Miraix Wallet Roast
PassAudited by ClawScan on May 1, 2026.
Overview
The skill is coherent for wallet analysis, but it sends the wallet address to Miraix and may return swap-style commands that users should review before using.
This appears safe to install as an instruction-only wallet-analysis helper. Before using it, understand that wallet addresses are sent to Miraix, and treat any returned rebalance or swap command as a suggestion to verify rather than something to run blindly.
Findings (2)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
The external service will receive the wallet address being analyzed and may be able to associate it with the request.
The skill sends the wallet address to an external Miraix API. This is disclosed and purpose-aligned, but a wallet address can reveal financial activity when analyzed.
curl -sS -X POST https://app.miraix.fun/api/wallet-audit ... -d '{"walletAddress":"<wallet-address>","language":"<zh|en>"}'Only submit wallet addresses you are comfortable having analyzed by the Miraix endpoint; do not provide private keys or seed phrases.
A user might rely on a returned command for a financial action, such as a token swap, without fully checking the destination, amounts, or risk.
The skill may display API-supplied rebalance or swap commands verbatim. It does not direct automatic execution, but such commands could affect assets if a user copies and runs them.
Keep any `actions[].command` text verbatim when the user may want to execute it later.
Review any returned command carefully and require explicit user confirmation before executing financial transactions outside the skill.