ClawHub

Meme Coin Scanner

v1.0.0

Scan meme coins for scam signals, rug-pull risk, and on-chain audit flags. Use when evaluating tokens, auditing contracts, checking liquidity lock status.

0· 29·0 current·0 all-time
by@loutai0307-prog
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
Capability signals
Crypto
These labels describe what authority the skill may exercise. They are separate from suspicious or malicious moderation verdicts.
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Benign
medium confidence
Purpose & Capability
Name/description match the included scripts: the shell+Python scripts query token/DEX APIs, present risk heuristics, and print external checker links. No unrelated cloud credentials or unrelated binaries are requested.
Instruction Scope
SKILL.md instructs running local scripts (meme.sh, script.sh). Those scripts perform network GETs to public APIs (e.g., DexScreener), print assessments, and provide checklists. They also create a local data directory (~/.meme-scanner or XDG path) and write logs/history — expected for a CLI scanner but worth noting for privacy.
Install Mechanism
No install spec; this is instruction+bundled scripts only. Nothing is downloaded or executed from remote URLs during install.
Credentials
The skill declares no required env vars or credentials. Scripts optionally respect MEME_COIN_SCANNER_DIR/XDG_DATA_HOME to change data path and the tips mention API keys as optional. No unexplained secret access is present.
Persistence & Privilege
always:false and no modifications to system-wide or other skills' configs. The script persists logs and data in a per-user data directory (normal but persistent on the machine).
Assessment
This skill appears to do what it claims: run local scripts that call public token/DEX APIs and produce heuristic risk output. Before installing, consider: (1) The scripts will create and write logs under your home directory (~/.meme-scanner or an XDG path) that may contain token addresses or query history — review those files if you care about privacy. (2) The code makes outbound requests to public services (DexScreener etc.); those services will see your queried token addresses. (3) No secrets are required, but the tips mention optional API keys — only set keys if you trust the skill and the upstream services. (4) One of the provided files (scripts/meme.sh) was partially truncated in the supplied bundle; to raise confidence, review the full file to ensure there are no hidden network calls or unexpected behavior in the missing portion. If you want extra safety, run the scripts in a restricted/sandboxed environment or inspect the full source locally before use.

Like a lobster shell, security has layers — review code before you run it.

latestvk97a6x2r6z42egx8b7w36yt98n84929c

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments