Skillv1.2.0

ClawScan security

Pokécenter - Free Token Launcher · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

SuspiciousFeb 14, 2026, 5:19 PM

Verdict: suspicious
Confidence: medium
Model: gpt-5-mini
Summary: The skill's instructions are broadly consistent with a token-launcher that talks to an external BagsWorld API, but important risks and unanswered questions remain (unknown service, unsigned transactions from a remote API, onboarding that requires public verification), so proceed with caution.
Guidance: This skill is coherent with its stated purpose but relies on an external, unknown service (bagsworld.app) to create unsigned Solana transactions that you must sign locally. Before using it: - Do not paste or upload your private key. Use a hardware wallet or wallet software to sign transactions locally. - Inspect every unsigned transaction returned by the API (especially the feePayer, accounts authorized, and instructions) before signing. Unsigned txs can embed instructions that transfer tokens or change authorities. - Verify who runs BagsWorld (website, GitHub, audits, reputation). An unknown operator increases the risk that unsigned transactions are malicious. - Be cautious about the onboarding step that requires public Moltbook posts — this can deanonymize you. - Confirm the claimed "no SOL needed"/gas coverage and whether fee-payer behavior could expose you to costs or unintended side effects. - Prefer testing with a throwaway wallet with no funds before using a main wallet. What would change this assessment to benign: published source code, a verifiable operator/organization, an auditable description of the unsigned transaction formats (showing feePayer and instruction structure), or independent security/audit reports. If you cannot validate those, treat the integration as higher risk.

Review Dimensions

Purpose & Capability: noteThe name/description (free Solana token launcher, non-custodial, image generation, A2A messaging) aligns with the SKILL.md instructions — the skill only instructs calls to https://bagsworld.app/api/agent-economy/external to launch tokens, generate images, check/claim earnings, and manage agent tasks. No unexpected OS binaries, env vars, or installs are requested, which is proportionate to an instruction-only API integration.
Instruction Scope: concernAll runtime actions are HTTP calls to the external BagsWorld API and guidance to sign unsigned Solana transactions locally. This is expected for a token service, but it also means the remote API can produce arbitrary unsigned transactions: if a user blindly signs them, they could grant authorities or transfer assets. The onboarding flow requires posting verification content to Moltbook (a public action) which may deanonymize users. The instructions do not ask for private keys (they explicitly say sign locally), which is good, but they place heavy trust in an unknown third party.
Install Mechanism: okNo install spec and no code files — the skill is instruction-only. That minimizes local persistence and disk writes. The agent will only make network calls per the SKILL.md.
Credentials: noteThe skill requests no environment variables or credentials, which is coherent because it uses an external API and user-provided wallet addresses. However, claiming/claim-flow requires the user to sign transactions locally — the skill relies on the user to manage private keys correctly. No hidden env access was found in the instructions, but the absence of declared credentials does not eliminate the risk that the external API will return malicious unsigned transactions.
Persistence & Privilege: okalways:false and no install means the skill does not request permanent system presence. Model/autonomous invocation is allowed (platform default) but not combined with other high privileges in this skill.