ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Chainbase OpenAPI Skill

Operate Chainbase indexed wallet and token reads through UXC with a curated OpenAPI schema, API-key auth, and read-first guardrails.

MIT-0 · Free to use, modify, and redistribute. No attribution required.
0 · 31 · 1 current installs · 1 all-time installs
by@jolestar
MIT-0
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Suspicious
medium confidence
Purpose & Capability
Name, description, OpenAPI schema and SKILL.md all align: the skill is focused on read-only Chainbase Web3 HTTP reads (balances, tokens, txs, token metadata/holders/price). The curated OpenAPI schema and examples match the stated purpose.
Instruction Scope
Runtime instructions are narrowly scoped to calling api.chainbase.online via uxc and to only perform reads. They instruct binding an API key (CHAINBASE_API_KEY) and to use uxc/link/chainbase-openapi-cli. No unrelated files, system paths, or external endpoints beyond the schema host (raw.githubusercontent.com) and api.chainbase.online are referenced.
Install Mechanism
There is no install spec (instruction-only skill), so nothing is downloaded or written by the skill itself. The only remote endpoints referenced are the Chainbase API and a raw GitHub URL for the schema; both are expected for this purpose.
!
Credentials
SKILL.md instructs creating a secret env var (CHAINBASE_API_KEY) and binding it via uxc, but the registry metadata lists no required environment variables or primary credential. This mismatch (missing declared required env var/credential) is a documentation/inventory inconsistency you should verify. Also note the validation script references jq and rg which are not declared as required binaries.
Persistence & Privilege
The skill does not request 'always: true' and does not modify other skills or system-wide settings. It relies on uxc for auth/binding which is normal for CLI-based API integrations.
What to consider before installing
This skill is broadly coherent: it uses uxc plus a curated OpenAPI schema to make read-only calls to api.chainbase.online and expects a Chainbase API key. Before installing: 1) Confirm you are comfortable providing a Chainbase API key (create a least-privilege/read-only key). 2) Ensure the uxc tool is installed and you understand how uxc stores/uses CHAINBASE_API_KEY (the skill's docs ask you to set CHAINBASE_API_KEY via uxc). 3) Note the registry metadata did NOT declare required env vars or primary credentials — ask the publisher to declare CHAINBASE_API_KEY as the primary credential or verify locally that the only secret used is the Chainbase API key. 4) The included validation script expects jq and rg (ripgrep); these are developer tooling and not executed by the skill at runtime, but you should have them if you run validation. 5) Verify the schema URL (raw.githubusercontent.com) and the included references file are trustworthy and that the skill will only call the official api.chainbase.online endpoint. If you need higher assurance, request the publisher to add explicit requires.env/primary credential metadata and to confirm there are no hidden endpoints or write/transaction flows.

Like a lobster shell, security has layers — review code before you run it.

Current versionv1.0.0
Download zip
latestvk972p4epk9g9bs1h9zqh0ds3hh830mhk

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

SKILL.md

Chainbase Web3 API Skill

Use this skill to run Chainbase indexed data operations through uxc + OpenAPI.

Reuse the uxc skill for shared execution, auth, and error-handling guidance.

Prerequisites

  • uxc is installed and available in PATH.
  • Network access to https://api.chainbase.online.
  • Access to the curated OpenAPI schema URL:
    • https://raw.githubusercontent.com/holon-run/uxc/main/skills/chainbase-openapi-skill/references/chainbase-web3.openapi.json
  • A Chainbase API key.

Scope

This skill covers a read-first indexed data surface:

  • account native balance lookup
  • account token balances
  • account transaction history
  • token metadata
  • token holder reads
  • token price lookup
  • transaction detail lookup

This skill does not cover:

  • raw chain RPC methods
  • write or transaction submission flows
  • the broader Chainbase data product surface beyond the selected Web3 API reads

Authentication

Chainbase uses X-API-KEY header auth.

Configure one API-key credential and bind it to api.chainbase.online:

uxc auth credential set chainbase \
  --auth-type api_key \
  --api-key-header X-API-KEY \
  --secret-env CHAINBASE_API_KEY

uxc auth binding add \
  --id chainbase \
  --host api.chainbase.online \
  --scheme https \
  --credential chainbase \
  --priority 100

Validate the active mapping when auth looks wrong:

uxc auth binding match https://api.chainbase.online

Core Workflow

  1. Use the fixed link command by default:

    • command -v chainbase-openapi-cli
    • If missing, create it: uxc link chainbase-openapi-cli https://api.chainbase.online --schema-url https://raw.githubusercontent.com/holon-run/uxc/main/skills/chainbase-openapi-skill/references/chainbase-web3.openapi.json
    • chainbase-openapi-cli -h

  2. Inspect operation schema first:

    • chainbase-openapi-cli get:/v1/account/balance -h
    • chainbase-openapi-cli get:/v1/account/tokens -h
    • chainbase-openapi-cli get:/v1/token/metadata -h

  3. Prefer narrow account validation before broader reads:

    • chainbase-openapi-cli get:/v1/account/balance chain_id=1 address=0xd8da6bf26964af9d7eed9e03e53415d37aa96045
    • chainbase-openapi-cli get:/v1/token/price chain_id=1 contract_address=0xa0b86991c6218b36c1d19d4a2e9eb0ce3606eb48
    • chainbase-openapi-cli get:/v1/tx/detail chain_id=1 tx_hash=0x4e3f3bc239f496f59c3e4d4a4d5f10f7f0d6d9f4cd790beeb520d05f6f7d98ae

  4. Execute with key/value parameters:

    • chainbase-openapi-cli get:/v1/account/tokens chain_id=1 address=0xd8da6bf26964af9d7eed9e03e53415d37aa96045 page=1 limit=20
    • chainbase-openapi-cli get:/v1/token/holders chain_id=1 contract_address=0xa0b86991c6218b36c1d19d4a2e9eb0ce3606eb48 page=1 limit=20

Operation Groups

Account Reads

  • get:/v1/account/balance
  • get:/v1/account/tokens
  • get:/v1/account/txs

Token And Transaction Reads

  • get:/v1/token/metadata
  • get:/v1/token/holders
  • get:/v1/token/price
  • get:/v1/tx/detail

Guardrails

  • Keep automation on the JSON output envelope; do not use --text.
  • Parse stable fields first: ok, kind, protocol, data, error.
  • Treat this v1 skill as read-only. Do not imply RPC write methods, mempool send, or signing support.
  • Chainbase has multiple product surfaces. This skill is intentionally limited to indexed HTTP reads on https://api.chainbase.online.
  • Start with small page and limit values before building large crawls.
  • chainbase-openapi-cli <operation> ... is equivalent to uxc https://api.chainbase.online --schema-url <chainbase_openapi_schema> <operation> ....

References

Files

5 total
Select a file
Select a file to preview.

Comments

Loading comments…