Miraix Wallet Roast
AdvisoryAudited by Static analysis on Apr 30, 2026.
Overview
No suspicious patterns detected.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
The external service will receive the wallet address being analyzed and may be able to associate it with the request.
The skill sends the wallet address to an external Miraix API. This is disclosed and purpose-aligned, but a wallet address can reveal financial activity when analyzed.
curl -sS -X POST https://app.miraix.fun/api/wallet-audit ... -d '{"walletAddress":"<wallet-address>","language":"<zh|en>"}'Only submit wallet addresses you are comfortable having analyzed by the Miraix endpoint; do not provide private keys or seed phrases.
A user might rely on a returned command for a financial action, such as a token swap, without fully checking the destination, amounts, or risk.
The skill may display API-supplied rebalance or swap commands verbatim. It does not direct automatic execution, but such commands could affect assets if a user copies and runs them.
Keep any `actions[].command` text verbatim when the user may want to execute it later.
Review any returned command carefully and require explicit user confirmation before executing financial transactions outside the skill.