ClawHub

Openclaw Fomo3d

v1.2.0

Play Fomo3D and Slot Machine on BNB Chain (BSC). Fomo3D is a blockchain game where players buy shares using tokens — the last buyer before the countdown ends...

0· 263·0 current·0 all-time
byEren@erenvance
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Benign
medium confidence
Purpose & Capability
Name/description (Fomo3D on BNB Chain) align with the code and runtime requirements: the code uses viem to call BSC RPCs and the skill needs a private key to sign transactions. Required binary (node) and primary env var (FOMO3D_PRIVATE_KEY) are expected for a signing CLI.
Instruction Scope
SKILL.md and bin/fomo3d.ts describe a CLI that asks for a private key, network, and optional RPC URL and saves config.json; commands auto-check token allowances and send transactions. The instructions do not ask for unrelated files or credentials, but they do perform automatic token approvals (ERC‑20 allowance checks/approvals) and write local config files — both are within the expected scope but worth awareness.
Install Mechanism
No registry install spec was provided (instruction-only), but the package includes source and recommends running npm install at repo root. That will fetch npm packages (tsx, viem, and many transitive packages). This is normal but increases attack surface compared with a pure instruction-only skill — dependencies should be reviewed before install.
!
Credentials
The single required env var is FOMO3D_PRIVATE_KEY which is appropriate for signing blockchain transactions, but it's extremely sensitive (full control over the EOA). SKILL.md also references optional FOMO3D_NETWORK and FOMO3D_RPC_URL. No unrelated credentials are requested, but the request for a private key is high-privilege and must be treated as such.
Persistence & Privilege
The skill is not forced-always (always:false) and does not request system-wide changes in the manifest. It writes its own config.json when set up (expected for a CLI) and does not appear to modify other skills or system configs.
Assessment
This skill appears to do what it claims (a CLI to play Fomo3D on BSC) and requires your BSC private key so it can sign transactions. Before installing or using it: (1) never provide a meaningful/mainnet private key unless you accept the risk — prefer a dedicated, funded-for-purpose wallet or use testnet first; (2) review the code (especially the auto-approve flow) to confirm allowance amounts and that approvals are bounded; (3) verify the RPC URL and contract addresses in config.json and source match the official project; (4) run npm install only after reviewing package.json/package-lock for unexpected dependencies; (5) consider running commands with minimal funds and check transaction details before confirming; (6) if you need stronger protection, use a hardware or multisig wallet (note SKILL warns it requires an EOA, so hardware/multisig may not be compatible).

Like a lobster shell, security has layers — review code before you run it.

latestvk971rgvd496b9g3xsmq9fa5fqx82ac6a

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Runtime requirements

🎰 Clawdis
Binsnode
EnvFOMO3D_PRIVATE_KEY
Primary envFOMO3D_PRIVATE_KEY

Comments