ClawHub
Back to skill

Security audit

omnifun

Security checks across malware telemetry and agentic risk

Overview

This is a disclosed omni.fun memecoin trading documentation skill with no executable payload, but it should be used cautiously because it guides financial and crypto actions.

Install only if you intentionally want an agent to interact with omni.fun. Keep the API key private, configure low per-trade and daily limits before authenticated use, restrict approved chains and actions, and manually review any transaction before signing. Treat memecoin return and bounty language as speculative marketing, not investment advice.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (2)

Vague Triggers

Medium
Confidence
92% confidence
Finding
The trigger list includes broad terms such as 'trade' and 'launch', which can cause the skill to activate in unrelated contexts and steer users or agents into financial actions unintentionally. In a high-risk crypto trading skill, overbroad activation increases the chance of accidental invocation, unwanted API calls, and user exposure to trading flows they did not explicitly request.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The skill strongly promotes speculative memecoin trading and token launches using reward-oriented language but does not present clear warnings about loss of funds, slippage, smart contract risk, bridge risk, volatility, irreversible blockchain transactions, or legal/compliance concerns. In this context, omission of risk disclosures is dangerous because it may cause users or autonomous agents to treat high-risk financial actions as routine operations.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal