alchemy
Provides blockchain API access for querying data across multiple networks, enabling efficient on-chain data retrieval and management.
Install this skill
Security score
The alchemy skill was audited on May 25, 2026 and we found 40 security issues across 2 threat categories. Review the findings below before installing.
Categories Tested
Security Issues
Curl to non-GitHub URL
| 135 | curl -s https://eth-mainnet.g.alchemy.com/v2/$ALCHEMY_API_KEY \ |
Curl to non-GitHub URL
| 142 | curl -s https://eth-mainnet.g.alchemy.com/v2/$ALCHEMY_API_KEY \ |
Curl to non-GitHub URL
| 149 | curl -s https://eth-mainnet.g.alchemy.com/v2/$ALCHEMY_API_KEY \ |
Curl to non-GitHub URL
| 156 | curl -s "https://eth-mainnet.g.alchemy.com/nft/v3/$ALCHEMY_API_KEY/getNFTsForOwner?owner=0x00000000219ab540356cbb839cbe05303d7705fa" |
Curl to non-GitHub URL
| 161 | curl -s "https://api.g.alchemy.com/prices/v1/$ALCHEMY_API_KEY/tokens/by-symbol?symbols=ETH&symbols=USDC" |
Curl to non-GitHub URL
| 166 | curl -s -X POST "https://api.g.alchemy.com/prices/v1/$ALCHEMY_API_KEY/tokens/historical" \ |
Curl to non-GitHub URL
| 173 | curl -s -X POST "https://dashboard.alchemy.com/api/create-webhook" \ |
Webhook reference - potential data exfiltration
| 3 | description: Blockchain API access via Alchemy. Use when an agent needs to query blockchain data (balances, token prices, NFT ownership, transfer history, transaction simulation, gas estimates) across |
Webhook reference - potential data exfiltration
| 128 | | Create webhook | `POST /create-webhook` | `references/webhooks-details.md` | |
Webhook reference - potential data exfiltration
| 171 | ### Create Notify Webhook |
Webhook reference - potential data exfiltration
| 173 | curl -s -X POST "https://dashboard.alchemy.com/api/create-webhook" \ |
Webhook reference - potential data exfiltration
| 176 | -d '{"network":"ETH_MAINNET","webhook_type":"ADDRESS_ACTIVITY","webhook_url":"https://example.com/webhook","addresses":["0x00000000219ab540356cbb839cbe05303d7705fa"]}' |
Webhook reference - potential data exfiltration
| 179 | ### Verify Webhook Signature (Node) |
Webhook reference - potential data exfiltration
| 232 | - **Webhooks**: Address Activity, Custom (GraphQL), NFT Activity, Payloads, Signatures |
External URL reference
| 17 | - **API key**: Set `$ALCHEMY_API_KEY` and make requests directly. Full access to all products. Create a free key at [dashboard.alchemy.com](https://dashboard.alchemy.com/). |
External URL reference
| 43 | | Ethereum RPC (HTTPS) | `https://eth-mainnet.g.alchemy.com/v2/$ALCHEMY_API_KEY` | API key in URL | Standard EVM reads and writes. | |
External URL reference
| 45 | | Base RPC (HTTPS) | `https://base-mainnet.g.alchemy.com/v2/$ALCHEMY_API_KEY` | API key in URL | EVM L2. | |
External URL reference
| 47 | | Arbitrum RPC (HTTPS) | `https://arb-mainnet.g.alchemy.com/v2/$ALCHEMY_API_KEY` | API key in URL | EVM L2. | |
External URL reference
| 49 | | BNB RPC (HTTPS) | `https://bnb-mainnet.g.alchemy.com/v2/$ALCHEMY_API_KEY` | API key in URL | EVM L1. | |
External URL reference
| 51 | | Solana RPC (HTTPS) | `https://solana-mainnet.g.alchemy.com/v2/$ALCHEMY_API_KEY` | API key in URL | Solana JSON-RPC. | |
External URL reference
| 52 | | Solana Yellowstone gRPC | `https://solana-mainnet.g.alchemy.com` | `X-Token: $ALCHEMY_API_KEY` | gRPC streaming (Yellowstone). | |
External URL reference
| 53 | | NFT API | `https://<network>.g.alchemy.com/nft/v3/$ALCHEMY_API_KEY` | API key in URL | NFT ownership and metadata. | |
External URL reference
| 54 | | Prices API | `https://api.g.alchemy.com/prices/v1/$ALCHEMY_API_KEY` | API key in URL | Prices by symbol or address. | |
External URL reference
| 55 | | Portfolio API | `https://api.g.alchemy.com/data/v1/$ALCHEMY_API_KEY` | API key in URL | Multi-chain wallet views. | |
External URL reference
| 56 | | Notify API | `https://dashboard.alchemy.com/api` | `X-Alchemy-Token: <ALCHEMY_NOTIFY_AUTH_TOKEN>` | Generate token in dashboard. | |
External URL reference
| 64 | - **Gateway URL**: `https://x402.alchemy.com` |
External URL reference
| 84 | - **Gateway URL**: `https://mpp.alchemy.com` |
External URL reference
| 104 | | Gateway URL | `*.g.alchemy.com/v2/$KEY` | `https://x402.alchemy.com` | `https://mpp.alchemy.com` | |
External URL reference
| 135 | curl -s https://eth-mainnet.g.alchemy.com/v2/$ALCHEMY_API_KEY \ |
External URL reference
| 142 | curl -s https://eth-mainnet.g.alchemy.com/v2/$ALCHEMY_API_KEY \ |
External URL reference
| 149 | curl -s https://eth-mainnet.g.alchemy.com/v2/$ALCHEMY_API_KEY \ |
External URL reference
| 156 | curl -s "https://eth-mainnet.g.alchemy.com/nft/v3/$ALCHEMY_API_KEY/getNFTsForOwner?owner=0x00000000219ab540356cbb839cbe05303d7705fa" |
External URL reference
| 161 | curl -s "https://api.g.alchemy.com/prices/v1/$ALCHEMY_API_KEY/tokens/by-symbol?symbols=ETH&symbols=USDC" |
External URL reference
| 166 | curl -s -X POST "https://api.g.alchemy.com/prices/v1/$ALCHEMY_API_KEY/tokens/historical" \ |
External URL reference
| 173 | curl -s -X POST "https://dashboard.alchemy.com/api/create-webhook" \ |
External URL reference
| 176 | -d '{"network":"ETH_MAINNET","webhook_type":"ADDRESS_ACTIVITY","webhook_url":"https://example.com/webhook","addresses":["0x00000000219ab540356cbb839cbe05303d7705fa"]}' |
External URL reference
| 245 | - Confirm the key is valid at [dashboard.alchemy.com](https://dashboard.alchemy.com/) |
External URL reference
| 268 | - [Developer docs](https://www.alchemy.com/docs) |
External URL reference
| 269 | - [Get Started guide](https://www.alchemy.com/docs/get-started) |
External URL reference
| 270 | - [Create a free API key](https://dashboard.alchemy.com) |