Renzo Protocol
PassAudited by ClawScan on May 1, 2026.
Overview
This appears to be a read-only Renzo data query skill that sends live requests, including any wallet address you provide, to Renzo’s MCP server.
This skill looks suitable for read-only Renzo protocol lookups. Before installing, be aware that live queries go to Renzo’s MCP server and wallet-specific questions will disclose the wallet address you provide to that service.
Findings (2)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
The agent may run a local helper script to fetch Renzo data, but the reviewed script is limited to documented read-only calls.
The helper uses a command-line script for tool calls, but the artifact shows explicit tool whitelisting and JSON validation, keeping this scoped to the documented Renzo queries.
VALID_TOOLS=( get_ezeth_info get_protocol_stats get_supported_chains get_operators get_vaults get_vault_details get_vault_strategy get_token_balances get_withdrawal_requests ) ... if ! echo "$ARGUMENTS" | jq empty
Use it for Renzo-related queries and avoid modifying the script or passing unrelated data as arguments.
If you ask about a wallet address, that address and the type of query may be visible to the Renzo MCP service.
User-provided query arguments, including Ethereum addresses for balance or withdrawal checks, are sent to an external Renzo MCP endpoint.
MCP_URL="https://mcp.renzoprotocol.com/mcp" ... get_token_balances <arguments_json> ... required: {"address":"0x..."} ... curl ... -d "$PAYLOAD"Only provide wallet addresses you are comfortable sending to the Renzo MCP endpoint; do not provide private keys, seed phrases, or unrelated personal data.