ClawHub

Nansen Sm Cross Chain Flows

v0.1.0

Is SM buying this token on one chain but selling on another? Detect capital rotation.

0· 132·1 current·1 all-time
byNansen AI@nansen-devops
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
Name/description target Nansen smart‑money cross‑chain flows and the skill requires the nansen CLI and NANSEN_API_KEY only — exactly the pieces needed to query Nansen. The declared node install (nansen-cli) matches the required binary.
Instruction Scope
SKILL.md contains a short Bash snippet that iterates chains and runs `nansen research smart-money netflow`. It does not instruct reading unrelated files or credentials. The instructions are somewhat terse (e.g., they mention filtering by token symbol but do not show the exact CLI flag to pass a token), which is a usability concern but not a security mismatch.
Install Mechanism
Install spec uses a node package (nansen-cli) to provide the nansen binary. Using npm for a CLI is expected; this is moderate risk by default but appropriate for the stated purpose. No arbitrary URL downloads or extraction from unknown hosts are present.
Credentials
Only NANSEN_API_KEY is required and is declared as the primary credential. That is proportional to a tool that queries the Nansen API. No unrelated secrets or system config paths are requested.
Persistence & Privilege
The skill is not always-enabled and uses default autonomous-invocation settings. It does not request system-wide configuration changes or access to other skills' credentials.
Assessment
This skill appears to do what it says: it runs the official-looking Nansen CLI using your NANSEN_API_KEY to check smart‑money netflows across chains. Before installing: (1) confirm the npm package 'nansen-cli' is the official Nansen CLI and review its publisher and README on npm/GitHub, (2) treat your NANSEN_API_KEY like a secret — use a key with only the minimum read permissions required, and avoid pasting long-lived master keys into unknown tools, (3) note the SKILL.md is terse: verify the correct CLI flags for filtering by token symbol (the snippet references filtering but doesn't show the exact flag), and (4) if you have policy concerns about outbound queries to Nansen, review the CLI source or run it locally to inspect network behavior before granting the key. Overall assessment: coherent and expected functionality, but verify package provenance and key scope.

Like a lobster shell, security has layers — review code before you run it.

latestvk9708wvxt8xjpvn1wrm4xbvqv5833zyg

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Runtime requirements

Binsnansen
EnvNANSEN_API_KEY
Primary envNANSEN_API_KEY

Install

Node
Bins: nansen
npm i -g nansen-cli

Comments