Back to skill
Skillv1.0.0
ClawScan security
nadfunagent · ClawHub's context-aware review of the artifact, metadata, and declared behavior.
Scanner verdict
SuspiciousFeb 14, 2026, 11:52 AM
- Verdict
- suspicious
- Confidence
- medium
- Model
- gpt-5-mini
- Summary
- The skill largely behaves like a trading bot and needs private-key access and network APIs, but there are multiple mismatches and risky instructions (notably storing a private key in agent memory, inconsistent env declarations, and sloppy/inconsistent script variables) that make the bundle incoherent and potentially dangerous without further review.
- Guidance
- This package contains a full autonomous trading bot and expects to hold your wallet private key and RPC settings. Before installing: - Don't copy your primary/mainnet private key into the skill or into OpenClaw memory. If you must run this, use a dedicated hot wallet with minimal funds and monitor it closely. Prefer ephemeral env vars or hardware-signer integration if available. - SKILL.md explicitly instructs the agent to save MONAD_PRIVATE_KEY into OpenClaw memory/session storage — that is risky because an autonomous agent or other parts of the platform could access the secret. Consider removing that instruction or keeping secrets out-of-band. - The registry metadata incorrectly lists no required env vars while the code requires several secrets; this mismatch is an engineering red flag. Verify and set expected env vars yourself rather than relying on the skill to prompt/store them. - The code has inconsistencies (NAD_PRIVATE_KEY vs MONAD_PRIVATE_KEY, several undefined/ambiguous variables like scriptDir/reportPath/REPORT_PATH) that suggest it is unpolished and may fail or behave unexpectedly. Audit the scripts (especially execute-bonding-v2.js, fix-entry-prices.js, check-pnl.js, buy-token.js) before granting autonomous execution. - Telegram integration will publish detailed reports to a third-party endpoint; ensure you understand what data will be sent (wallet addresses, position sizes, trades) and only provide a bot/token you control. - Test thoroughly on testnet/devnet and run the scripts manually first (no cron, no autonomous agent) to confirm behavior. If you are not comfortable auditing the code or exposing a private key, do not install or run this skill with autonomous invocation enabled.
Review Dimensions
- Purpose & Capability
- noteThe skill's name/description (autonomous Nad.fun trading agent) matches the included code: buy/sell, P&L, market scanning, and profit distribution. However the registry metadata declares no required environment variables or credentials while the code and SKILL.md clearly require a private key (MONAD_PRIVATE_KEY / NAD_PRIVATE_KEY), RPC URL, token address, and optionally Telegram tokens. That mismatch (declared none vs. actual need for secrets) is an inconsistency worth flagging.
- Instruction Scope
- concernSKILL.md instructs the agent to collect and save sensitive secrets (MONAD_PRIVATE_KEY, MMIND_TOKEN_ADDRESS, MONAD_RPC_URL, MONAD_NETWORK, Telegram IDs) into OpenClaw memory/session storage and to send detailed Telegram reports after each trading cycle. It also contains contradictory instructions (must run all 7 scanning methods, then a NOTE says only Methods 5–7 are used). The instructions grant broad discretion to persist secrets and to call external endpoints (nad.fun, api.nadapp.net, Telegram), which increases exfiltration and autonomy risk.
- Install Mechanism
- okThere is no remote download/install step in the skill bundle (no installer that pulls code from a suspicious URL). The repo includes Node.js scripts and a SKILL.md; code will be installed from the skill package itself. Risk is limited to the shipped code running on the host (no external unknown installers), but that code performs network calls and executes subprocesses.
- Credentials
- concernThe skill legitimately needs a wallet private key and RPC URL to trade, and (optionally) Telegram tokens for notifications. But the registry claims no required env vars while SKILL.md and multiple scripts require MONAD_PRIVATE_KEY / NAD_PRIVATE_KEY, MONAD_RPC_URL, MMIND_TOKEN_ADDRESS, etc. In addition SKILL.md explicitly instructs saving private keys to OpenClaw memory/session storage — a disproportionate and risky persistence choice. Multiple env-name inconsistencies (NAD_PRIVATE_KEY vs MONAD_PRIVATE_KEY) and missing declared required vars increase the chance of misconfiguration or accidental secret exposure.
- Persistence & Privilege
- noteThe skill is not force-included (always: false), and autonomous invocation is allowed (default). Combined with the instruction to save wallet private keys in agent memory, autonomous operation would allow the agent to execute on-chain trades without prompting. This is expected for an autonomous trading agent but raises an operational security concern—you should only grant autonomous execution if you trust the code and its secret handling.