Back to skill
Skillv1.0.4
ClawScan security
TronScan Block Info · ClawHub's context-aware review of the artifact, metadata, and declared behavior.
Scanner verdict
BenignMar 14, 2026, 1:23 AM
- Verdict
- benign
- Confidence
- high
- Model
- gpt-5-mini
- Summary
- The skill is an instruction-only wrapper for TronScan block APIs and its requested resources (none) and instructions align with its stated purpose.
- Guidance
- This skill is coherent and appears to only query TronScan APIs via the MCP server it cites. Before installing, confirm you trust the MCP server URL (https://mcp.tronscan.org) and the skill publisher (no homepage is provided). Be aware the agent will make network requests to the Tronscan endpoints — if you have sensitive environment or network policies, restrict access accordingly. If you need rate-limited access, supply an API key only through your platform's secure config (not pasted into chat).
Review Dimensions
- Purpose & Capability
- okName/description match the runtime instructions: all calls and data referenced (latest block, blocks list, block stats) are relevant to a TRON block-info skill.
- Instruction Scope
- okSKILL.md only describes calling TronScan MCP/API endpoints (getLatestBlock, getBlocks, getBlockStatistic) and how to combine their outputs; it does not instruct reading local files, unrelated env vars, or exfiltrating unrelated data.
- Install Mechanism
- okNo install spec and no code files — lowest-risk instruction-only skill. No downloads, packages, or binaries are requested.
- Credentials
- okThe skill declares no required environment variables or credentials. It mentions using an API key only as optional troubleshooting advice for rate limits, which is proportional to calling an external API.
- Persistence & Privilege
- okSkill is not force-installed (always: false) and has default autonomous-invocation settings; this is normal for skills and no elevated persistence or cross-skill config changes are requested.