required and is appropriate for the described API-driven scanning. No unrelated secrets or system credentials are requested.
Persistence & Privilege
The skill is not always-enabled, requests no system config paths, and does not ask to modify other skills or system-wide settings. It will run via normal agent invocation if allowed, which is expected.
Assessment
This skill appears to do what it says: it runs the Nansen CLI against Polymarket-related Nansen endpoints and computes simple heuristics. Before installing, verify the npm package 'nansen-cli' is the official/expected package (check author, npm page, GitHub repo or published vendor) to avoid typosquat risks. Treat your NANSEN_API_KEY like a secret: consider using a key with minimal required permissions or a restricted/billing-limited account. Be aware the skill will make API calls that may consume your Nansen quota and could reveal which markets you scan. If you do not trust the package source, do not install; if you proceed, monitor API usage and limit the agent's ability to run the skill autonomously if you prefer.

Like a lobster shell, security has layers — review code before you run it.

latestvk97efg9x0b2vmgekasrz51j85n8335z9

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Runtime requirements

Binsnansen
EnvNANSEN_API_KEY
Primary envNANSEN_API_KEY

Install

Node
Bins: nansen
npm i -g nansen-cli

Comments