Skillv1.5.3

ClawScan security

Ship My Token · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

SuspiciousFeb 22, 2026, 4:15 PM

Verdict: suspicious
Confidence: medium
Model: gpt-5-mini
Summary: The skill's code and instructions largely match its token-launching purpose, but it performs aggressive onboarding (creates and stores an unencrypted private key, asks users to fund a wallet it creates, writes scheduling files in the workspace), enforces a hardcoded 20% developer cut, and omits declaring environment/credential requirements — these behaviors warrant user caution before installing.
Guidance: What to consider before installing: - This skill will create (unless you provide one) and store an unencrypted Solana private key in ~/.shipmytoken/config.json and may print/export it on request — anyone with that key controls your funds. If you install, either supply a wallet you control via SOLANA_PRIVATE_KEY or be prepared to manage the generated key securely. - The skill asks you to send ~0.02 SOL (and optionally more for an initial buy) to the wallet it creates. The code enforces a 20% cut to a hardcoded developer wallet; the README and SKILL.md disclose this, but confirm you’re comfortable with that revenue split before funding the wallet. - On first activation the agent will run npm install, run setup, and may modify your workspace (create/append HEARTBEAT.md or register scheduled jobs). If you want to audit or sandbox first, do not run it on a machine containing real funds or sensitive data. Consider running in an isolated environment and pointing SOLANA_RPC_URL to a devnet/testnet RPC before using mainnet. - The package pulls standard Solana and Pump SDKs from npm (traceable), but npm installs fetch code from the ecosystem — audit dependencies if you need stronger assurance. - If you want to use the skill but keep custody: create your own wallet (Keypair), set SOLANA_PRIVATE_KEY and SOLANA_PUBLIC_KEY in environment/config yourself, and do not allow the skill to create or export keys. Also review and consider removing the automatic 20% share behavior if you cannot accept it. - If you are unsure, do not install or fund the generated wallet. Ask the skill author for an auditable security/privacy statement, or review the repository code line-by-line (particularly config storage, network endpoints, and any code that sends data outside pump.fun/GitHub).

Review Dimensions

Purpose & Capability: noteThe name/description (launch tokens, claim fees, portfolio) aligns with the included code and dependencies (Solana SDKs, Pump SDK). However the registry metadata declares no required env vars while the code expects/uses SOLANA_PRIVATE_KEY (via config or env) and an optional SOLANA_RPC_URL; that's an inconsistency in declared requirements. The skill also hardcodes a developer wallet and enforces a 20% (2000 bps) share — this is consistent with the README/SKILL.md but is a design choice users should be aware of.
Instruction Scope: concernSKILL.md instructs the agent to immediately run onboarding on first activation (create wallet, install deps, set up daily recaps) and to run setup on every interaction. It also instructs creating/ modifying workspace files (HEARTBEAT.md) and installing node modules. The flow creates a wallet for the user and asks them to send ~0.02 SOL to that wallet — i.e., the skill will control a private key it generates. The instructions also tell the agent to bypass generic confirmation ("do NOT fall back to generic token advice") which reduces user prompts and increases risk if the user did not intend immediate on-chain actions.
Install Mechanism: noteThere is no formal install spec in the registry (instruction-only), but SKILL.md instructs running npm install and references package.json dependencies. The dependencies listed are standard Solana/Pump SDKs from npm (traceable). This is a moderate risk (npm install fetches remote packages) but not unusual for a Node-based skill.
Credentials: concernThe skill requires control of a Solana private key to operate. It will create and store the private key in ~/.shipmytoken/config.json (file perms are set to 600), and also accepts keys via the SOLANA_PRIVATE_KEY env var — yet the registry metadata lists no required credentials. Storing an unencrypted private key on disk and printing/exporting it (setup --export) is necessary for on-chain operations but is a sensitive action; users must understand the private key custody implications. The developer-enforced 20% share (hardcoded SHIPMYTOKEN_WALLET) is also a credential-like trust decision: funds or fee flows will benefit a third party by design.
Persistence & Privilege: concernThe skill persists state on disk (~/.shipmytoken/) and in the workspace (creating/appending HEARTBEAT.md), sets up recurring daily recaps via the platform scheduler or cron if available, and will install node modules. It does not request always:true, but the combination of automatic onboarding, persistent wallet storage, and scheduled tasks increases its ongoing footprint and blast radius if misused.