ClawHub

Trench

Fast meme coin trading execution for AI agents. Snipe new token launches, execute rapid buys/sells on Solana DEXs (Jupiter, Raydium, Pump.fun), with MEV prot...

MIT-0 · Free to use, modify, and redistribute. No attribution required.
5 · 359 · 1 current installs · 1 all-time installs
by@inkoak23-code
MIT-0
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Suspicious
medium confidence
!
Purpose & Capability
The skill advertises executing trades, Jito bundle submission, MEV protection, multi-wallet management and API integrations, yet the registry entry declares no required environment variables, no binaries, and no install. A trading execution skill would reasonably need RPC endpoints, wallet private keys (or signing capability), and likely API keys — their absence is a mismatch.
!
Instruction Scope
SKILL.md is high-level and largely a placeholder. It outlines scripts (buy.py, snipe.py, safety.py) and capabilities but contains no concrete runtime commands or safe handling instructions. It also references wallet concepts (example: 'WIF position') and external APIs (Rugcheck, DexScreener, Jito), which implies access to secrets and network resources; the instructions are vague and grant broad agent discretion.
Install Mechanism
There is no install spec and no code files present, so currently nothing would be written to disk by installing the skill — that lowers immediate risk. However, the SKILL.md describes scripts and a non-trivial architecture that are missing: future releases could introduce high-risk install steps (downloads, native binaries, or wallet integrations).
!
Credentials
The functionality described inherently requires sensitive credentials (private keys/WIF, RPC provider URLs, possibly API keys for Rugcheck/DexScreener) but the skill declares none. That discrepancy is worrying: either the skill will later ask for secrets out-of-band, or it omits crucial security information. Requesting or handling private keys without explicit, auditable code is a red flag.
Persistence & Privilege
always:false (normal). The skill allows autonomous invocation (platform default). While autonomous invocation alone is not a violation, combining it with the ability to execute trades and manage wallets increases impact if the skill is later updated with code that can act on funds — exercise extra caution before granting autonomous execution.
What to consider before installing
Do not provide private keys, WIFs, or permanent API secrets to this skill. The package is currently a placeholder: it advertises trading and wallet management but contains no code or declared credential requirements, which is inconsistent. Before installing or using it: (1) ask the author for the exact code and install steps; (2) require a minimal, auditable code review that shows how keys are stored/used; (3) insist on explicit environment variables and safe signing workflow (e.g., hardware wallet or remote signer) rather than plain private keys; (4) if you test, use a throwaway account and tiny funds in a sandboxed environment; (5) prefer skills from known authors or with verifiable source and release artifacts. If the skill later adds install steps that download archives or binaries, treat that as higher risk and re-evaluate.

Like a lobster shell, security has layers — review code before you run it.

Current versionv0.1.0
Download zip
latestvk97027wyjvks36gdk0r5bhswmd81k1sg

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

SKILL.md

Trench 🪖

Fast meme coin trading execution skill for AI agents on Solana.

⚠️ This skill is under active development. Core modules coming soon.

Capabilities (Planned)

Execution

  • Rapid buy/sell via Jupiter aggregator + Raydium direct
  • Pump.fun token sniping and graduation tracking
  • Jito bundle submission for MEV protection
  • Priority fee optimization
  • Auto-retry on failed transactions

Intelligence

  • New pool detection (Raydium, Pump.fun)
  • Rug/honeypot detection (liquidity lock check, mint authority, top holders)
  • Token safety scoring via Rugcheck API
  • Real-time price feeds via DexScreener / Birdeye

Position Management

  • Auto take-profit / stop-loss
  • Trailing stops
  • Multi-wallet support
  • PnL tracking per position

Architecture

trench/
├── SKILL.md
├── scripts/
│   ├── buy.py           # Fast buy execution
│   ├── sell.py           # Fast sell execution
│   ├── snipe.py          # New pool sniper
│   ├── monitor.py        # Token monitor & alerts
│   ├── safety.py         # Rug detection & token analysis
│   └── portfolio.py      # Position & PnL tracking
└── references/
    ├── jupiter-api.md    # Jupiter V6 swap API reference
    ├── raydium.md        # Raydium pool interaction
    ├── jito-bundles.md   # Jito bundle submission
    └── pump-fun.md       # Pump.fun API & graduation mechanics

Usage Examples

"Buy 0.5 SOL worth of POPCAT with 1% slippage"
"Snipe the next pump.fun graduation with 0.1 SOL"
"Set a 3x take-profit on my WIF position"
"Check if this token CA is safe: <address>"
"Show my open positions and PnL"

Files

1 total
Select a file
Select a file to preview.

Comments

Loading comments…