NadFun Token Creation
ReviewAudited by ClawScan on May 10, 2026.
Overview
The skill is coherent for creating a Nad.fun token, but it can lead the agent through uploading token data and submitting a payable, irreversible blockchain transaction without visible final confirmation safeguards.
Install only if you intend to create a public Nad.fun token and are comfortable uploading token assets to Nad.fun and signing an irreversible blockchain transaction. Before any on-chain call, ask the agent to show all transaction details and wait for your explicit approval, and verify any required wallet-helper skill before using it.
Findings (4)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
The agent could help initiate an irreversible on-chain action that spends wallet funds and creates public blockchain state.
This submits a payable blockchain transaction that can spend the deploy fee plus an initial buy amount. The visible instructions do not require explicit final user confirmation or fee/amount bounds before sending the transaction.
const tx = await router.create(params, { value: deployFee + amountIn });
await tx.wait();Require an explicit final user confirmation before any transaction, showing the wallet, network, contract address, deploy fee, initial buy amount, token metadata URI, salt, and expected token address.
Using the wrong wallet, network, or signer could spend funds or associate the token with an unintended account.
The workflow depends on a user wallet for signing or executing on-chain actions. That is expected for token deployment, but it is sensitive account authority.
This skill is required for wallet management and on-chain actions in Step 3 and Step 4.
Use a dedicated low-balance wallet where possible, verify the network and signer, and do not expose private keys or seed phrases to the agent.
A user could accidentally install the wrong similarly named wallet/on-chain helper skill.
The skill asks the user to install a separate dependency by searching ClawHub rather than pinning an exact owner/version in the artifact metadata.
If it is not available, install it using ClawHub: clawhub search "monad" Find and install the `monad-development` skill from the results.
Verify the exact owner, slug, version, and reputation of the monad-development skill before installing or using it for wallet actions.
Images, metadata, and wallet-linked token creation details may be processed by Nad.fun infrastructure and may become public token data.
The workflow sends user-selected token assets and related metadata to an external provider API. This is disclosed and purpose-aligned, but it is still an external data flow.
**Production:** `https://api.nadapp.net` **POST** `/agent/token/image` - **Body:** Raw binary image data (max 5MB)
Only upload images and metadata intended for public token creation, and verify that `api.nadapp.net` is the expected Nad.fun endpoint.