Nansen Web Fetcher
Security checks across static analysis, malware telemetry, and agentic risk
Overview
This skill coherently uses the Nansen CLI and API key to fetch and summarize web URLs, with only expected notes around external service use, credential setup, and a broad CLI permission.
This appears safe for its stated purpose. Before installing, make sure you trust the nansen-cli package and the Nansen/Gemini processing path, and avoid submitting sensitive private URLs or confidential questions unless that is acceptable for your account and data policy.
Static analysis
No static analysis findings were reported for this release.
VirusTotal
VirusTotal findings are pending for this skill version.
Risk analysis
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
The agent may be able to run more Nansen CLI operations than just fetching URLs, depending on what the installed CLI supports.
The permission allows any nansen CLI subcommand, while the skill documentation is centered on web fetch and related search examples.
allowed-tools: Bash(nansen:*)
Install only if you are comfortable granting the agent access to the Nansen CLI; prefer a narrower tool rule if available.
Use of the skill will depend on your Nansen API credentials and may consume quota or access services tied to your account.
The skill requires a Nansen API key, which is expected for using the Nansen service but still represents delegated account access.
requires:\n env:\n - NANSEN_API_KEY
Use a dedicated or least-privileged API key if possible, and rotate or revoke it if you no longer use the skill.
The code that actually runs comes from the external nansen-cli package rather than from files included in this skill artifact.
The skill relies on installing an external npm CLI package, and the artifact does not pin an exact package version.
node | package: nansen-cli | creates binaries: nansen
Install from a trusted package registry source and consider pinning or reviewing the nansen-cli package version in managed environments.
URLs and questions submitted through this skill may be sent to Nansen and/or Gemini for processing.
The skill discloses that URL content and the user's question are processed through an external AI/provider flow.
Fetch and analyze content from one or more URLs using AI (Gemini 2.5 Flash).
Avoid using the skill with private, access-controlled, or sensitive URLs unless you are comfortable with that provider data flow.