v0.1.1

Nansen Smart Alerts

ReviewClawScan verdict for this skill. Analyzed May 1, 2026, 7:29 AM.

Analysis

This skill matches its stated Nansen alert-management purpose, but it can use an internal API key to change or delete persistent alert rules and send alert payloads to external destinations with broad CLI/raw JSON authority.

GuidanceInstall only if you trust the nansen-cli package and intend to let the agent manage Nansen alert rules. Before any create, update, toggle, or delete action, verify the exact alert ID, thresholds, chains, recipients, and webhook URLs; be especially cautious with the raw --data option and with the internal Nansen API key.

Findings (5)

Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.

Abnormal behavior control

Checks for instructions or behavior that redirect the agent, misuse tools, execute unexpected code, cascade across systems, exploit user trust, or continue outside the intended task.

Tool Misuse and Exploitation

SeverityMediumConfidenceHighStatusConcern

SKILL.md

allowed-tools: Bash(nansen:*) ... nansen alerts update <id> ... nansen alerts delete <id> ... --data '<json>' merges raw JSON on top of named flags (escape hatch for fields without named flags).

The skill can invoke nansen via Bash, perform alert mutations/deletions, and use a raw JSON override path. This is disclosed and related to the purpose, but it is broad authority for account-state changes without clear artifact-level scoping or confirmation guidance.

User impactAn agent using this skill could change or remove Nansen alert rules, or set unsupported alert fields through raw JSON, which may affect ongoing monitoring and notifications.

RecommendationUse only with explicit user requests for create/update/toggle/delete actions, verify alert IDs and destinations before mutation, and avoid the --data escape hatch unless the user supplies and reviews the exact JSON.

Agentic Supply Chain Vulnerabilities

SeverityLowConfidenceMediumStatusNote

install spec

node | package: nansen-cli | creates binaries: nansen

The skill depends on an external Node package to provide its CLI, and the provided install specification does not pin a version. This is expected for a CLI-based integration but is still a provenance point to review.

User impactInstalling or updating the package may change the code that receives the Nansen API key and performs alert operations.

RecommendationVerify the package publisher/source, prefer a pinned reviewed version when possible, and install only from a trusted registry.

Cascading Failures

SeverityLowConfidenceHighStatusNote

SKILL.md

nansen alerts create --name <name> --type <type> --chains <chains> --telegram <chatId> ... Multiple channels can be combined: --telegram 123 --slack https://... --webhook https://...

Created alerts can persist and send notifications to multiple channels. This is purpose-aligned, but a bad threshold or wrong destination can keep propagating noisy or sensitive notifications until changed.

User impactA misconfigured alert could repeatedly notify the wrong chat, Slack, Discord, or webhook destination.

RecommendationReview thresholds and recipients before enabling alerts, start with limited channels, and disable or delete alerts that are no longer needed.

Permission boundary

Checks whether tool use, credentials, dependencies, identity, account access, or inter-agent boundaries are broader than the stated purpose.

Identity and Privilege Abuse

SeverityMediumConfidenceHighStatusNote

SKILL.md

requires:\n  env:\n    - NANSEN_API_KEY ... primaryEnv: NANSEN_API_KEY ... Alerts are internal-only (requires Nansen internal API key).

The skill explicitly requires a Nansen internal API key, which is expected for managing Nansen alerts but represents sensitive delegated access.

User impactAnyone or any agent with access to that environment variable may be able to act on Nansen alert resources allowed by the key.

RecommendationUse a least-privileged, alert-scoped key if available; keep the key out of shared transcripts and rotate it if exposure is suspected.

Sensitive data protection

Checks for exposed credentials, poisoned memory or context, unclear communication boundaries, or sensitive data that could leave the user's control.

Insecure Inter-Agent Communication

SeverityLowConfidenceHighStatusNote

SKILL.md

--slack webhook URL ... --discord webhook URL ... --webhook <url> sends a POST request with the alert payload to any HTTP/HTTPS endpoint. ... The endpoint must be publicly reachable

The skill supports sending alert payloads to external chat/webhook endpoints. This is a normal alerting feature, but it moves alert data outside Nansen to destinations the user configures.

User impactAlert contents and webhook URLs could be exposed to third-party services or unintended recipients if configured incorrectly.

RecommendationOnly use trusted webhook destinations, avoid sharing secret webhook URLs, and confirm what alert payload data will be sent.