Skills
skills/holon-run/uxc/etherscan-mcp-skill/Gen Agent Trust Hub

etherscan-mcp-skill

Pass

Audited by Gen Agent Trust Hub on Mar 8, 2026

Risk Level: SAFE
Full Analysis
  • [SAFE]: No malicious behavior, obfuscation, or unauthorized data access patterns were identified in the analyzed files.
  • [EXTERNAL_DOWNLOADS]: The skill connects to https://mcp.etherscan.io/mcp, which is an official service domain for Etherscan.
  • [COMMAND_EXECUTION]: Uses the uxc tool for command orchestration and credential binding. This includes creating a functional link for etherscan-mcp-cli to interact with the Etherscan endpoint.
  • [PROMPT_INJECTION]: The skill processes untrusted on-chain data which presents a potential indirect injection surface.
  • Ingestion points: Data retrieved via tools like txList, getContractSourceCode, and getAddressMetadata (documented in SKILL.md).
  • Boundary markers: The skill recommends parsing the JSON envelope and avoiding --text mode, though explicit prompt delimiters for the agent are not defined.
  • Capability inventory: Utilizes uxc for network operations and auth management.
  • Sanitization: Relies on JSON structural parsing; no explicit content filtering of blockchain data is implemented.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 8, 2026, 09:43 AM