nadfunagent
SuspiciousAudited by ClawScan on May 10, 2026.
Overview
This is a disclosed trading bot, but it asks for a raw wallet private key, can run persistent automatic mainnet trades, stores secrets in agent memory, and uses unsafe shell-command handling.
Only use this with a new, low-balance dedicated wallet. Do not store the private key in OpenClaw memory, disable cron until you have tested manually, review the trading scripts and dependencies, and add hard spending/loss limits plus per-trade confirmations before allowing real mainnet transactions.
Findings (6)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
The agent could spend, sell, or distribute real wallet funds if configured with a funded private key.
A raw private key gives the skill practical spending authority over the configured wallet. This high-impact credential is not reflected in the registry requirements, which list no primary credential or required env vars.
`MONAD_PRIVATE_KEY`: Private key for trading wallet (required)
Use only a dedicated low-balance wallet, require explicit caps and confirmations, and ensure the registry metadata accurately declares private-key requirements.
A leaked or reused memory entry containing the private key could compromise the wallet.
The skill instructs the agent to persist the wallet private key in OpenClaw memory/session storage, but the artifacts do not bound retention, access, or reuse of that secret.
MONAD_PRIVATE_KEY ... Save all this data in OpenClaw memory for future use.
Do not store private keys in agent memory. Use a secret manager or local .env file with strict permissions, and load the key only at execution time.
A malformed token address or compromised upstream data source could cause unintended shell execution, and the private key may be exposed through process or error contexts.
The script builds a shell command using a private key and token address values derived from configuration/API data, without visible escaping or address validation.
NAD_PRIVATE_KEY=${privateKey} node buy-token.js ${target.address} 0.15 --slippage=300Replace shell string execution with spawn/execFile argument arrays, validate all token addresses as strict hex addresses, and pass secrets only through a protected environment object.
If enabled, the agent may continue making financial decisions and transactions while unattended.
The documented setup creates a recurring autonomous job that can trade and distribute funds every 10 minutes, without clear per-trade approval, total loss limits, or a documented kill switch.
openclaw cron add ... --cron "*/10 * * * *" ... "Run autonomous trading cycle ... distribute profits to MMIND holders"
Run in dry-run/manual mode first, add strict spending and loss limits, require confirmations for buys/sells/distributions, and document how to stop the cron job.
Your wallet activity, positions, and P&L may be shared through Telegram if configured.
The skill discloses sending trading and portfolio details to Telegram, an external messaging provider.
Send detailed reports to Telegram after each trading cycle ... Include position status, P&L, new opportunities found, trades executed
Use a dedicated bot/chat, verify the recipient ID, and avoid enabling Telegram reports if you do not want trading details sent off-platform.
Additional installed skills or packages may affect trading behavior and wallet safety.
The skill depends on separately installed skills and npm packages, which is purpose-aligned but means important runtime behavior may live outside the reviewed artifact set.
`clawhub install nadfun-trading` ... `clawhub install nadfun-indexer` ... `clawhub install nadfun-agent-api` ... `npm install`
Review and pin dependencies before using a funded wallet, and install only from sources you trust.