Skillv1.0.2

ClawScan security

Hot Fun Integration · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

SuspiciousMar 8, 2026, 8:01 AM

Verdict: suspicious
Confidence: medium
Model: gpt-5-mini
Summary: The skill is mostly coherent with its stated purpose (creating tokens on Solana) but asks the agent to sign and broadcast transactions returned by a remote API and recommends installing an external npm package from an unverified source — this combination merits caution.
Guidance: This skill is coherent with creating tokens on Solana, but it asks you to provide a wallet private key and to sign transactions produced by a remote API. Before installing or using it: (1) only use a wallet with minimal funds; never paste your private key into chat — set PRIVATE_KEY in a secure environment if you accept the risk; (2) verify and trust the API host (https://gate.game.com) and the npm package author before installing the recommended package; (3) prefer signing transactions locally or with a hardware wallet / offline signing workflow if possible; (4) review the included create-token.ts source yourself (or have someone you trust review it) to ensure the returned transaction does only what you expect; (5) ensure the agent enforces the SKILL.md consent step — don’t rely on a purely instructional warning. If you can’t verify the API or package origin, treat this skill as risky.

Review Dimensions

Purpose & Capability: okName/description, required env var (PRIVATE_KEY), and included code all align: the skill needs a wallet private key to sign Solana transactions produced by the hot.fun API in order to create tokens.
Instruction Scope: concernThe runtime instructions require calling https://gate.game.com/v3/hotfun/agent/create_pool_with_config and blindly signing the base58-encoded transaction returned by that API. Having the agent sign an externally-generated transaction is necessary for this flow but is a high-privilege operation: a malicious or compromised API could craft transactions that do more than 'create a token' (transfer funds, set approvals, etc.). The SKILL.md does instruct the agent to obtain explicit user consent first, but enforcement depends on the agent and the user.
Install Mechanism: noteThere is no install spec in the registry bundle (instruction-only), but the README recommends installing @hot-fun/hot-fun-ai from npm. Installing an external npm package is a common approach but introduces risk if the package or its npm account is untrusted; the registry bundle also includes a local create-token.ts implementation which makes the external install recommendation redundant and raises a transparency question.
Credentials: okOnly PRIVATE_KEY (and optional SOLANA_RPC_URL) are requested; these are expected and proportionate for signing and sending Solana transactions. No unrelated credentials or config paths are requested.
Persistence & Privilege: noteThe skill does not request always:true and is not force-included. However, it allows normal autonomous invocation (disable-model-invocation: false) while requiring access to a private key — if the agent is permitted to call the skill autonomously and PRIVATE_KEY is available to the agent process, there is a non-trivial risk that the agent could perform operations without an explicit human step. The SKILL.md attempts to mitigate this by mandating a user agreement/consent step, but this is an instruction rather than a platform-enforced guard.