Tokenbroker
SuspiciousAudited by ClawScan on May 10, 2026.
Overview
TokenBroker’s token-launch purpose is clear, but it requests high-impact wallet/GitHub credentials and contains safety/default inconsistencies users should review carefully.
Review this skill before installing. Use testnet first, do not place a mainnet private key in .env unless you fully understand the risk, verify any invoked nadfun or identity-service skill, pin/verify CLI packages, and require explicit approval for every mainnet action, transaction, and public promotion.
Findings (6)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
A user may grant wallet-signing or repository-access authority without seeing that requirement in the declared permission contract.
The skill documentation requires a GitHub token and an EVM private key, but the registry metadata says there are no required environment variables or primary credentials.
requiredEnvironmentVariables:
- name: GITHUB_TOKEN
... optional: false
- name: PRIVATE_KEY
description: EVM private key for wallet operationsDeclare all credentials in metadata, make the private key optional unless actually needed, use least-privilege GitHub scopes, and require explicit per-transaction approval.
If invoked without an explicit network, the skill may prepare a mainnet nad.fun launch when the user expected testnet behavior.
The launch-preparation function defaults to mainnet, while the skill documentation claims testnet is the safe default.
export async function prepareLaunch(
identity: IdentityOutput,
network: 'mainnet' | 'testnet' = 'mainnet'Default to testnet, require an explicit mainnet flag, and show a clear confirmation step before any mainnet API call or transaction delegation.
Users may store a valuable wallet private key in a local plaintext file believing it is more protected than it is.
A .env file is normally plaintext local storage, so the claim that a private key is never exposed in plain text can overstate the safety of the credential handling.
All credentials (GitHub token, private keys, API keys) are stored **locally** in a `.env` file ... `PRIVATE_KEY`: Used only for EVM transaction signing (never exposed in plain text)
Clarify that .env storage is plaintext, recommend disposable/test wallets or wallet-provider signing, and avoid asking users to store mainnet private keys directly.
Builder profile or launch-related information may be sent to other skills or agents as part of setup or orchestration.
The skill describes A2A profile and credential-management flows, but the target service identity and data boundary are not fully specified in the provided artifacts.
TokenBroker can auto-configure your builder profile via agent-to-agent communication:
await invokeSkill("identity-service", { action: "register_builder", profile: { ... } });Verify the identity and permissions of any invoked skill, review the exact data being sent, and avoid passing secrets through A2A messages.
A user could execute an unpinned or different npm package than the reviewed skill files.
The setup guide references an external CLI command, but the provided artifacts have no install spec or package manifest tying that command to the reviewed source.
npx tokenbroker scan ./my-project
Install only from a verified source, pin package versions, and confirm the CLI package corresponds to the reviewed TokenBroker artifacts.
The agent may monitor project activity or suggest launches beyond a single direct prompt if the user enables that workflow.
The setup text suggests post-install scanning and waiting for activity triggers, which is purpose-related but should be opt-in and clearly bounded.
After installation, TokenBroker will: 1. Scan your project for launch readiness ... 4. Wait for GitHub activity triggers
Require explicit opt-in for monitoring, limit it to selected repositories, and ask for confirmation before any launch preparation or delegation.