M10 OneSource Blockchain Agent
PassAudited by ClawScan on May 1, 2026.
Overview
This is a coherent instruction-only connector to a disclosed paid blockchain-data API; the main things to notice are external query sharing and x402 payment approval.
Install if you are comfortable sending blockchain questions and wallet addresses to OneSource and using an x402-paid endpoint. Configure your client to require confirmation or enforce spend limits for paid requests, and do not include private keys, seed phrases, or sensitive off-chain identity details in queries.
Findings (2)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
If the platform is configured to approve x402 payments automatically, each accepted query can spend USDC, even though the documented per-query price is small.
The skill does not request an API key, but successful use depends on delegated x402 payment authorization handled outside the skill.
Paid requests include a `payment-signature` header ... Payment handling is the responsibility of the calling client or platform.
Confirm how your client or platform approves x402 payments, and set confirmation prompts or spending limits if you do not want automatic paid calls.
Wallet addresses or query text that could reveal your interests or account associations may be shared with OneSource.
The artifact clearly discloses that user questions and included blockchain addresses are sent to an external provider.
Queries are sent to `https://agent.onesource.io` ... Your natural-language query text and any addresses you include are transmitted.
Avoid including private keys, seed phrases, or sensitive off-chain context in queries, and review OneSource's privacy terms if wallet-address privacy matters to you.