moonfun_sdk
WarnAudited by ClawScan on May 10, 2026.
Overview
This appears to be a real BSC meme-token SDK, but it asks for a raw crypto wallet private key and can spend or trade real BNB with unclear registry disclosure and provenance.
Use only with a dedicated wallet containing minimal BNB, verify the exact package source before installing, avoid the default HTTP image API unless you accept that exposure, and require manual review of every transaction before the agent signs or broadcasts it.
Findings (6)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
If used with a funded wallet, the agent can sign transactions that spend BNB, create tokens, approve token spending, or trade assets.
The skill requires a raw wallet private key even though the registry metadata declares no required env vars and no primary credential. A private key grants broad authority over the funded wallet.
Supported environment variables: - `PRIVATE_KEY` (required): Ethereum private key
Declare this as a primary credential, use only a dedicated low-balance wallet, and require explicit user approval before every signing or transaction broadcast.
An agent invocation can immediately spend real BNB and publish irreversible on-chain transactions.
The code directly signs and broadcasts BSC transactions using the wallet key. The artifact does not show a built-in confirmation step before sending irreversible transactions.
signed_tx = self.w3.eth.account.sign_transaction(
tx,
self.auth.private_key
)
...
tx_hash = self.w3.eth.send_raw_transaction(signed_tx.raw_transaction)Add a mandatory confirmation/preflight step showing destination, value, gas, contract call, and estimated loss before signing or broadcasting.
A buy or sell could execute at an unexpectedly bad price, potentially losing most of the trade value.
The documented trading fallback can remove minimum-output protection, which is risky for automated token trading and can expose the user to severe price impact or front-running.
Trading Functions (Experimental) - Price estimation may fail on new tokens - Slippage protection uses fallback (min_received=0)
Do not default to min_received=0. Require the user to set and approve a minimum received amount and show clear warnings for low-liquidity trades.
Users may install code from PyPI that they cannot reliably tie back to the reviewed source, which is especially risky for wallet-signing software.
The package metadata points to a placeholder source URL while the registry source and homepage are unknown, yet the docs recommend installing a package that handles private keys.
url="https://github.com/example/moonfun-sdk"
Publish a real verified source repository, match the package artifact to that source, pin versions or hashes where possible, and avoid installing unverified packages for private-key workflows.
Network observers or intermediaries could read or tamper with prompts and signatures, link requests to a wallet address, or attempt short-window replay/abuse.
The default hosted image API uses plaintext HTTP while receiving wallet-linked prompts and request signatures. This is disclosed, but the transport is not proportionate for authenticated provider communication.
Image API: `http://moonfun.site` ... What is sent: - Wallet address (public) - Request signature (proves ownership) - Timestamp (prevents replay) - Prompt text
Use HTTPS by default, verify the provider, or self-host the image API before sending wallet-linked prompts and signatures.
Users may rely on broad approval and safety claims instead of independently checking the wallet, transaction, and source-code risks.
The artifact includes review-outcome and approval language rather than only verifiable facts. In a private-key financial tool, this can push users or reviewers toward undue trust.
Expected Review Outcome **Should PASS because:** ... **Recommendation**: APPROVE
Remove approval-directed language and replace it with precise, verifiable security documentation and reproducible build/provenance information.