ClawHub

Nansen Web Fetcher

v0.1.0

Fetch and analyze content from one or more URLs using AI (Gemini 2.5 Flash). Use when you have specific URLs and need to extract or summarize their content....

0· 100·2 current·2 all-time
byNansen AI@nansen-devops
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
Name and description (fetch and analyze web URLs) match the declared requirements: the nansen binary and NANSEN_API_KEY are exactly what the nansen CLI would need to perform web fetches and AI analysis.
Instruction Scope
SKILL.md instructs only running the nansen CLI (nansen web fetch ...) against user-supplied URLs and asking a question. It does not instruct reading unrelated files, accessing other env vars, or posting data to unexpected endpoints.
Install Mechanism
Install uses a public package manager (node/npm) installing package 'nansen-cli' which produces the nansen binary — this is expected for a CLI-based skill. This is moderate-risk compared with instruction-only skills because it writes a binary to disk; verify the npm package's authenticity and maintainers before installing.
Credentials
Only NANSEN_API_KEY is required and declared as the primary credential, which is proportionate for a service-backed fetch-and-analyze tool. No additional secrets or unrelated env vars are requested.
Persistence & Privilege
always is false and the skill does not request system-wide config changes or access to other skills' credentials. Default autonomous invocation is allowed (platform normal) and not combined with other high-risk flags.
Assessment
This skill appears to do exactly what it says: run the nansen CLI against URLs using your NANSEN_API_KEY. Before installing, verify the npm package 'nansen-cli' is the official/expected package (check the package owner, repo URL, and recent versions), consider installing in a controlled environment, and ensure the API key you provide has appropriate scope and billing controls (rotate the key after testing). If you are unsure about the npm package's provenance, inspect its source repository and published files (or run it in a sandbox) before granting your production API key.

Like a lobster shell, security has layers — review code before you run it.

latestvk979zfk5przymm8xfynsh7788d8360w6

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Runtime requirements

Binsnansen
EnvNANSEN_API_KEY
Primary envNANSEN_API_KEY

Install

Node
Bins: nansen
npm i -g nansen-cli

Comments