LooLoo Trading

AdvisoryAudited by Static analysis on Apr 30, 2026.

Overview

No suspicious patterns detected.

Findings (0)

Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.

NoteHigh Confidence

ASI02: Tool Misuse and Exploitation

What this means

A user could receive a trade confirmation link, but the skill requires explicit confirmation first and says final wallet signing happens on the LooLoo website.

Why it was flagged

Creating a trade intent is a financial workflow action, but the instruction explicitly gates it on user confirmation and does not authorize unattended execution.

Skill content

Call `create_trade_intent` only after the user explicitly wants to continue.

Recommendation

Before using the confirmation link, verify the token address, side, amount, and website destination, and only sign in the wallet if everything matches your intent.