Tokenbroker

v1.0.2

AI Agent Skill for GitHub project analysis and nad.fun token launch. Analyzes repos, generates token identity/promo, and launches on nad.fun.

⭐ 2· 1.6k·2 current·3 all-time

by@starrftw

OpenClaw Prompt Flow

Install with OpenClaw

Best for remote or guided setup. Copy the exact prompt, then paste it into OpenClaw for starrftw/tokenbroker.

Previewing Install & Setup.

Prompt PreviewInstall & Setup

Install the skill "Tokenbroker" (starrftw/tokenbroker) from ClawHub.
Skill page: https://clawhub.ai/starrftw/tokenbroker
Keep the work scoped to this skill only.
After install, inspect the skill metadata and help me finish setup.
Use only the metadata you can verify from ClawHub; do not invent missing requirements.
Ask before making any broader environment changes.

Command Line

CLI Commands

Use the direct CLI path if you want to install manually and keep every step visible.

OpenClaw CLI

Bare skill slug

openclaw skills install tokenbroker

ClawHub CLI

Package manager switcher

npx clawhub@latest install tokenbroker

Security Scan

VirusTotal

Suspicious

View report →

OpenClaw

Suspicious

medium confidence

Purpose & Capability

The skill claims to analyze GitHub repos and orchestrate nad.fun launches — that purpose explains most included files (scan, metadata, promo, nadfun). However registry metadata declares no required environment variables while SKILL.md / METADATA.md / SETUP.md state the skill needs GITHUB_TOKEN, PRIVATE_KEY, BUILDER_ID, NAD_FUN_API_KEY and NETWORK. That mismatch (no env listed in registry but many sensitive envs documented) is incoherent and should be clarified. Requiring a PRIVATE_KEY is plausible for on-chain deployment, but TokenBroker's docs also claim on-chain ops are delegated to a separate 'nadfun' skill (which should manage keys) — asking for PRIVATE_KEY at the TokenBroker level is unclear and may be unnecessary.

Instruction Scope

Instructions include read-only local project scanning (expected) and clearly describe generating a .env and various credential handling modes (A2A, OAuth, PAT). They also instruct the agent to monitor GitHub activity and (after prompting) delegate launches to nadfun. Conflicting guidance appears: some docs say credentials are always injected and never persisted, others describe the Install Wizard writing a .env. The skill also describes automated triggers and A2A calls (invokeSkill) which could cause remote delegation; the degree of automation and when user approval is required is inconsistent across documents.

✓

Install Mechanism

No install spec is provided (instruction-only), and the package contains source files only. No external downloads or installation scripts were included in the manifest. This reduces installation-surface risk compared with remote installers.

Credentials

The code and docs reference multiple sensitive environment values (GITHUB_TOKEN, PRIVATE_KEY, NAD_FUN_API_KEY, BUILDER_ID) while the registry metadata lists none — this mismatch is concerning. PRIVATE_KEY in particular grants signing power; TokenBroker claims it delegates signing to nadfun, yet some docs require the private key locally. The skill asks users to create a .env and also promotes A2A secret injection — conflicting recommendations increase the chance of improper key storage/exfiltration. Requesting a full PRIVATE_KEY without a clear, necessary reason at this skill boundary is disproportionate.

✓

Persistence & Privilege

The skill does not request always:true and is user-invocable; autonomous invocation is allowed (platform default). It does describe writing a local .env and maintaining local history files (e.g., .tokenbroker/history.json) — those are normal for this type of meta-skill but should be highlighted to users. There is no indication the skill modifies other skills or system-wide settings beyond invoking other agent skills (A2A), which is expected for orchestration.

What to consider before installing

Key things to check before installing or running TokenBroker: 1. Clarify credential needs: The registry shows no required env vars but the SKILL.md/METADATA.md request GITHUB_TOKEN, PRIVATE_KEY, BUILDER_ID and NAD_FUN_API_KEY. Ask the author which credentials are actually required and why. Do not provide your PRIVATE_KEY unless you fully understand where and how it will be used and stored. 2. Prefer A2A injection over storing secrets on disk: The docs mention both writing a .env and using A2A secure injection. Use A2A or short-lived tokens where possible; avoid putting private keys in a .env file on disk. 3. Limit GitHub token scope: If you supply GITHUB_TOKEN for monitoring, restrict it to read-only (public_repo) and consider using OAuth with minimal scopes and rotation. 4. Confirm approval flow for launches: The skill describes automated GitHub monitoring and delegation to nadfun. Verify whether launches require a human approval step before any on-chain action or signing occurs. 5. Audit delegation targets: TokenBroker delegates to a 'nadfun' skill and invokes other A2A identity services. Verify those dependency skills' sources and trustworthiness before allowing automatic delegation. 6. Test in safe environment: Run in testnet mode and with burner keys first. Review generated metadata and all network requests (e.g., POSTs to nad.fun endpoints) to confirm they match expectations. 7. Ask author for registry corrections: The registry metadata should list the environment variables the skill needs. The mismatch is an actionable red flag. If you cannot get clear answers about credential handling and the human approval gating, treat the skill as risky and avoid providing high-privilege secrets (especially PRIVATE_KEY).

Like a lobster shell, security has layers — review code before you run it.

latestvk9776cjzkrtv2mdcv5az4kbpdd80y6nn

1.6kdownloads

2stars

3versions

Updated 18h ago

v1.0.2

MIT-0

SKILL.md - TokenBroker Skillset

Security & Data Privacy

Local Storage Only

All credentials (GitHub token, private keys, API keys) are stored locally in a .env file
No credentials are transmitted to external servers beyond their intended endpoints (GitHub API, nad.fun API, Monad RPC)
The skill operates entirely within your local environment

.env File Generation

The Install Wizard generates a .env file on your local machine
This file is never committed to version control (gitignored)
You can review and edit it at any time

Credential Scope

GITHUB_TOKEN: Used only for GitHub API calls to read public repository data
PRIVATE_KEY: Used only for EVM transaction signing (never exposed in plain text)
BUILDER_ID: Local identifier for A2A protocol
NAD_FUN_API_KEY: Used only for nad.fun token creation API

Testnet Mode

Default operation is on testnet for safety
Mainnet requires explicit configuration
Always review transactions before signing

The AI agent skill for memecoin launches on nad.fun. Analyze GitHub projects, generate token metadata, and launch directly on nad.fun bonding curves.

What is TokenBroker?

TokenBroker is a complete memecoin launch solution for AI agents:

Analyzes GitHub projects to identify meme-worthy projects
Generates token names, tickers, descriptions, and marketing content
Launches tokens on nad.fun (image, metadata, salt, deploy)
Promotes launches with X/Telegram/Discord content

When to Use This Skill

TokenBroker Handles

GitHub repository analysis and scoring
Token identity generation (name, ticker, description)
Meme-style image generation
Nad.fun API integration (upload, salt mining)
Marketing content creation (X threads, Telegram, Discord)
Full launch orchestration

Not Included

Wallet private key management (handled by host)
On-chain transactions beyond nad.fun bonding curves

Architecture (tokenbroker/src/generators/)

generators/
├── identity.ts     # Token name, ticker, description generation
├── reasoning.ts    # Investment thesis, narrative creation
├── promo.ts        # X threads, Telegram, Discord content
├── nadfun.ts       # Nad.fun API: upload image/metadata, mine salt
└── index.ts        # Pipeline orchestrator (generateAll)

Quick Start for Agents

import { generateAll, prepareLaunch } from './generators/index.js';

// 1. Analyze repo and generate all launch assets
const assets = await generateAll({
  repoAnalysis: await analyzeGitHubRepo('https://github.com/user/project')
});

console.log('Token name:', assets.identity.name);
console.log('Ticker:', assets.identity.ticker);
console.log('X Thread:', assets.promo.xThread.tweets);

// 2. Prepare launch on nad.fun (API calls only)
const prepared = await prepareLaunch(assets.identity, 'mainnet');
// -> Returns: { imageUri, metadataUri, salt, saltAddress }

// 3. Deploy on-chain (requires ethers + private key)
// Use deploy.ts module with wallet for on-chain execution

Generator Functions

generateIdentity(input)

Analyzes repo and generates token identity:

{
  name: "SWAPPRO",
  ticker: "SWAP", 
  tagline: "The next generation DeFi protocol",
  description: "Full token description...",
  nameReasoning: "How the name was derived"
}

generateReasoning(input)

Creates investment thesis and narrative:

{
  investmentThesis: "Why this token should exist...",
  problemStatement: "The problem being solved",
  solution: "The proposed solution",
  marketOpportunity: "Market size and opportunity",
  competitiveAdvantage: "Why this wins",
  tokenUtilityRationale: "Token value proposition",
  vision: "Long-term vision"
}

generatePromo(input)

Generates marketing content:

{
  xThread: { title, tweets: [...], hashtags, mentions },
  telegramPost: { title, content, hasButton, buttonText, buttonUrl },
  discordAnnouncement: { title, content, hasEmbed, embedColor, embedFields },
  tagline: "Marketing tagline",
  elevatorPitch: "One-liner pitch"
}

prepareLaunch(identity, network)

Prepares token for nad.fun launch (API calls):

{
  imageUri: "ipfs://...",
  metadataUri: "ipfs://...", 
  salt: "0x...",
  saltAddress: "0x..."
}

Nad.fun Integration

TokenBroker integrates directly with nad.fun API:

Step	API Endpoint	Function
1	POST /agent/token/image	`uploadImage()`
2	POST /agent/token/metadata	`uploadMetadata()`
3	POST /agent/salt	`mineSalt()`
4	BondingCurveRouter.create()	On-chain deployment

Network Configuration

Network	API	RPC
Testnet	https://dev-api.nad.fun	https://testnet-rpc.monad.xyz
Mainnet	https://api.nadapp.net	https://rpc.monad.xyz

Install

npm install

Configuration

# Network (testnet | mainnet)
NETWORK=mainnet

# GitHub (optional - for repo analysis)
GITHUB_TOKEN=ghp_...

For On-Chain Deployment

TokenBroker prepares all launch data. For actual on-chain deployment:

npm install ethers

Then use with a wallet:

import { prepareLaunch } from './generators/nadfun.js';
import { ethers } from 'ethers';

const prepared = await prepareLaunch(identity, 'mainnet');

// Deploy with wallet
const wallet = new ethers.Wallet(privateKey, provider);
const router = new ethers.Contract(BONDING_CURVE_ROUTER, abi, wallet);
await router.create(tokenParams, fee, toll, tradingAmt, { value: deployFee });

Built for the agentic future. 🦞

Comments

Loading comments...