ClawHub

Launch a Token

v0.1.0

Launch tokens on Solana using Metaplex Genesis protocol

1· 1.5k·0 current·0 all-time
by@blockiosaurus
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Suspicious
high confidence
Purpose & Capability
The name/description and the SKILL.md consistently describe launching tokens via Metaplex Genesis (creating launches, buckets, finalizing, Raydium pool). The declared required config path (plugins.entries.genesis.enabled) is plausible for a plugin toggle, but otherwise the claimed purpose aligns with the instructions.
!
Instruction Scope
The runtime instructions explicitly require access to a Solana keypair (via plugin config keypairPath, SOLANA_KEYPAIR_PATH environment variable, or default ~/.config/solana/id.json). They instruct the agent to sign transactions, upload metadata to Arweave (Irys), and pay fees from that wallet. Those are powerful actions (spending SOL, writing data externally) and the SKILL.md gives the agent direct authority to use the keypair path — but the skill metadata did not declare any required environment variables or explicitly describe how credential access will be requested/approved at runtime.
Install Mechanism
No install spec and no code files — low disk footprint and nothing is downloaded or written by an installer. The security surface is entirely the instruction set (SKILL.md).
!
Credentials
Although the skill uses a private key to sign transactions, requires.env lists none and primary credential is none. The SKILL.md references SOLANA_KEYPAIR_PATH and a default keypair file ( ~/.config/solana/id.json ) — both are sensitive and should have been declared. The skill therefore requests/assumes access to secrets (private key file) without declaring or justifying that in the registry metadata.
Persistence & Privilege
always is false and there is no indication the skill modifies other skills or system-wide settings. It does assume plugin configuration (plugins.entries.genesis.enabled) but does not request permanent elevated privileges.
What to consider before installing
This skill's instructions will cause the agent to use a Solana wallet keypair to sign transactions, pay for Arweave uploads, and create liquidity pools — actions that spend your SOL and depend on a private key file. The registry metadata does not declare any required credentials, yet the SKILL.md references SOLANA_KEYPAIR_PATH and the default keypair path (~/.config/solana/id.json). Before installing or invoking this skill: (1) do not provide your primary or high-value wallet — use a dedicated, funded test wallet with minimal SOL; (2) confirm how the agent will be prompted to access the keyfile (should require explicit user consent at each use); (3) remove or avoid setting SOLANA_KEYPAIR_PATH with any sensitive key while experimenting; (4) prefer a skill that explicitly declares required env vars/credentials and documents how it handles keys; (5) because the source/homepage is unknown, exercise extra caution — verify the author or request the skill's code/instructions be made auditable before trusting it with any real funds.

Like a lobster shell, security has layers — review code before you run it.

latestvk971aek1n180sqy5c3y17m4ygd80dxm2

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Runtime requirements

🚀 Clawdis
Configplugins.entries.genesis.enabled

Comments