ClawPump
ReviewAudited by ClawScan on May 10, 2026.
Overview
ClawPump is coherent for token launching and swaps, but it enables high-impact Solana actions through an unverified third-party API without clear confirmation or transaction-review safeguards.
Install only if you intentionally want an agent to help with ClawPump token launches or Solana swaps. Before any launch, payment, or swap, verify the service, confirm all token details and wallet addresses, inspect any transaction before signing, and do not assume the process is always free or risk-free.
Findings (4)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
A user or agent could launch a public token or proceed toward signing a swap transaction without fully reviewing irreversible blockchain consequences.
These endpoints can create public on-chain assets and prepare wallet-signed trades through a remote API. The visible instructions do not require a final confirmation step or transaction-content review before use.
POST `/api/launch` — Launch a token (gasless) ... `POST /api/swap` — Build swap transaction ... Returns a serialized transaction ready to sign and submit.
Require explicit user approval immediately before any launch, transfer, or swap; inspect serialized transactions in a trusted wallet or explorer; and limit amounts, slippage, and token details to user-confirmed values.
Users may underestimate costs, platform fees, or financial risk if they rely on the headline claims alone.
The skill uses strong promotional financial framing while also documenting a paid self-funded fallback. This is disclosed, but users should not treat the service as always free or guaranteed profitable.
Earn 65% of every trading fee. ... Zero cost. ... Self-funded launch ... Send 0.03 SOL to platform wallet `3ZGgmBgEMTSgcVGLXZWpus5Vx41HNuhq6H6Yg6p3z6uv`
Verify current fees, payment requirements, fee-share terms, and platform legitimacy before sending SOL or launching a token.
Users have limited provenance information for the service that will create tokens, upload images, and build transactions.
The registry metadata provides no source repository or homepage for a skill that relies on a third-party financial API.
Source: unknown; Homepage: none
Independently verify clawpump.tech and its operators before trusting it with wallet-linked activity or funds.
Wallet addresses and token-launch activity may be associated with the user or agent on-chain and by the service provider.
The API collects Solana wallet identity information. This is expected for token earnings and swap construction, but it links user or agent activity to a public wallet.
`walletAddress` | string | Yes | Solana wallet to receive fee earnings ... `userPublicKey` | string | Yes | Your Solana wallet address (signer)
Use a wallet address you are comfortable linking to this activity, and avoid sharing private keys or seed phrases.