ClawPump
PendingStatic analysis audit pending.
Overview
No static analysis result has been recorded yet. Pattern checks will appear here once the artifact has been analyzed.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
A user or agent could launch a public token or proceed toward signing a swap transaction without fully reviewing irreversible blockchain consequences.
These endpoints can create public on-chain assets and prepare wallet-signed trades through a remote API. The visible instructions do not require a final confirmation step or transaction-content review before use.
POST `/api/launch` — Launch a token (gasless) ... `POST /api/swap` — Build swap transaction ... Returns a serialized transaction ready to sign and submit.
Require explicit user approval immediately before any launch, transfer, or swap; inspect serialized transactions in a trusted wallet or explorer; and limit amounts, slippage, and token details to user-confirmed values.
Users may underestimate costs, platform fees, or financial risk if they rely on the headline claims alone.
The skill uses strong promotional financial framing while also documenting a paid self-funded fallback. This is disclosed, but users should not treat the service as always free or guaranteed profitable.
Earn 65% of every trading fee. ... Zero cost. ... Self-funded launch ... Send 0.03 SOL to platform wallet `3ZGgmBgEMTSgcVGLXZWpus5Vx41HNuhq6H6Yg6p3z6uv`
Verify current fees, payment requirements, fee-share terms, and platform legitimacy before sending SOL or launching a token.
Users have limited provenance information for the service that will create tokens, upload images, and build transactions.
The registry metadata provides no source repository or homepage for a skill that relies on a third-party financial API.
Source: unknown; Homepage: none
Independently verify clawpump.tech and its operators before trusting it with wallet-linked activity or funds.
Wallet addresses and token-launch activity may be associated with the user or agent on-chain and by the service provider.
The API collects Solana wallet identity information. This is expected for token earnings and swap construction, but it links user or agent activity to a public wallet.
`walletAddress` | string | Yes | Solana wallet to receive fee earnings ... `userPublicKey` | string | Yes | Your Solana wallet address (signer)
Use a wallet address you are comfortable linking to this activity, and avoid sharing private keys or seed phrases.