Agent Gary AI Powered Memecoin trader.
SuspiciousAudited by ClawScan on May 10, 2026.
Overview
This skill is openly designed to let an AI-run, remotely downloaded trading program control a Solana wallet, so it needs careful review before use.
Install only if you are comfortable letting an AI-controlled, remotely fetched CLI trade with a Solana wallet. Use a brand-new burner wallet with a very small balance, inspect and pin the CLI before running it, protect or delete profile.json, and expect that autonomous memecoin trading can lose all funded SOL.
Findings (3)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
The agent could make rapid trades that spend wallet funds and may bypass safeguards, causing financial loss.
The skill explicitly asks for full AI trading control and acknowledges bypassing some guardrails. That is high-impact financial automation without clear per-trade user approval.
the trading engine treats AI decisions as authoritative (it can bypass some “enforce” gates that would otherwise hard-block actions)
Use only a burner wallet with a tiny balance, require explicit start confirmation and hard budget/max-loss caps, and avoid enabling fullAiControl unless you fully accept autonomous trading risk.
If the remote script changes or is compromised, it could read wallet/API secrets and perform unwanted trades under the user's wallet authority.
The skill downloads and executes a remote script at runtime. The reviewed bundle does not include that code, pin a version, or provide an integrity check, while the script is given access to the local profile.
curl -fsSL https://fdv.lol/cli.mjs | node - run-profile --profile-url ./profile.json --log-to-console
Avoid curl-to-node execution for wallet software. Pin a reviewed commit or release, verify checksums, vendor the reviewed CLI, and run it in an isolated environment.
Anyone or anything that can read or misuse the profile can trade with the wallet and potentially spend its funds; API keys may also incur provider usage or quota impact.
The skill requires raw wallet signing material and provider API keys. This is purpose-aligned for trading, but it gives the runtime direct authority over the funded wallet and external accounts.
wallet.secret (or autoWalletSecret) **required** ... jupiter.apiKey ... **required** ... agentGaryFullAi.apiKey
Never use a main wallet. Use a newly created burner wallet, fund only what you can lose, rotate/revoke API keys after testing, and keep the profile file private.