ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Outsmart Devving Coins

Launch tokens on Solana launchpads. Use when: user asks about creating a token, devving a coin, launching a meme, PumpFun, LaunchLab, Jupiter Studio, DBC, bo...

MIT-0 · Free to use, modify, and redistribute. No attribution required.
2 · 371 · 0 current installs · 0 all-time installs
byvincent so@outsmartchad
MIT-0
Security Scan
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Benign
medium confidence
Purpose & Capability
The name/description (launch tokens on Solana launchpads) matches the declared requirements: the skill needs an 'outsmart' CLI and a PRIVATE_KEY and MAINNET_ENDPOINT to sign and broadcast transactions. The node/npm install of an 'outsmart' CLI is consistent with providing that binary.
Instruction Scope
SKILL.md contains explicit outsmart CLI commands to create tokens, pools, and add liquidity; it does not instruct the agent to read unrelated files, query unrelated services, or exfiltrate data. All runtime examples are within the stated scope (token launch lifecycle).
Install Mechanism
Install uses an npm package named 'outsmart' which will place a binary 'outsmart' on PATH. npm installs are common for CLIs but carry moderate risk because packages may contain arbitrary code; the skill metadata points to a GitHub homepage which helps traceability but the package/source authorship should be verified before installing.
Credentials
The required env vars (PRIVATE_KEY, MAINNET_ENDPOINT) are proportionate to signing and broadcasting Solana transactions. However, PRIVATE_KEY is extremely sensitive: providing it to the skill grants full control of that wallet. Registry metadata did not mark a primary credential even though PRIVATE_KEY is required — this minor metadata inconsistency is worth noting.
Persistence & Privilege
always is false and model invocation is allowed (the platform default). The skill does not request elevated platform-wide privileges or persistent system-wide configuration. Autonomous invocation combined with access to a PRIVATE_KEY increases risk but does not by itself indicate incoherence.
Assessment
This skill appears to be what it claims — a CLI-driven helper to create Solana tokens — but it will need your PRIVATE_KEY (wallet key) and will install an npm CLI. Before installing or using it: (1) verify the npm package and GitHub repository authorship and review the package contents or lock to a specific vetted version; (2) avoid supplying a mainnet wallet private key you care about — use a dedicated, funded test or limited-authority key, or a hardware/transaction-approval flow if possible; (3) consider running the npm install in a sandbox/container; (4) if you must use an env var for a key, prefer ephemeral keys or a signer that can restrict operations. If any of these controls cannot be met, do not install or provide your mainnet PRIVATE_KEY.

Like a lobster shell, security has layers — review code before you run it.

Current versionv1.0.0
Download zip
latestvk97cvs7vs7ayj6tqefjqpj7bnd81qae6

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Runtime requirements

Binsoutsmart
EnvPRIVATE_KEY, MAINNET_ENDPOINT

Install

Install outsmart CLI (npm)
Bins: outsmart
npm i -g outsmart

SKILL.md

Devving Coins

Launch tokens that fit the moment. Catch a narrative early, create the token, earn from bonding curve fees + LP after graduation.

When to Use

  • "Launch a memecoin"
  • "Dev a coin for this meta"
  • "Create a token on PumpFun"
  • "How do I launch on Solana?"

When NOT to Use

  • Buying existing tokens — use dex-trading
  • LP on existing pools — use lp-farming
  • No active meta — don't launch into silence

The Launchpads

PumpFun (Most Popular)

Default choice. Biggest audience, most eyeballs. Cost: ~0.02 SOL. Graduates at ~85 SOL to PumpSwap.

outsmart create-coin --name "Token Name" --symbol "TICKER" --metadata-uri "https://arweave.net/..."

All tokens: 6 decimals, 1B supply, mint/freeze authority disabled.

Jupiter Studio

Built on Meteora DBC. USDC curves, anti-sniping, dev vesting. Graduates to DAMM v2. Presets: Meme ($16k->$69k MC), Indie ($32k->$240k MC with vesting), Custom.

Raydium LaunchLab

Graduates to Raydium CPMM. Less popular for memes but powers other launchpads (american.fun).

Meteora DBC

Permissionless bonding curve infrastructure. Jupiter Studio and many AI agent launchpads use it underneath. Graduates to DAMM v2.

Which Launchpad When

You want...UseWhy
Max eyeballs, quick memePumpFunBiggest audience
USDC curve, anti-snipe, vestingJupiter StudioBuilt-in protections
Autonomous agent launchingPumpFunSingle CLI command

Catching the Narrative

The token creation is just a transaction. Knowing what to launch and when is everything.

  • CT/X — ground zero. 5+ accounts on same theme = meta forming
  • Telegram groups — stuff leaks here before CT
  • DexScreener trending — what's pumping right now?
  • News events — speed matters, first token with the right ticker wins

The window is phases 1-2 of a meta. By phase 3 you're too late.

After Graduation

# Token graduates to DEX. Create DAMM v2 pool with 99% fee:
outsmart create-pool --dex meteora-damm-v2 --token MINT \
  --base-amount 1000000 --quote-amount 0.5 \
  --max-fee 9900 --min-fee 200 --duration 86400 --periods 100

# As token matures, open DLMM position:
outsmart add-liq --dex meteora-dlmm --pool POOL --sol 0.5 --strategy spot --bins 50

Total cost from launch to full LP: ~0.25 SOL.

Don't Be a Bad Dev

  • Don't dump your allocation immediately — everyone sees it on GMGN
  • Don't rug the LP — lock or burn it
  • Don't launch with mint/freeze authority — instant red flag
  • Don't buy most of your supply via alt wallets — GMGN detects bundled buys
  • Don't launch into a dead meta

Files

1 total
Select a file
Select a file to preview.

Comments

Loading comments…