Nadfun Skill
WarnAudited by ClawScan on May 10, 2026.
Overview
The skill matches its stated blockchain-trading purpose, but it involves raw wallet credentials and irreversible on-chain actions without clear approval, scope, or safety boundaries.
Review carefully before installing. If you use it, start on testnet or a dedicated low-balance wallet, never expose a primary wallet private key, and require manual approval for every signature, trade, token creation, or API-key action.
Findings (4)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
If a real funded wallet private key is available to the agent, mistaken or unwanted actions could spend funds or sign transactions from that wallet.
The skill instructs use of a raw wallet private key for signing blockchain actions. This is purpose-aligned for trading, but it grants full wallet authority and is not declared as a required credential in the metadata.
const account = privateKeyToAccount(process.env.PRIVATE_KEY as `0x${string}`)Use only a dedicated low-balance or testnet wallet, require explicit confirmation for every signature or transaction, and declare the private key requirement clearly in metadata and setup instructions.
An agent using this skill could prepare or execute high-impact on-chain actions that may be costly, irreversible, or on the wrong network if not carefully controlled.
The skill’s core workflow includes irreversible blockchain trading and token creation, but the artifact does not define approval gates, spend caps, network confirmation, or transaction review requirements.
Trade tokens, launch your own, monitor events—all with pure viem.
Require user approval before each transaction, show chain ID, contract address, token address, amounts, slippage, deadline, and estimated gas, and enforce user-defined spend limits.
The agent may rely on external instructions that were not reviewed here and could change independently of this registry package.
Core operational instructions for trading, token creation, wallet generation, and API key handling are linked as remote markdown files that are not included in the reviewed artifact set.
| **TRADING.md** | Buy, sell, permit signatures | [nad.fun/trading.md](https://nad.fun/trading.md) |
Pin and package reviewed copies of the referenced documentation, or require users to review the external pages before the agent follows them for wallet or trading operations.
Installing the dependency changes the local development environment and may fetch the latest package version at install time.
The documented package install is expected for a viem-based integration, but it is still a local package installation step and is not pinned to a specific version.
npm install viem
Install from a trusted npm source, consider pinning a specific viem version, and use a project sandbox rather than a sensitive global environment.