Back to plugin
Pluginv0.1.5
ClawScan security
Mmanthe37 Mcp Server Publish · ClawHub's context-aware review of the artifact, metadata, and declared behavior.
Scanner verdict
BenignApr 13, 2026, 9:19 AM
- Verdict
- benign
- Confidence
- high
- Model
- gpt-5-mini
- Summary
- The skill's code, runtime instructions, and requested resources are consistent with a read-only MCP analytics server; nothing in the bundle requests unrelated credentials or hidden installs, though deploying it will provision Azure resources and the runtime exposes some host metadata and external API calls.
- Guidance
- This skill appears to be what it claims: a read-only MCP server for web3 analytics. Before installing or deploying, consider the following: - Deploying with azd will provision Azure resources (resource group, container registry, container apps environment, Log Analytics). You will need an Azure subscription and the permissions to create those resources. - Runtime logs are sent to an Azure Log Analytics workspace (the template retrieves workspace keys). If you deploy to a shared subscription, be aware logs/metrics will be stored in Azure and may contain request data. - The system_info tool returns host metadata (hostname, platform, memory, node version). If you are exposing this service publicly and want to minimize fingerprinting/leakage, remove or restrict this tool. - The web3 tools make outbound requests to public APIs (CoinGecko, DefiLlama, CoinCap) and public RPC endpoints for multiple chains. Running the server will cause outbound network calls to those services; review them if you need to restrict egress or have privacy requirements. - There are no requested environment variables or credentials in the skill itself, which reduces the risk of accidental credential exfiltration. Nevertheless, review any custom tool additions (src/tools.ts) before deploying. Recommended steps: run locally (npm run dev) to test; inspect/modify src/tools.ts to remove any tools you don't want (e.g., system_info); and deploy in a controlled subscription or resource group to verify logs and access control.
Review Dimensions
- Purpose & Capability
- okThe name/description (read-only web3/DeFi/NFT analytics) matches the code and SKILL.md: tools implement read-only queries (CoinGecko, DefiLlama, public RPCs via viem) and MCP endpoints (/health, /mcp). Required files and dependencies (express, viem, @modelcontextprotocol/sdk, zod) are appropriate for the stated purpose.
- Instruction Scope
- noteSKILL.md instructs local dev and Azure deployment (azd/az CLI). The runtime tools are scoped to read-only data, but the system_info tool exposes host details (hostname, platform, memory, uptime, node version) which could be used for fingerprinting. The infra templates provision a Log Analytics workspace (logs retained) and container registry — deploying will send runtime logs to Azure Log Analytics by design.
- Install Mechanism
- okThere is no install spec for the skill platform (instruction-only). Source code and a Dockerfile are included; building the container will run standard npm installs and tsc in a typical two-stage Node image. No external download-from-arbitrary-URL or obfuscated installers were found.
- Credentials
- okThe skill declares no required environment variables or credentials and the code does not read secrets from environment variables. Deploying the infra requires Azure credentials (azd auth login) to provision resources — that is expected and proportional to the described Azure Container Apps deployment.
- Persistence & Privilege
- okThe skill does not request always:true or other elevated persistent privileges. It exposes HTTP routes (/health, /mcp) and runs as a containerized service; that is consistent with a server component and does not indicate inappropriate platform-level persistence.