Potato Tipper
SuspiciousAudited by ClawScan on May 10, 2026.
Overview
The skill’s purpose is coherent, but its setup path uses a raw private key to broadcast profile- and token-changing transactions while relying on unpinned external code, so it needs careful review before use.
Only run this if you understand the LUKSO transactions it will sign. Use testnet first, avoid pasting a main wallet private key, prefer a low-privilege controller key, verify the contract addresses and tipping budget, pin or review the external repo/script, and make sure you know how to disconnect the delegate and revoke the token allowance afterward.
Findings (4)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Running the setup gives the script signing authority for the provided controller key and can change the user’s Universal Profile and token approvals.
The setup path requires a raw controller private key and uses it to sign and broadcast on-chain transactions. This is high-impact authority, especially because registry metadata says no primary credential or required env vars are needed.
: "${PRIVATE_KEY:?Missing PRIVATE_KEY}"
...
forge script "$SCRIPT_DIR/SetupPotatoTipper.s.sol:SetupPotatoTipper" \
--rpc-url "$RPC_URL" \
--broadcast \
--private-key "$PRIVATE_KEY"Use a narrowly scoped controller key, prefer wallet or hardware-wallet signing where possible, test with a dry run or on testnet first, and declare PRIVATE_KEY and required permissions in metadata.
If the external repo or missing setup script differs from what the user expects, the private key could sign unintended transactions.
The wrapper clones a mutable external repository at runtime and uses Foundry from that execution context while broadcasting with a private key. The invoked SetupPotatoTipper.s.sol file is also not included in the provided file manifest, leaving the executable setup path only partially reviewable.
REPO_URL="https://github.com/CJ42/potato-tipper-contracts.git" ... git clone "$REPO_URL" "$REPO_DIR" ... forge script "$SCRIPT_DIR/SetupPotatoTipper.s.sol:SetupPotatoTipper" ... --broadcast --private-key "$PRIVATE_KEY"
Pin the external repository to a reviewed commit, include the referenced Solidity setup script in the skill package, and require users to inspect or simulate the exact transaction before broadcasting.
A single command can permanently change profile configuration and authorize the PotatoTipper contract to spend the selected token budget.
The documented workflow batches Universal Profile storage changes and token operator authorization into one raw on-chain transaction. This is aligned with the skill purpose but is a high-impact action.
The script: 1. Encodes LSP1 delegate keys + PotatoTipper:Settings key 2. Builds two batchCalls payloads: - `UP.setDataBatch(...)` — connect delegates + configure settings - `UP.execute(POTATO.authorizeOperator(...))` — authorize tipping budget 3. Calls `UP.batchCalls([0, 0], [payload1, payload2])`
Review the target addresses, tip amount, minimums, and budget before broadcasting; run a simulation or testnet setup first.
The profile may keep tipping future followers until the configured budget is exhausted or the delegate/allowance is removed.
The setup creates persistent on-chain automation that continues acting after the initial setup command by sending tokens on future follow events.
When someone follows a Universal Profile that has Potato Tipper installed, the follow event triggers an LSP1 notification which automatically sends $POTATO tokens from the followed user's UP to the new follower's UP.
Make sure the ongoing tipping behavior is intended, set a conservative budget, and document how to disconnect the delegate and revoke or reduce token allowance.