TronScan Token List
PassAudited by VirusTotal on May 11, 2026.
Overview
Type: OpenClaw Skill Name: tronscan-token-list Version: 1.0.3 The skill provides a set of tools to interface with the official TronScan MCP server (mcp.tronscan.org) to retrieve TRC20 token lists, pricing, and market metrics. The instructions in SKILL.md are well-aligned with the stated purpose and even include safety guidelines for the agent to flag tokens marked as 'Suspicious' or 'Unsafe' by the API. No malicious code, data exfiltration, or prompt injection attacks were identified.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Token searches and usage patterns may be processed by the configured TronScan MCP provider.
The skill relies on a disclosed external MCP endpoint for its tools. This is coherent with the TronScan token-list purpose, but user queries and token lookups may be sent to that external service.
mcp-server: https://mcp.tronscan.org/mcp
Use the skill only with a trusted MCP configuration and avoid submitting private or sensitive information as token-search input.
If configured, the API key may consume the user's TronScan API quota or identify requests to the provider.
The skill mentions an optional TronScan API key for rate-limit handling. This is purpose-aligned, but it is still a credential that should be handled carefully.
apply for an API key, then add it to your MCP configuration and retry
Store any API key only in the intended MCP configuration, do not paste it into chat, and use the least-privileged or revocable key available.