Boiling Point
WarnAudited by ClawScan on May 10, 2026.
Overview
This is a coherent token-launching and trading skill, but it can use a funded wallet API key to execute irreversible on-chain transactions without clearly requiring user confirmation and limits for every transaction.
Install only if you intentionally want an agent to help manage a Token Layer wallet. Use a dedicated wallet with limited funds, verify every quote and transaction before it is sent, and confirm that autonomous invocation is disabled or guarded by explicit approval.
Findings (3)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
An agent using this skill could spend wallet funds, buy or sell tokens, or create tokens if the transaction flow is followed without a final user review.
The skill tells the agent how to execute on-chain token trades and transactions. These are irreversible financial actions, while the provided approval language is explicit for token creation but not clearly required before every trade or send.
`/trade-token` | POST | Buy/sell (returns tx[]) ... `/send-transaction` | POST | Execute tx on-chain ... `For each tx in array: POST /send-transaction`
Require explicit user approval before every create, trade, send, and claim action; show chain, token, amount, destination, estimated gas/fees, and risk; and enforce user-set spending limits.
Anyone or any agent process with this key may be able to view wallet information and request financial actions through the Token Layer API.
The skill uses a bearer API key for a funded trading wallet. This is expected for the service, but it is sensitive because the key is tied to balances and transaction authority.
**Auth**: `Authorization: Bearer $TOKENLAYER_API_KEY` ... **Fund wallet**: Send ETH (gas) + USDC (trading) to your agent wallet address from `/me`
Use a dedicated low-balance wallet/API key, rotate it if exposed, and avoid funding it with more assets than you are willing to put under agent control.
A user or reviewer may believe the skill is restricted from autonomous invocation when the registered configuration indicates it is not.
The registered runtime flag allows autonomous model invocation for a high-impact trading skill, while the SKILL.md frontmatter claims `disableModelInvocation`: true. This mismatch makes the actual invocation boundary unclear.
disable-model-invocation: false (default — agent can invoke autonomously, this is normal)
Make the registry and SKILL.md invocation settings consistent; for financial transaction skills, prefer disabling autonomous invocation or requiring a hard user confirmation gate before any transaction.