📦 Nansen Wallet Manager — 钱包管理
v0.1.1一站式钱包生命周期管理:本地或 Privy 服务端创建、列表展示、详情查看、导出私钥、链上转账、删除钱包,满足多链资产查询与收发需求。
0· 172·1 当前·1 累计
by 下载技能包
最后更新
2026/4/21
安全扫描
OpenClaw
可疑
high confidenceThe skill mostly matches a wallet-management purpose, but its runtime instructions require additional secrets and local key storage behavior that are not declared in the metadata — this mismatch plus the ability to export private keys is a meaningful risk you should understand before installing.
评估建议
This skill appears to be a real CLI wrapper for wallet actions, but it has important inconsistencies and sensitive behavior you should review before installing:
- The registry metadata only lists NANSEN_API_KEY, yet the instructions require additional secrets (PRIVY_APP_ID, PRIVY_APP_SECRET) and an optional NANSEN_WALLET_PASSWORD. Ask the publisher to update metadata to list all required env vars.
- The CLI can export private keys for local wallets and may store passwords in a plaintext fallbac...详细分析 ▾
⚠ 用途与能力
Name/description, required binary (nansen), and primary env (NANSEN_API_KEY) align with a CLI-based wallet manager. However, the SKILL.md documents additional required credentials and behaviors (PRIVY_APP_ID, PRIVY_APP_SECRET, NANSEN_WALLET_PASSWORD, use of OS keychain and ~/.nansen/.credentials) that are not declared in the registry metadata. The ability to export private keys from local wallets is also part of the documented functionality and is sensitive.
⚠ 指令范围
The SKILL.md instructs the agent to run CLI commands that create, export, send, and delete wallets and to use Privy (server-side) or local encrypted storage. It explicitly documents exporting private keys for local wallets and the CLI fallback to an on-disk credentials file. The instructions reference env vars and secrets (PRIVY_*, NANSEN_WALLET_PASSWORD) that were not declared. Commands the agent will run can produce private keys and perform network operations — reasonable for a wallet manager but high-risk and the scope is broader than the declared metadata.
✓ 安装机制
Install spec is a node/npm package (nansen-cli) that provides the 'nansen' binary. This is an expected and common install method for a CLI skill; moderate trust is required (npm package provenance should be verified), but there are no raw URL downloads or archive extraction in the spec.
⚠ 凭证需求
Registry metadata only lists NANSEN_API_KEY (primaryEnv), but the SKILL.md requires or references additional secrets: NANSEN_WALLET_PASSWORD, PRIVY_APP_ID, PRIVY_APP_SECRET, and possibly others. The skill also relies on OS keychain access and may fall back to an insecure ~/.nansen/.credentials file. Requesting undisclosed secrets and implicit file access is disproportionate and should have been declared.
ℹ 持久化与权限
always:false and agent invocation is normal. The skill does not request forced always-on presence. However, runtime behavior interacts with system secret stores (OS keychain) and may create ~/.nansen files (including an insecure fallback). That persistence is operationally significant for secrets handling, but not a metadata privilege misconfiguration on its own.
安全有层次,运行前请审查代码。
运行时依赖
无特殊依赖
版本
latestv0.1.12026/3/20
- Added separate usage examples for Privy (server-side) and Local (password-required) wallet creation in the "Create" section. - Clarified environment variable requirements for each wallet provider. - No changes to CLI commands or supported features; update is limited to documentation improvements in SKILL.md.
● 可疑
安装命令
点击复制官方npx clawhub@latest install nansen-wallet-manager
镜像加速npx clawhub@latest install nansen-wallet-manager --registry https://cn.longxiaskill.com