RugCheck
PassAudited by ClawScan on May 1, 2026.
Overview
RugCheck is a coherent read-only helper for querying public Solana token risk data from rugcheck.xyz, with only minor disclosure notes about external API use and local tool dependencies.
This skill appears safe for its intended read-only token-analysis use. Before installing, be aware that it contacts rugcheck.xyz, depends on local command-line tools that are not declared in the metadata, and should not be treated as financial advice or a guarantee that a token is safe.
Findings (2)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
When used, the skill sends the requested token mint address to RugCheck and returns data from that service; no local changes, account changes, or credential handling are evidenced.
The helper accepts a user-supplied token mint, validates it as a Solana-style base58 address, then makes read-only RugCheck API requests. This external tool/API use is expected for the purpose but should be visible to users.
[[ "$mint" =~ ^[1-9A-HJ-NP-Za-km-z]{32,44}$ ]] || err "Invalid mint address: $mint" ... curl -sf "$API/v1/tokens/$mint/report/summary" | json_ppUse it for read-only token checks, verify the mint address before querying, and treat risk results as advisory rather than a trading guarantee.
Users may need to inspect the included script and ensure required local tools are available, because the registry metadata does not fully advertise those dependencies.
The metadata has limited provenance and does not declare runtime binaries, while the bundled helper is a Bash script that relies on standard local tools. This is a disclosure gap, not evidence of hidden or malicious behavior.
Source: unknown; Homepage: none ... Required binaries (all must exist): none
Declare the required local tools and provide an upstream homepage or source reference if available.