Instant wallet intelligence for any EVM address. Know who you're dealing with before you interact. Wallet age, transaction history, token holdings, DeFi acti...
Security Analysis
high confidenceThis is a coherent paid wallet-lookup skill, but its script has a user-input code execution risk and it can automatically spend USDC per scan.
The wallet intelligence purpose matches the documented API calls, ENS resolution, and paid x402 scan model, but the automatic paid scan behavior is financially sensitive.
The script embeds user-controlled address and chain values directly into a Node.js command string, creating an unexpected code execution risk for crafted inputs.
No install-time execution or remote installer is shown; the included executable logic is in the provided shell script.
The skill makes paid outbound API calls and also contacts an ENS provider beyond the main SUPAH API, so users should understand both the spending and data-flow implications.
The script writes the latest JSON result to a fixed /tmp path and requires an agent wallet funded with USDC, but it does not show background persistence.
Guidance
Install only if you are comfortable with paid per-scan API usage. Use a limited-balance wallet, require confirmation for paid calls, and avoid passing untrusted or oddly formatted address/chain strings until the script validates and safely handles user input.
Latest Release
v1.3.0
Clean x402 only publish.
Popular Skills
Published by @supah-based on ClawHub
