Launch a Token
PassAudited by VirusTotal on May 12, 2026.
Overview
Type: OpenClaw Skill Name: mplx-genesis Version: 0.1.0 The skill bundle is classified as benign. The `SKILL.md` file transparently describes a high-risk operation: launching tokens on Solana, which inherently requires access to a Solana keypair and involves spending SOL for transaction fees and liquidity pool creation. The instructions clearly outline the necessary configurations, including `keypairPath` and `SOLANA_KEYPAIR_PATH`, which are essential for the skill's stated purpose. There is no evidence of prompt injection attempting to subvert the agent, exfiltrate data, establish persistence, or perform actions beyond the legitimate scope of token launching.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
If the agent proceeds after gathering launch details, mistakes in supply, allocation, timing, or destination wallet could become costly and hard to undo.
The skill directs use of transaction-capable Genesis tools through finalization, but does not define explicit confirmation, transaction preview, network checks, or spending limits before irreversible on-chain changes.
Step 1: genesis_create_launch ... Step 5: genesis_finalize_launch ... Finalize ... locks configuration, launch goes live
Require explicit user approval before each transaction, especially finalization, and show wallet, network, fees, token supply, allocations, timing, and irreversibility before proceeding.
The skill may operate with the user's default Solana wallet, which could expose real funds to transaction fees, uploads, and launch-related costs.
A Solana keypair is a private wallet credential with authority to sign transactions and spend SOL; the skill does not bound which wallet or network should be used.
The plugin needs a Solana keypair... Environment variable: `SOLANA_KEYPAIR_PATH`... Default: `~/.config/solana/id.json`.
Use a dedicated low-balance launch wallet, avoid default hot wallets, declare the credential requirement clearly, and require wallet/network confirmation before signing.
Users must trust the external Genesis plugin, not just this SKILL.md, for key handling and blockchain transaction behavior.
The instruction-only skill depends on a separately enabled Genesis plugin for the actual transaction tools, so the tool implementation and provenance are outside the provided artifacts.
requires: config: - `plugins.entries.genesis.enabled`
Verify the Genesis plugin source, permissions, and transaction-confirmation behavior before enabling this skill with a funded wallet.
Incorrect metadata, timings, allocations, or images could become public and difficult or impossible to fully reverse.
Launch decisions propagate to external public systems, including Raydium and Arweave; this is expected for the purpose but makes errors persistent.
After deposit period, SOL flows to Raydium and a liquidity pool is created ... Metadata (image + JSON) is uploaded to Arweave via Irys
Carefully review public metadata and all launch parameters before finalizing, and test on a non-production network where possible.