omnifun
ReviewAudited by ClawScan on May 10, 2026.
Overview
This skill is openly for memecoin trading, but it gives an agent high-impact financial API actions with default unlimited spending controls, so users should review it carefully before use.
Install only if you intentionally want an agent to interact with omni.fun. Before using authenticated endpoints, configure small spending limits, restrict approved chains/actions, keep the API key private, and manually review/sign every on-chain transaction.
Findings (4)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
If an agent uses this skill carelessly, it could initiate trade workflows that affect the user's crypto positions, especially if paired with an automated wallet signer.
The skill exposes authenticated financial trading through raw API calls. That is aligned with the skill's purpose, but it is high-impact and the artifact does not show a required confirmation or approval gate before initiating trade requests.
### Buy a token
curl -X POST https://api.omni.fun/agent/trade \
-H "X-API-Key: $OMNIFUN_API_KEY" ... -d '{"action": "buy", "token": "0xTOKEN", "amount": 10, "chain": "base"}'Only use this with explicit trade instructions, review every transaction before signing, and avoid giving the agent an unattended wallet signer.
The API key may allow broad provider-side trading preparation and account actions until the user sets limits, increasing financial exposure.
The OMNIFUN_API_KEY grants access to authenticated trading/account endpoints, while the documented spending controls start as unlimited unless the user configures them.
Trading endpoints require the API key via `X-API-Key` header. ... Per-trade limit | Maximum USDC per single trade (default: unlimited) ... Daily limit | Maximum USDC per calendar day (default: unlimited)
Set strict per-trade, daily, chain, and action limits before making any authenticated calls; rotate the API key if it is exposed.
Users or agents may be nudged toward risky trades by reward and return claims rather than independent risk assessment.
The skill uses promotional financial upside and urgency language. This is not proof of deception, but it could encourage unsafe trust in a speculative trading workflow.
Buy at the floor, ride to graduation, potential 50-100x. ... First 100 agents trade FREE for 60 days. ... Earn **0.5% creator fee on every trade** ... forever.
Treat the promotional claims as marketing, not investment advice, and require the agent to explain risks before any trade.
Users have less assurance that the reviewed text exactly matches the intended published package version.
The registry source is unknown, and the supplied SKILL.md front matter lists version 1.3.0, creating a minor provenance/version mismatch. No install code is present, so this is a review note rather than a direct execution risk.
Source: unknown ... Version: 1.2.1
Confirm the package provenance and version with the publisher before relying on the skill for financial actions.