Nansen Wallet Deep Dive
PassAudited by ClawScan on May 1, 2026.
Overview
This skill appears purpose-aligned for Nansen wallet analysis, with expected but notable use of a Nansen API key, the Nansen CLI, and an npm-installed package.
Before installing, confirm you trust the nansen-cli package and are comfortable providing a Nansen API key. The documented workflow is read-oriented wallet analysis, but review any unexpected nansen command the agent proposes.
Findings (3)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
The agent can run nansen CLI commands while using this skill, so users should expect API-backed wallet lookups and should keep usage aligned with the documented analysis workflow.
The skill grants access to the nansen CLI via a wildcard permission. The documented examples are read-oriented wallet analysis commands, but the permission is broader than the exact commands shown.
allowed-tools: Bash(nansen:*)
Use the skill for the listed wallet-analysis commands and review any unexpected nansen command before allowing it.
Installing and using the skill may consume Nansen API access associated with the configured key.
The skill requires a Nansen API key to access the Nansen service. This is expected for the stated integration, but it gives the CLI access to the user's Nansen API account or quota.
requires:\n env:\n - NANSEN_API_KEY\n...\nprimaryEnv: NANSEN_API_KEY
Use a dedicated or least-privileged Nansen API key if available, keep the key out of chat messages, and monitor API usage.
The local behavior depends on the installed nansen-cli package version.
The skill depends on installing the nansen-cli npm package, with no version pin shown in the install specification. This is central to the skill's purpose, but users should be aware of the package provenance and version being installed.
node | package: nansen-cli | creates binaries: nansen
Install from a trusted package registry, verify the package identity, and consider pinning or reviewing the version used in sensitive environments.