Base Alpha Scanner
PassAudited by ClawScan on May 1, 2026.
Overview
This appears to be a purpose-aligned crypto market scanning skill, but it uses external web/API sources, optional credentials or browser session state, and recurring alert-style workflows that users should scope carefully.
Install only if you want an agent to query public crypto market-data services and generate Base-chain token alerts. Keep scans on a defined schedule, verify any trading signal independently, and avoid providing API keys or logged-in browser sessions unless needed for the specific lookup.
Findings (4)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Market pages and social content from third-party sites may shape alerts, so users should treat them as data sources rather than authoritative instructions.
The skill explicitly asks the agent to use browser, search, and fetch tools against third-party market sites. This is expected for the stated market-scanning purpose, but it means external web content can influence the analysis.
Use `browser` tool to navigate `https://gmgn.ai/base/token/<addr>` ... Use `web_search` for recent Bankr mentions + `web_fetch` on Warpcast casts
Keep web/API use limited to the disclosed market-data sources and verify important alerts before acting on them.
If a user provides an API key or uses a logged-in browser session, those credentials or session state may be used to access the relevant third-party service.
The artifacts mention an optional Basescan API key and browser/session-cookie-based access for GMGN. These are purpose-aligned for holder and market lookups, with no evidence of credential leakage or unrelated use.
Paid key: `BASESCAN_API_KEY` env var for higher limits. GMGN often requires browser-like session cookies. Prefer using the browser tool
Use only the minimum needed API access, avoid exposing keys in chat or logs, and do not use logged-in browser sessions unless you intend the agent to access that site as you.
Users have less external context for verifying who maintains the skill or where updates originate.
The registry metadata does not provide an external source or homepage. The visible bundled scripts are coherent and the static scan is clean, but provenance is limited.
Source: unknown Homepage: none
Review the bundled scripts before relying on the skill and install updates only from a trusted workspace or publisher.
If enabled as an autonomous routine, the agent could repeatedly query market services and produce alerts without a fresh prompt each time.
The workflow contemplates recurring or background-style market monitoring. This fits the stated alerting purpose, and no persistence or daemon code is shown, but the user should define operational limits.
Standard market scan (run on demand or every 1–2h) ... Early launch scan (continuous background)
Set a clear schedule, stop condition, and notification target before allowing recurring scans.