ClawHub
Back to skill
v0.1.0

Nansen Token Transfer Analysis

BenignClawScan verdict for this skill. Analyzed May 1, 2026, 7:41 AM.

Analysis

This is a straightforward Nansen CLI skill for token transfer analysis, with expected notes about installing the CLI and using a Nansen API key.

GuidanceThis skill appears suitable if you want an agent to query Nansen token-transfer analytics. Before installing, confirm you trust the nansen-cli package and are comfortable giving the agent access to a Nansen API key. Keep usage to the documented token research commands unless you intentionally want broader nansen CLI use.

Findings (3)

Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.

Abnormal behavior control

Checks for instructions or behavior that redirect the agent, misuse tools, execute unexpected code, cascade across systems, exploit user trust, or continue outside the intended task.

Tool Misuse and Exploitation
SeverityLowConfidenceHighStatusNote
SKILL.md
allowed-tools: Bash(nansen:*)

The agent is allowed to invoke the nansen CLI. This is aligned with the skill's purpose, but the permission covers all nansen subcommands rather than only the listed token analysis commands.

User impactThe agent may be able to use other nansen CLI functionality if requested or inferred, not just the examples in the skill text.
RecommendationUse the skill for the documented research token commands and review any unexpected nansen command before allowing it.
Agentic Supply Chain Vulnerabilities
SeverityLowConfidenceHighStatusNote
install spec
node | package: nansen-cli | creates binaries: nansen

The skill depends on installing an external Node package that provides the nansen binary. This is expected for the skill, but the supplied artifacts do not include a pinned package version or homepage.

User impactInstalling the package brings in external code outside this instruction-only skill.
RecommendationInstall from a trusted registry source, check the package identity/version, and keep it updated according to your normal dependency review process.
Permission boundary

Checks whether tool use, credentials, dependencies, identity, account access, or inter-agent boundaries are broader than the stated purpose.

Identity and Privilege Abuse
SeverityLowConfidenceHighStatusNote
SKILL.md
requires:\n      env:\n        - NANSEN_API_KEY\n    primaryEnv: NANSEN_API_KEY

The skill needs a Nansen API key to access Nansen data. This credential use is disclosed and expected for the integration.

User impactThe agent can make Nansen API-backed queries using the configured key, which may affect account usage, quotas, or billing depending on the Nansen plan.
RecommendationProvide a scoped Nansen API key if available, monitor usage, and rotate or revoke the key if it is no longer needed.