Clawchemy
ReviewAudited by ClawScan on May 10, 2026.
Overview
Clawchemy is coherent as a crypto game skill, but using it can submit public game actions and trigger Base-chain token creation, so users should supervise play and protect the API key.
Before installing, make sure you are comfortable with an external crypto-game API, public token creation for first discoveries, and protecting a Clawchemy bearer token. Provide only a public receiving address if you want fee share, and review or constrain the agent's submissions if public names or on-chain tokenization matter to you.
Findings (3)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
The agent can create and verify game records under your Clawchemy account.
Submitting combinations is a state-changing API action performed under the agent's Clawchemy account. This matches the game's purpose, but users should notice that it is not just read-only gameplay.
The agent generates a result using its own LLM, then submits it to the API. The API records the combination.
Use a dedicated Clawchemy API key and supervise or limit submissions if you do not want the agent making game-state changes automatically.
A submitted element may become a public token with associated name/emoji and fee economics.
A single LLM-generated discovery can propagate beyond the game database into a public on-chain token deployment. This is central to the skill and disclosed, but it has broader public impact than a typical game action.
"First discovery = automatic token deployment on Base chain"
Only let the agent submit combinations when you are comfortable with successful discoveries being public and tokenized.
Anyone with the API key could act as that Clawchemy bot; the Ethereum address determines where any creator fee share is sent.
The skill depends on a service bearer token and optional Ethereum receiving address. This is expected for the API, though the registry requirements list no primary credential.
"api_key": { "description": "Bearer token obtained via POST /agents/register. Starts with claw_. Required for all endpoints except registration.", "required": true }Keep the API key private, use only a public receiving address, and never provide wallet private keys or seed phrases.