SafeToken.fun
SuspiciousAudited by ClawScan on May 10, 2026.
Overview
This instruction-only skill is coherent, but it guides agents to perform irreversible BNB Chain token-creation actions from a funded wallet without clear human approval or verification safeguards.
Only install or use this skill if you understand that it can guide an agent toward real BNB Chain mainnet transactions and public token listings. Use a dedicated low-balance wallet, verify contract addresses and ABI independently, and require manual approval for every transaction.
Findings (4)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
An agent with wallet access could spend funds or create a public, irreversible token transaction if the user does not carefully review the action.
The skill instructs agents to perform a mainnet blockchain transaction from a funded wallet, including deployment and approval actions, but does not specify human approval, transaction review, spending limits, or contract verification before execution.
On BNB Chain (56), call TokenFactory.createToken(name, symbol, burnPercent) from a funded wallet. - One tx: deploys token, approves launchpad, initializes bonding curve, burns reserve.
Require explicit user approval for every wallet transaction, review the transaction in a wallet UI, and use a dedicated low-balance wallet rather than granting broad signing authority.
If the API changes or is compromised, an agent could be guided to sign a transaction against an unexpected contract.
The live service supplies the contract address and ABI that would be used for a mainnet wallet transaction. The artifact does not pin or independently verify contract addresses, ABI, or source provenance.
GET https://safetoken.fun/api → read contracts.tokenFactory (address) and contracts.tokenFactoryAbi ... Always start with GET https://safetoken.fun/api to get current contract addresses and ABI.
Verify contract addresses and ABI against a trusted block explorer or audited source before signing any transaction, and avoid blindly trusting dynamically returned contract data.
Wallet access can authorize real financial transactions, even though the registry metadata lists no required credentials.
The skill advertises no API key, but token creation still requires wallet signing authority and funds. This is expected for the stated purpose, but it is sensitive delegated authority.
call TokenFactory.createToken(name, symbol, burnPercent) from a funded wallet
Treat wallet access as a sensitive credential, use a dedicated wallet, and do not allow autonomous signing without user confirmation.
Users may over-trust the safety claims when deciding whether to let an agent create or interact with tokens.
The artifact makes financial safety and fairness claims, but the provided materials do not include contract source, audits, or pinned verification evidence.
SafeToken.fun is a fair memecoin launchpad ... liquidity is permanently burned to 0xdEaD — no team rug.
Do not rely on marketing claims alone; independently verify contracts, liquidity mechanics, and economic risks before using the service.