← Back to Skills Marketplace
677
Downloads
0
Stars
2
Active Installs
1
Versions
Install in OpenClaw
/install is-token-safe
Description
Evaluates a crypto token's contract for scam risks and flags its safety level with reasons for trading and decision-making purposes.
README (SKILL.md)
IsTokenSafe\r
\r Checks whether a given crypto token is potentially malicious or risky.\r \r
What it does\r
- Analyzes token contract metadata\r
- Flags common scam or rug-pull patterns\r
- Provides a quick safety signal for trading bots and agents\r \r
Use cases\r
- Automated trading bots\r
- Polymarket / prediction market agents\r
- Token discovery pipelines\r \r
Input\r
- Token address\r \r
Output\r
- Risk level (low / medium / high)\r
- Reason summary\r
Usage Guidance
This package is inconsistent: the documentation and scan.js implement a token scanner that calls a public Base RPC and an external honeypot API, but the declared entrypoint (index.js) does nothing. Before installing or enabling: 1) ask the author to fix the entrypoint so the runtime executes the scanner you expect (or explain why index.js is the real entry); 2) require a package.json or install instructions for ethers/axios; 3) confirm you are OK with the token address being sent to https://api.honeypot.is and using the Base RPC (privacy/telemetry concerns); and 4) if you need scans for other chains, request chain selection rather than a hardcoded 'base'. Because of the entrypoint mismatch and missing dependency metadata, treat this skill as suspicious until the author clarifies/corrects these issues.
Capability Analysis
Type: OpenClaw Skill
Name: is-token-safe
Version: 1.0.0
The skill is functionally broken as its entry point (`index.js.js`) is a no-op, simply returning the input without performing any token analysis. The actual analysis logic resides in `scan.js.js`, which is a standalone script and not called by `index.js.js`. While `scan.js.js` makes external network calls to `https://mainnet.base.org` (blockchain RPC) and `https://api.honeypot.is` (token safety API), these are legitimate for the skill's stated purpose and do not involve exfiltration of sensitive data or malicious execution. The `SKILL.md` documentation contains no prompt injection attempts. The bundle is benign, though non-functional as intended.
Capability Assessment
Purpose & Capability
The SKILL.md and description say the skill analyzes token contracts, and scan.js implements that. However skill.json points to index.js, which is a trivial passthrough that does not perform any scanning. This divergence means the package on-disk does not match the declared runtime entrypoint and the skill may be non-functional or intentionally obfuscated.
Instruction Scope
SKILL.md describes token analysis (input: token address -> risk level). The actual scan logic (in scan.js) contacts external services: a public Base RPC (https://mainnet.base.org) and the honeypot.is API, sending the token address and chain param. That network transmission is expected for a token scanner but is not documented in SKILL.md (no mention of which chain is assumed — scan.js hardcodes 'base').
Install Mechanism
There is no install spec or dependency manifest. scan.js requires Node modules (ethers, axios) but these are not declared; the skill may fail to run in a strict environment or rely on preinstalled packages. No downloads or external installers are present.
Credentials
The skill requests no environment variables, no credentials, and no config paths. The code does not attempt to read local secrets or files.
Persistence & Privilege
The skill is not always-enabled and requests no elevated persistence or changes to other skills/config. It only performs transient network calls in the scan logic.
How to Use
- Make sure OpenClaw is installed (local or Docker)
- Run the install command in chat:
/install is-token-safe - After installation, invoke the skill by name or use
/is-token-safe - Provide required inputs per the skill's parameter spec and get structured output
Version History
v1.0.0
Initial release of IsTokenSafe.
Provides quick risk analysis for crypto tokens to help bots and agents avoid scams.
Metadata
Frequently Asked Questions
What is Is Token Safe??
Evaluates a crypto token's contract for scam risks and flags its safety level with reasons for trading and decision-making purposes. It is an AI Agent Skill for Claude Code / OpenClaw, with 677 downloads so far.
How do I install Is Token Safe??
Run "/install is-token-safe" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.
Is Is Token Safe? free?
Yes, Is Token Safe? is completely free (open-source). You can download, install and use it at no cost.
Which platforms does Is Token Safe? support?
Is Token Safe? is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).
Who created Is Token Safe??
It is built and maintained by dokbawi80 (@dokbawi80); the current version is v1.0.0.
More Skills