ClawHub

Nansen Smart Alerts

v0.1.1

Manage smart alerts — list, create, update, toggle, delete. Use when setting up or managing token flow alerts, smart money alerts, or notification rules.

0· 131·1 current·1 all-time
byNansen AI@nansen-devops
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Benign
medium confidence
Purpose & Capability
Name/description (manage Nansen smart alerts) match the declared dependency (nansen CLI) and primaryEnv (NANSEN_API_KEY). The requested binary and API key are what you'd expect for a CLI wrapper around Nansen alert management.
Instruction Scope
SKILL.md contains only CLI usage for creating/listing/updating/deleting alerts via the nansen binary. It does explicitly allow posting alert payloads to arbitrary webhook URLs (user-supplied) — this is within the skill's purpose but means alert payloads can be sent to third parties if you configure webhooks.
Install Mechanism
Install uses an npm package (nansen-cli) that provides the nansen binary—this is a typical install for CLI tooling but is a moderate-risk install source (npm packages execute code during install). There is no homepage or source URL in the registry metadata to verify the package provenance.
Credentials
Only a single env var (NANSEN_API_KEY) is required and is declared as the primary credential. That is proportional to the stated functionality. The README warns the key must be an internal Nansen API key — treat it as sensitive.
Persistence & Privilege
Skill is not always-enabled and does not request system-wide persistence or modification of other skills. It is user-invocable and can be autonomously invoked per platform defaults.
Assessment
This skill appears coherent for managing Nansen alerts, but take these precautions before installing: 1) Verify the npm package 'nansen-cli' is the official package (check the package page, author/publisher, version, and source repo) because the registry metadata here lacks a homepage/source URL. 2) Only supply a least-privilege, internal NANSEN_API_KEY (rotate it if compromised). Treat it as sensitive; do not reuse broad-purpose credentials. 3) Be careful when configuring webhooks or external channels — alert payloads can be POSTed to any URL you provide, which may leak sensitive alert data. 4) Prefer installing and running the CLI in an isolated environment (container or dedicated machine) and review the package source code if possible. 5) If you need higher assurance, request the package's source repo or a signed release from the skill author before granting the API key.

Like a lobster shell, security has layers — review code before you run it.

latestvk977h4gjx07fwkb2fmam2czdex83q76e

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Runtime requirements

Binsnansen
EnvNANSEN_API_KEY
Primary envNANSEN_API_KEY

Install

Node
Bins: nansen
npm i -g nansen-cli

Comments