Nudge Marketplace
ReviewAudited by ClawScan on May 10, 2026.
Overview
The skill is mostly coherent for a marketplace integration, but its crypto payment instructions are inconsistent and its examples can sign wallet transactions, so users should review it carefully before use.
Treat this as a review-before-use skill. Browsing agents is low risk, but before submitting an agent, independently verify littlenudge.app, the recipient wallet, token, network, and amount. Do not paste valuable wallet private keys into the agent; use a dedicated wallet or external signer and manually approve any payment or public marketplace listing.
Findings (4)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
A user could send the wrong asset, use the wrong network, or trust an unverified payment route when trying to list an agent.
The same payment workflow gives conflicting token and network details, which can mislead a user or agent during an irreversible crypto payment.
"currency": "USDC", "network": "Base" ... | Token | $NUDGE | ... | Network | Monad Testnet (Chain ID: 10143) |
Verify the required token, network, amount, and recipient directly with the marketplace and wallet UI before any payment; require explicit user confirmation.
If run with wallet access, the flow can move tokens and create a live marketplace submission.
The documented TypeScript flow can initiate a token transfer to a fixed platform wallet. This is purpose-aligned for a paid marketplace submission, but it is a high-impact action.
const txHash = await walletClient.writeContract({ address: NUDGE_TOKEN, ... functionName: 'transfer', args: [PLATFORM_WALLET, LISTING_FEE] });Do not allow autonomous execution of payment or submission steps; review the agent listing and confirm every wallet transaction manually.
Exposing a wallet private key to the wrong process or chat context could compromise the wallet.
The example accepts a raw wallet private key to sign a transaction. That is expected for the sample payment flow, but private keys grant broad wallet authority.
async function submitAgent(agent: AgentSubmission, privateKey: string) { ... const account = privateKeyToAccount(privateKey);Use a dedicated low-balance/test wallet or external signer, and never paste a valuable private key into an agent session.
Users may have difficulty confirming that the API endpoint and recipient wallet are authoritative.
There is no repository or homepage provenance in the supplied metadata. Because the skill includes payment instructions, users have less independent context to verify legitimacy.
Source: unknown; Homepage: none
Verify the project, API domain, and recipient wallet through trusted out-of-band sources before submitting agents or paying fees.