Fomo Research
PassAudited by ClawScan on May 1, 2026.
Overview
This instruction-only skill is coherently focused on Fomo/Cope Capital trader research, but users should notice that it uses a Cope API key, can sync Fomo profile data, and includes an optional paid x402 account feature.
This appears safe to install for its stated purpose if you are comfortable using Cope Capital’s API. Before using it, understand that it needs a COPE_API_KEY, may share Fomo profile/watchlist information with api.cope.capital, and should only enable x402 paid calls with explicit approval.
Findings (4)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Anyone installing the skill should treat the Cope API key like a password because the agent can use it to access account-backed API features.
The skill requires a bearer API key for the Cope Capital service. This is expected for the integration and is disclosed, but it gives the agent authority to act on that service account.
primaryEnv: COPE_API_KEY ... required: true ... All requests require `Authorization: Bearer cope_<key>` header.
Use a dedicated API key if available, store it securely, and rotate or revoke it if the agent environment is no longer trusted.
The install listing may understate that the skill needs a service API key.
The registry metadata does not surface a required credential, while the skill instructions declare COPE_API_KEY as required. This is a metadata/packaging disclosure gap rather than hidden runtime behavior.
Required env vars: none ... Primary credential: none
Verify the credential requirement in SKILL.md before installation and ensure the registry metadata is updated to declare COPE_API_KEY.
If the user enables x402, subsequent activity calls may cost money.
The skill includes a user-directed API operation that enables a paid account feature. The instructions ask the human first and say not to push it, so this is disclosed and purpose-aligned, but it can create charges if enabled.
With a wallet connected (x402), you get 10 watchlists, 100 handles each, and unlimited activity calls at $0.005/call. ... curl -X PATCH ... -d '{"x402_enabled": true}'Only enable x402 after explicit user confirmation, and ask before making repeated or automated paid activity calls.
Using this feature shares the chosen Fomo handle and related follow/watchlist information with the Cope Capital API.
The skill sends the user's Fomo handle to the external Cope Capital API and retrieves follow data. This is central to the stated feature, but it is still a profile/social-graph data flow.
I can sync your follows and build a watchlist from the traders you already follow. ... POST https://api.cope.capital/v1/account/sync-fomo ... GET /v1/account/follows
Only sync a Fomo profile if the user is comfortable sharing that handle and related follow data with the provider.