zapper-api
v1.0.0Query DeFi portfolios, token holdings, NFTs, transactions, and prices via Zapper API. Supports 50+ chains. Use when user asks about wallet balances, DeFi positions, NFT collections, token prices, or transaction history.
⭐ 0· 1.3k·0 current·0 all-time
by@zivhm
Security Scan
OpenClaw
Benign
high confidencePurpose & Capability
Name/description, SKILL.md, and scripts/zapper.py all implement a Zapper GraphQL client. Requiring python3 and a ZAPPER_API_KEY is proportional and expected for this purpose; the only config path referenced (~/.config/zapper/addresses.json) is for wallet labels and an optional apiKey.
Instruction Scope
Runtime instructions and the script limit activity to resolving addresses, calling Zapper's public GraphQL endpoint, and printing JSON/text results. The SKILL.md does suggest storing the API key in ~/.config/zapper/addresses.json but also documents using the ZAPPER_API_KEY env var; there are no instructions to read unrelated system files or exfiltrate data to unexpected endpoints.
Install Mechanism
No install spec is provided (instruction-only plus a Python script). That is low-risk; the script uses only standard library urllib for network calls and requires python3 on PATH.
Credentials
Declared primaryEnv is ZAPPER_API_KEY and no other secrets are requested. The single API key is appropriate for a client that queries a remote API. The skill optionally reads a single user config file for wallets and an apiKey, which is reasonable but does mean the API key may be stored in plaintext if the user follows that config pattern.
Persistence & Privilege
always is false and the skill does not request persistent system-wide privileges or modify other skills. The script only reads the user's config file and environment; it does not write to system paths or alter other components.
Assessment
This skill appears to be a straightforward Zapper API client. Before installing, confirm you trust the publisher (source is listed as unknown) and prefer exporting ZAPPER_API_KEY as an environment variable rather than storing it in ~/.config/zapper/addresses.json if you want to avoid keeping the key in plaintext. Review the shipped scripts locally (scripts/zapper.py) yourself to verify there are no hidden network calls beyond https://public.zapper.xyz/graphql. Use a limited or free-tier API key where possible, and rotate/revoke the key if you stop using the skill or if you spot unexpected behavior.Like a lobster shell, security has layers — review code before you run it.
Runtime requirements
🟪 Clawdis
Binspython3
Primary envZAPPER_API_KEY
latest
Zapper API
Query DeFi portfolios, NFTs, and transactions across 50+ chains using Zapper's GraphQL API.
Setup
- Get API key from Zapper Dashboard (free tier available)
- Configure in
~/.config/zapper/addresses.json:{ "apiKey": "your-api-key", "wallets": [ {"label": "Main", "address": "0x..."}, {"label": "DeFi", "address": "0x..."} ] }
Or set environment variable: export ZAPPER_API_KEY="your-api-key"
Commands
| Command | Description | Example |
|---|---|---|
portfolio <address> | Token + DeFi totals | zapper.py portfolio 0x123... |
tokens <address> | Detailed token holdings | zapper.py tokens 0x123... |
apps <address> | DeFi positions (LPs, lending, staking) | zapper.py apps 0x123... |
nfts <address> | NFT holdings by value | zapper.py nfts 0x123... |
tx <address> | Recent transactions (30 days) | zapper.py tx 0x123... |
price <symbol> | Token price lookup | zapper.py price ETH |
claimables <address> | Unclaimed rewards | zapper.py claimables 0x123... |
config | Show configuration | zapper.py config |
Options
| Flag | Commands | Description |
|---|---|---|
--24h | portfolio, tokens | Show 24h price changes |
--short | portfolio | Output only total value |
--per-wallet | portfolio | Show each configured wallet separately |
--json | all | Output raw JSON |
--limit N | most | Max items to display |
Usage
# Portfolio summary
python3 scripts/zapper.py portfolio 0xADDRESS
# With 24h price changes
python3 scripts/zapper.py portfolio 0xADDRESS --24h
# Just total value
python3 scripts/zapper.py portfolio 0xADDRESS --short
# Per-wallet breakdown
python3 scripts/zapper.py portfolio --per-wallet
# Token holdings with prices
python3 scripts/zapper.py tokens 0xADDRESS --24h
# DeFi positions
python3 scripts/zapper.py apps 0xADDRESS
# NFT holdings
python3 scripts/zapper.py nfts 0xADDRESS
# Recent transactions
python3 scripts/zapper.py tx 0xADDRESS
# Token price
python3 scripts/zapper.py price ETH
# Unclaimed rewards
python3 scripts/zapper.py claimables 0xADDRESS
# JSON output
python3 scripts/zapper.py portfolio 0xADDRESS --json
Wallet Labels
Use configured wallet labels instead of addresses:
python3 scripts/zapper.py portfolio "Main"
python3 scripts/zapper.py tokens "DeFi"
Supported Tokens (price command)
ETH, WETH, USDC, USDT, DAI, WBTC, LINK, UNI, AAVE, MKR
Supported Chains
Ethereum, Base, Arbitrum, Optimism, Polygon, Solana, BNB Chain, Avalanche, zkSync, Linea, Scroll, Blast, and 40+ more.
Notes
- Free tier API key available at zapper.xyz/developers
- Rate limits apply - avoid rapid repeated requests
- NFT valuations based on floor prices
- Transaction history limited to 30 days
References
- API.md - GraphQL query examples
- Zapper Docs - Official API documentation
Comments
Loading comments...