ClawHub

Pump.fun Token Launcher

Security checks across malware telemetry and agentic risk

Overview

This skill appears to do what it claims, but it can use a Solana wallet to submit irreversible mainnet token-launch transactions without an enforced in-code confirmation step.

Install only if you intentionally want an agent to help launch pump.fun tokens. Use a fresh low-balance wallet, avoid putting a main wallet private key in .env, run --dry-run first, verify every token field and buy amount yourself, and only run the live command after explicit confirmation.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Findings (8)

Lp3

Medium
Category
MCP Least Privilege
Confidence
92% confidence
Finding
The skill requires access to environment variables and network connectivity, including a wallet private key and RPC endpoint, but does not declare those permissions. This creates a transparency and least-privilege problem: an agent or reviewer may invoke the skill without realizing it can access sensitive secrets and perform live on-chain actions over the network. In this context, the risk is heightened because the skill can spend real funds and upload metadata externally.

Vague Triggers

Medium
Confidence
95% confidence
Finding
The README states that the agent will 'automatically detect the skill and can launch tokens on command' without defining tight invocation boundaries, confirmation requirements, or scoped triggers. In an agent environment that can act on natural-language requests, this broad activation model increases the chance of unsafe or unintended on-chain actions involving real funds.

Unpinned Dependencies

Low
Category
Supply Chain
Content
"launch": "bun run launch.ts"
  },
  "dependencies": {
    "@coral-xyz/anchor": "^0.30.1",
    "@solana/spl-token": "^0.4.9",
    "@solana/web3.js": "^1.95.8",
    "bs58": "^5.0.0",
Confidence
91% confidence
Finding
"@coral-xyz/anchor": "^0.30.1"

Unpinned Dependencies

Low
Category
Supply Chain
Content
},
  "dependencies": {
    "@coral-xyz/anchor": "^0.30.1",
    "@solana/spl-token": "^0.4.9",
    "@solana/web3.js": "^1.95.8",
    "bs58": "^5.0.0",
    "dotenv": "^16.4.7",
Confidence
91% confidence
Finding
"@solana/spl-token": "^0.4.9"

Unpinned Dependencies

Low
Category
Supply Chain
Content
"dependencies": {
    "@coral-xyz/anchor": "^0.30.1",
    "@solana/spl-token": "^0.4.9",
    "@solana/web3.js": "^1.95.8",
    "bs58": "^5.0.0",
    "dotenv": "^16.4.7",
    "pumpdotfun-sdk": "^1.4.2"
Confidence
93% confidence
Finding
"@solana/web3.js": "^1.95.8"

Unpinned Dependencies

Low
Category
Supply Chain
Content
"@coral-xyz/anchor": "^0.30.1",
    "@solana/spl-token": "^0.4.9",
    "@solana/web3.js": "^1.95.8",
    "bs58": "^5.0.0",
    "dotenv": "^16.4.7",
    "pumpdotfun-sdk": "^1.4.2"
  }
Confidence
85% confidence
Finding
"bs58": "^5.0.0"

Unpinned Dependencies

Low
Category
Supply Chain
Content
"@solana/spl-token": "^0.4.9",
    "@solana/web3.js": "^1.95.8",
    "bs58": "^5.0.0",
    "dotenv": "^16.4.7",
    "pumpdotfun-sdk": "^1.4.2"
  }
}
Confidence
83% confidence
Finding
"dotenv": "^16.4.7"

Unpinned Dependencies

Low
Category
Supply Chain
Content
"@solana/web3.js": "^1.95.8",
    "bs58": "^5.0.0",
    "dotenv": "^16.4.7",
    "pumpdotfun-sdk": "^1.4.2"
  }
}
Confidence
95% confidence
Finding
"pumpdotfun-sdk": "^1.4.2"

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal