INCLAWNCH UBI Staking
PassAudited by ClawScan on May 1, 2026.
Overview
This is a coherent staking skill, but users should verify contract details and transaction amounts before signing any wallet actions.
Install only if you intend to interact with this specific Base staking contract. For any write action, verify the chain, contract, token, function, and amount in your wallet before signing, and consider independently checking the contract and project provenance.
Findings (4)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
A mistaken or unintended wallet transaction could approve token spending, stake tokens, unstake, claim, or exit a position.
The skill provides transaction details for token approval and staking. This is expected for a staking skill, but transaction construction for financial assets is high-impact if used with the wrong amount or contract.
Two-step process — both are on-chain transactions signed by the wallet: ... approve(address spender, uint256 amount) ... stake(uint256 amount)
Before signing, verify the chain, contract address, token address, function, and amount shown in the wallet prompt.
Signing a transaction uses your wallet identity and can change your token balances, staking position, or contract settings.
The skill relies on the user's wallet authority for on-chain writes. This is purpose-aligned and disclosed, but wallet signatures are delegated account authority.
All write operations are signed transactions sent to the InclawnchStaking contract on Base. Each requires the caller's wallet to sign
Use a wallet with only the funds you intend to stake, and do not sign transactions you did not explicitly request.
The API provider can see which wallet address was queried.
Wallet-position lookups send the queried wallet address to the public inclawbate.com API. This is disclosed and aligned with the read feature, but wallet addresses can be linkable personal or financial identifiers.
curl "https://inclawbate.com/api/inclawbate/staking?wallet=0xYourWallet"
Only query wallet addresses you are comfortable sharing with the API provider, or prefer direct on-chain reads when privacy matters.
Users have less registry-level provenance for verifying who authored the staking instructions.
The registry does not identify a source repository. There is no installable code here, but provenance matters more for a skill that points users to financial smart-contract interactions.
Source: unknown
Independently verify the project website, contract address, and token address before using the skill for real transactions.