Giveaway Skills
Security checks across static analysis, malware telemetry, and agentic risk
Overview
This is a no-code guide for using a Binance Smart Chain giveaway contract, but users should verify the contract and approve wallet transactions carefully.
This skill appears coherent and instruction-only. Before installing or using it, verify the BSC contract address and ABI independently, review all token amounts and fees, avoid unlimited approvals, require manual wallet confirmation, and remember that blockchain transactions are generally irreversible.
Static analysis
No static analysis findings were reported for this release.
VirusTotal
VirusTotal findings are pending for this skill version.
Risk analysis
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
If used with a wallet signer, these instructions can lead to irreversible blockchain transactions, gas costs, token transfers, or whitelist changes.
These are purpose-aligned contract operations, but they are on-chain write actions that may transfer funds, alter access lists, or withdraw balances.
Use this skill when you need to create giveaways, claim giveaways, manage whitelists, or withdraw expired giveaways on BSC.
Before any write call, verify the contract address, giveaway ID, token, amount, expiry, fees, and recipient effects; prefer read-only checks first.
A signer-enabled script or agent could submit transactions from the connected wallet if the user approves them or if the wallet is configured for automated signing.
The skill assumes access to a wallet signer/account context. That is expected for blockchain calls, but it is sensitive authority over user funds.
Assumptions when calling: - You are already connected to a BSC mainnet RPC ... - Account balance and gas settings are handled by the caller
Keep private keys out of the agent, require manual wallet confirmation, use limited approvals, and revoke ERC20 allowances when no longer needed.
Users must independently verify that the hard-coded contract address, ABI, fees, and method behavior match the real deployed contract before sending funds.
The skill provides guidance for a deployed financial contract, but the reviewed artifacts do not include the contract source, ABI, homepage, or provenance link.
Source: unknown; Homepage: none; Code file presence: No code files present — this is an instruction-only skill.
Check the contract source and ABI on a trusted block explorer such as BscScan, and confirm the address matches the intended project before interacting.