ClawHub

Zapper Api

v0.1.0

Query DeFi portfolios, token holdings, NFTs, transactions, and prices via Zapper API. Supports 50+ chains. Use when user asks about wallet balances, DeFi positions, NFT collections, token prices, or transaction history.

0· 1.2k·0 current·0 all-time
by@zivhm
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
Name/description (Zapper API queries) match the actual behavior: a Python CLI that sends GraphQL requests to public.zapper.xyz. Required binary (python3) and primaryEnv (ZAPPER_API_KEY) are appropriate for this purpose.
Instruction Scope
SKILL.md confines operations to querying the Zapper API, optional local config (~/.config/zapper/addresses.json), and environment variable for the API key. It does not instruct reading unrelated system files or sending data to unexpected endpoints.
Install Mechanism
No external install/download steps are specified (instruction-only skill with included Python script). All network I/O is the expected GraphQL API call to public.zapper.xyz; there are no arbitrary external downloads or extract steps.
Credentials
Only the ZAPPER_API_KEY credential (and optionally a local config file containing the same key and wallet addresses) is requested. This is proportionate to the stated functionality and no unrelated secrets are required.
Persistence & Privilege
The skill is not always-enabled, does not modify other skills or system-wide settings, and does not request elevated or persistent privileges beyond reading its own config file and performing network requests.
Assessment
This skill will read an optional config at ~/.config/zapper/addresses.json (or use ZAPPER_API_KEY from your environment) and send GraphQL queries to https://public.zapper.xyz. Before installing: ensure you trust Zapper and are comfortable providing an API key; consider using a dedicated key with limited scope; avoid placing other unrelated secrets in the config file; review the included scripts/zapper.py if you want to verify exactly what data is sent. The skill does not request unrelated credentials or perform unexpected file access.

Like a lobster shell, security has layers — review code before you run it.

latestvk976pbcfdne8eedze04qz2fg7980jpsv

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Runtime requirements

🟪 Clawdis
Binspython3
Primary envZAPPER_API_KEY

Comments