Clawhub Skills
ReviewAudited by ClawScan on May 10, 2026.
Overview
This skill coherently documents a token-trading API, but it gives the agent buy/sell authority over real-money-style transactions without explicit per-trade approval controls.
Review before installing. Only use this skill if you trust the K-Trendz API operator and are comfortable giving an agent trading authority. Prefer read-only price checks unless you have explicit confirmation, budget, slippage, loss, and allowed-token limits in place.
Findings (3)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
If the agent uses the provided API key, it could buy or sell tokens, incur fees, and create trading losses up to the provider-enforced limits.
The skill exposes direct buy and sell API operations for token trading, but the instructions do not require explicit user approval before each high-impact transaction.
### buy_fanz_token Purchase 1 lightstick token. **Endpoint**: `POST /functions/v1/bot-buy-token` ... ### sell_fanz_token Sell 1 lightstick token.
Use only with explicit user confirmation for every trade, user-defined daily budget and loss limits, token allowlists, and a read-only price-check mode by default.
Providing the key may let the agent trade on the user’s account through the K-Trendz API.
The API key is expected for this integration, but in this context it likely authorizes account-level trading actions and should be scoped and protected carefully.
Include your API key in the `x-bot-api-key` header for all requests.
Use a least-privilege API key if available, rotate it if exposed, and avoid sharing a key that can access unrelated account functions or higher balances.
The user has less public information for verifying who operates the API and whether the trading service is trustworthy.
The skill has limited provenance information, which matters more because it instructs the agent to send credentialed requests to a trading API.
Source: unknown Homepage: none
Verify the provider and API endpoint out of band before supplying credentials or authorizing trades.