ClawHub

ClawLaunch

v1.0.0

Launch and trade AI agent tokens on ClawLaunch bonding curve (Base). Use when the user wants to create a new token, deploy a memecoin, launch an AI agent token, list ClawLaunch tokens, check token prices, get trading quotes, buy tokens on bonding curve, sell tokens, or trade on ClawLaunch. Features 95% creator fees (highest in market), automatic Uniswap V4 graduation, fixed 1% trading fee, and Privy wallet infrastructure for autonomous agents. Supports Base Mainnet and Base Sepolia testnet.

0· 985·4 current·4 all-time
by@smokealot420
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Suspicious
high confidence
Purpose & Capability
The name, description, API examples, and included CLI script all match the stated purpose (token launch/trading on ClawLaunch). Required binaries (curl, jq) are sensible for the CLI and docs. Minor inconsistency: the registry metadata lists no homepage, but the SKILL.md references https://www.clawlaunch.fun as the service endpoint.
Instruction Scope
SKILL.md and the included shell script limit operations to calling the ClawLaunch HTTP API and reading a local config file (~/.clawdbot/skills/clawlaunch/config.json) or CLAWLAUNCH_API_KEY env var. There are no instructions to read unrelated system files or exfiltrate data. Example code in references shows how autonomous agents might use the API key and wallet address — that is expected for a trading/launch skill, but it expands the realistic operational scope to include wallet management and autonomous trading.
Install Mechanism
No install spec or external downloads; the skill is instruction-only with an included shell script. No archives or remote installers are fetched or executed by the skill package itself, which minimizes supply-chain risk.
!
Credentials
The skill clearly requires an API key to function (SKILL.md, scripts, and references reference CLAWLAUNCH_API_KEY and a local config file containing apiKey), and the examples/reference code mention WALLET_ADDRESS and show PRIVATE_KEY usage for transaction execution — but the registry metadata lists no required environment variables or primary credential. Not declaring the API key (or noting wallet/private-key implications) in the skill's manifest is an incoherence: users won't be warned by the registry that sensitive secrets are needed. This omission increases the risk of accidental exposure or giving an agent high-value credentials without explicit consent.
Persistence & Privilege
The skill is not marked always:true and does not request system-wide config changes. However, because autonomous model invocation is enabled by default, an agent with access to the user's configured API key and wallet could initiate launches or trades on Mainnet. The skill's docs encourage creating a config file under the user's home directory, which is reasonable, but users should be aware of the autonomy + credential combination.
What to consider before installing
This skill appears to be what it says (a ClawLaunch CLI and API helper), but there are important mismatches you should consider before installing: - The skill requires a ClawLaunch API key (and practical usage may involve wallet addresses/private keys) but the registry manifest does not declare any required credentials — treat this as a gap. Expect to store an apiKey in ~/.clawdbot/skills/clawlaunch/config.json or set CLAWLAUNCH_API_KEY in your environment. - If you provide the API key and/or a wallet/private key in your environment, an autonomous agent using this skill could launch tokens or execute trades on Base Mainnet. If you do not want autonomous trading, restrict agent autonomy or avoid putting live keys where the agent can access them. - Verify the service domain (https://www.clawlaunch.fun) and the skill author's provenance before trusting real funds. Prefer testing on Base Sepolia (testnet) first. - Review the included script (scripts/clawlaunch.sh) yourself — it simply issues API calls and is readable, but double-check there are no hidden endpoints or behaviors you don't expect. - Do not store your private key in an agent-accessible environment unless you understand the risk; prefer creating transaction calldata and signing locally with a wallet you control. If you need this functionality but want lower risk: use testnet keys, restrict agent autonomy, and ensure the API key is scoped/permissioned (if the provider supports limited scopes).

Like a lobster shell, security has layers — review code before you run it.

basevk972vg0gmn1eadamjtg4yszw1n80v37sdefivk972vg0gmn1eadamjtg4yszw1n80v37slatestvk972vg0gmn1eadamjtg4yszw1n80v37slaunchpadvk972vg0gmn1eadamjtg4yszw1n80v37stradingvk972vg0gmn1eadamjtg4yszw1n80v37s

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Runtime requirements

🚀 Clawdis
Binscurl, jq

Comments