nadfun
WarnAudited by ClawScan on May 10, 2026.
Overview
This is a coherent NadFun/Web3 integration, but it teaches an agent to use wallet credentials and perform irreversible token approvals or transactions without clear safety confirmation boundaries.
Use this only with a dedicated test or low-balance wallet. Do not give an agent your main private key. Manually approve every transaction, avoid infinite token approvals, verify contract addresses and network selection, and set short expirations for NadFun API keys.
Findings (3)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
If the agent uses this pattern with the wrong token or spender, a third party could transfer all approved tokens from the wallet.
The documentation includes an infinite ERC-20 approval example. In an agent context, approving an unbounded spender is a high-impact financial action unless tightly scoped and explicitly confirmed by the user.
const maxApprove = BigInt("0xffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff")
const infiniteTxHash = await approve(tokenAddress, spenderAddress, maxApprove)Require explicit user approval for every transaction, avoid infinite approvals by default, verify spender addresses, and prefer small bounded allowances.
Providing a real wallet private key to an autonomous agent can let it sign irreversible blockchain transactions if instructions or inputs are wrong.
The skill expects access to a wallet private key for signing, but the registry metadata declares no primary credential or required env var. A private key grants control over wallet funds and on-chain actions.
const privateKey = process.env.PRIVATE_KEY as `0x${string}`
const account = privateKeyToAccount(privateKey)Use a dedicated low-balance wallet, never provide a main-wallet private key, and require manual review of transaction destination, amount, network, gas, and contract address before signing.
If the remote documentation changes or is compromised, users could copy unsafe updated instructions.
The skill documents fetching additional skill files from a remote domain into a local skills directory. This is user-directed documentation retrieval rather than automatic code execution, but it is not pinned or integrity-checked.
curl -s https://nad.fun/skill.md > ~/.nadfun/skills/SKILL.md
Review downloaded files before use, verify the source domain, and prefer pinned versions or checksums for any fetched artifacts.