ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Nansen Wallet Manager

v0.1.1

Wallet management — create (local or Privy server-side), list, show, export, send, delete. Use when creating wallets, checking balances, or sending tokens.

0· 160·1 current·1 all-time
byNansen AI@nansen-devops
Security Scan
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Suspicious
high confidence
!
Purpose & Capability
Name/description, required binary (nansen), and primary env (NANSEN_API_KEY) align with a CLI-based wallet manager. However, the SKILL.md documents additional required credentials and behaviors (PRIVY_APP_ID, PRIVY_APP_SECRET, NANSEN_WALLET_PASSWORD, use of OS keychain and ~/.nansen/.credentials) that are not declared in the registry metadata. The ability to export private keys from local wallets is also part of the documented functionality and is sensitive.
!
Instruction Scope
The SKILL.md instructs the agent to run CLI commands that create, export, send, and delete wallets and to use Privy (server-side) or local encrypted storage. It explicitly documents exporting private keys for local wallets and the CLI fallback to an on-disk credentials file. The instructions reference env vars and secrets (PRIVY_*, NANSEN_WALLET_PASSWORD) that were not declared. Commands the agent will run can produce private keys and perform network operations — reasonable for a wallet manager but high-risk and the scope is broader than the declared metadata.
Install Mechanism
Install spec is a node/npm package (nansen-cli) that provides the 'nansen' binary. This is an expected and common install method for a CLI skill; moderate trust is required (npm package provenance should be verified), but there are no raw URL downloads or archive extraction in the spec.
!
Credentials
Registry metadata only lists NANSEN_API_KEY (primaryEnv), but the SKILL.md requires or references additional secrets: NANSEN_WALLET_PASSWORD, PRIVY_APP_ID, PRIVY_APP_SECRET, and possibly others. The skill also relies on OS keychain access and may fall back to an insecure ~/.nansen/.credentials file. Requesting undisclosed secrets and implicit file access is disproportionate and should have been declared.
Persistence & Privilege
always:false and agent invocation is normal. The skill does not request forced always-on presence. However, runtime behavior interacts with system secret stores (OS keychain) and may create ~/.nansen files (including an insecure fallback). That persistence is operationally significant for secrets handling, but not a metadata privilege misconfiguration on its own.
What to consider before installing
This skill appears to be a real CLI wrapper for wallet actions, but it has important inconsistencies and sensitive behavior you should review before installing: - The registry metadata only lists NANSEN_API_KEY, yet the instructions require additional secrets (PRIVY_APP_ID, PRIVY_APP_SECRET) and an optional NANSEN_WALLET_PASSWORD. Ask the publisher to update metadata to list all required env vars. - The CLI can export private keys for local wallets and may store passwords in a plaintext fallback at ~/.nansen/wallets/.credentials. If you install this, be aware that exporting keys or using the insecure fallback can expose funds. - The installer is an npm package (nansen-cli). Verify the package source, publisher identity, and review the package on the public npm registry or its GitHub repo before installing. - For agent use, prefer Privy (server-side keys) for automation if you trust Privy; otherwise require explicit human confirmation for any 'wallet export', 'send', or 'delete' operations. - If you cannot verify the upstream package or the publisher, avoid installing or restrict the skill so it cannot run sensitive commands automatically. Request the skill's homepage/repo and a full list of required env vars from the publisher; that information would materially change this assessment.

Like a lobster shell, security has layers — review code before you run it.

Runtime requirements

Binsnansen
EnvNANSEN_API_KEY
Primary envNANSEN_API_KEY

Install

Node
Bins: nansen
npm i -g nansen-cli
latestvk975fmgs7zhb575yw9z1da1v7d83mx8t
160downloads
0stars
2versions
Updated 2h ago
v0.1.1
MIT-0
Nansen AI@nansen-devops
latest
Download

Wallet

Auth Setup

# Save API key (non-interactive)
nansen login --api-key <key>
# Or via env var:
NANSEN_API_KEY=<key> nansen login

# Verify
nansen research profiler labels --address 0xd8dA6BF26964aF9D7eEd9e03E53415D37aA96045 --chain ethereum

Wallet Providers

The CLI supports two wallet providers:

Local (default)Privy (server-side)
Key storageEncrypted on diskServer-side via Privy API
Password requiredYes (min 12 chars)No
Export private keysYes (wallet export)No — keys are managed by Privy
Best forHuman users, manual tradingAgents, automated workflows
Flag--provider local (default)--provider privy
Required env varsNANSEN_WALLET_PASSWORDPRIVY_APP_ID + PRIVY_APP_SECRET

Privy Wallet Creation

Privy wallets are server-side wallets managed by the Privy API. No password is needed — keys never touch the local machine.

Prerequisites

The following environment variables must be set:

VarPurpose
PRIVY_APP_IDPrivy application ID
PRIVY_APP_SECRETPrivy application secret

Create a Privy wallet

nansen wallet create --provider privy
# Or with a custom name:
nansen wallet create --name agent-wallet --provider privy

Critical rules for agents (Privy)

  • No password needed — Privy manages keys server-side
  • Cannot export keyswallet export only works for local wallets
  • All other operations (list, show, send, delete, default) work identically for both providers

Local Wallet Creation (Two-Step Agent Flow)

This section covers local wallet creation. For Privy server-side wallets, see the Privy Wallet Creation section above — no password is needed.

Wallet creation requires a password from the human user. The agent must NOT generate or store the password itself.

Step 1 (Agent → Human): Ask the user to provide a wallet password (minimum 12 characters).

Step 2 (Agent executes): Run the create command with the password the user gave you.

NANSEN_WALLET_PASSWORD="<password_from_user>" nansen wallet create

After creation, the CLI automatically saves the password:

  • OS keychain (macOS Keychain, Linux secret-tool, Windows Credential Manager) — secure, preferred
  • ~/.nansen/wallets/.credentials file — insecure fallback when no keychain is available (e.g. containers, CI)

All future wallet operations retrieve the password automatically — no env var or human input needed.

If the .credentials file fallback is used, the CLI prints a warning on every operation. To migrate to secure storage later, run nansen wallet secure.

Password resolution order (automatic)

  1. NANSEN_WALLET_PASSWORD env var (if set)
  2. OS keychain (saved automatically on wallet create)
  3. ~/.nansen/wallets/.credentials file (insecure fallback, with warning)
  4. Structured JSON error with instructions (if none available)

Critical rules for agents

  • NEVER generate a password yourself — always ask the human user
  • NEVER store the password in files, memory, logs, or conversation history
  • NEVER use --human flag — that enables interactive prompts which agents cannot handle
  • After wallet creation, you do NOT need the password for future operations — the keychain handles it
  • If you get a PASSWORD_REQUIRED error, ask the user to provide their password again

Create

Privy (server-side, no password)

nansen wallet create --provider privy
# Or with a custom name:
nansen wallet create --name trading --provider privy

Requires PRIVY_APP_ID + PRIVY_APP_SECRET env vars. No password needed.

Local (encrypted on disk, password required)

# Ask the user for a password first, then:
NANSEN_WALLET_PASSWORD="<password_from_user>" nansen wallet create
# Or with a custom name:
NANSEN_WALLET_PASSWORD="<password_from_user>" nansen wallet create --name trading

List & Show

nansen wallet list
nansen wallet show <name>
nansen wallet default <name>

Send

# Send native token (SOL, ETH) — password auto-resolved from keychain
nansen wallet send --to <addr> --amount 1.5 --chain solana

# Send entire balance
nansen wallet send --to <addr> --chain evm --max

# Dry run (preview, no broadcast)
nansen wallet send --to <addr> --amount 1.0 --chain evm --dry-run

Export & Delete

# Password auto-resolved from keychain
nansen wallet export <name>
nansen wallet delete <name>

Forget Password

# Remove saved password from all stores (keychain + .credentials file)
nansen wallet forget-password

Migrate to Secure Storage

nansen wallet secure

For detailed migration steps (from ~/.nansen/.env, .credentials, or env-var-only setups), see the nansen-wallet-migration skill.

Flags

FlagPurpose
--toRecipient address
--amountAmount to send
--chainevm or solana
--maxSend entire balance
--dry-runPreview without broadcasting
--providerWallet provider: local (default, encrypted on disk) or privy (server-side via Privy API)
--humanEnable interactive prompts (human terminal use only — agents must NOT use this)
--unsafe-no-passwordSkip encryption (keys stored in plaintext — NOT recommended)

Environment Variables

VarPurpose
NANSEN_WALLET_PASSWORDWallet encryption password — only needed for initial wallet create. After that, the OS keychain handles it.
NANSEN_API_KEYAPI key (also set via nansen login --api-key <key>)
PRIVY_APP_IDPrivy application ID (required for --provider privy)
PRIVY_APP_SECRETPrivy application secret (required for --provider privy)
NANSEN_WALLET_PROVIDERDefault provider for wallet create — local or privy
NANSEN_EVM_RPCCustom EVM RPC endpoint
NANSEN_SOLANA_RPCCustom Solana RPC endpoint

Comments

Loading comments...