Skillv1.0.4

ClawScan security

M10 OneSource Blockchain Agent · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

BenignFeb 23, 2026, 8:10 PM

Verdict: benign
Confidence: high
Model: gpt-5-mini
Summary: The skill is internally consistent: it is an instruction-only adapter that forwards natural-language blockchain queries to a paid external endpoint (agent.onesource.io) using the x402 payment protocol and does not request local credentials or install components.
Guidance: This skill is coherently described and appears to do exactly what it says: send your queries to OneSource's paid API and return structured analysis. Before installing, consider: (1) cost — each query is billed ($0.04 USDC per the doc) and your platform must support the x402 payment flow; (2) privacy — your query text and any blockchain addresses you include are transmitted to an external service and may appear in `query_traces`; avoid sending sensitive secrets or private data; (3) trust & retention — the skill claims no long-term storage but that is a statement from the external provider; review OneSource's privacy and terms if you need stronger guarantees. If you rely on on-prem or offline data, this skill is not appropriate. Otherwise the skill is internally consistent and does not request unnecessary permissions.

Review Dimensions

Purpose & Capability: okThe name/description (Ethereum blockchain query agent) matches the instructions: all queries are POSTed to https://agent.onesource.io, responses include structured fields, and the documented capabilities (events, txs, contracts, live state) align with the service description. No unrelated env vars, binaries, or install steps are requested.
Instruction Scope: noteThe SKILL.md explicitly requires network access and transmitting the user's natural-language query (and any included addresses) to the external OneSource endpoint. It also documents that responses include a `query_traces` field which may echo query content and should be omitted from user-facing output if not needed. The instructions do not ask the agent to read local files or environment variables. Note: declarations such as 'No data is stored' are claims by the external service and cannot be independently verified from the skill text.
Install Mechanism: okNo install spec and no code files — instruction-only. This is the lowest-risk install profile because nothing is written to disk by the skill itself.
Credentials: okThe skill requests no environment variables, credentials, or config paths. The only external requirement is that the caller/platform implement the x402 payment flow (HTTP 402 / payment-signature headers). Payment handling is a client/platform responsibility; the skill does not request wallet keys or secrets.
Persistence & Privilege: okalways:false and user-invocable:true (defaults) — the skill does not request permanent or elevated presence. It does not instruct modification of other skills or system configuration.