← Back to Skills Marketplace
starrftw

Tokenbroker

by starrftw · GitHub ↗ · v1.0.2
cross-platform ⚠ suspicious
1592
Downloads
2
Stars
2
Active Installs
3
Versions
Install in OpenClaw
/install tokenbroker
Description
AI Agent Skill for GitHub project analysis and nad.fun token launch. Analyzes repos, generates token identity/promo, and launches on nad.fun.
Usage Guidance
Key things to check before installing or running TokenBroker: 1. Clarify credential needs: The registry shows no required env vars but the SKILL.md/METADATA.md request GITHUB_TOKEN, PRIVATE_KEY, BUILDER_ID and NAD_FUN_API_KEY. Ask the author which credentials are actually required and why. Do not provide your PRIVATE_KEY unless you fully understand where and how it will be used and stored. 2. Prefer A2A injection over storing secrets on disk: The docs mention both writing a .env and using A2A secure injection. Use A2A or short-lived tokens where possible; avoid putting private keys in a .env file on disk. 3. Limit GitHub token scope: If you supply GITHUB_TOKEN for monitoring, restrict it to read-only (public_repo) and consider using OAuth with minimal scopes and rotation. 4. Confirm approval flow for launches: The skill describes automated GitHub monitoring and delegation to nadfun. Verify whether launches require a human approval step before any on-chain action or signing occurs. 5. Audit delegation targets: TokenBroker delegates to a 'nadfun' skill and invokes other A2A identity services. Verify those dependency skills' sources and trustworthiness before allowing automatic delegation. 6. Test in safe environment: Run in testnet mode and with burner keys first. Review generated metadata and all network requests (e.g., POSTs to nad.fun endpoints) to confirm they match expectations. 7. Ask author for registry corrections: The registry metadata should list the environment variables the skill needs. The mismatch is an actionable red flag. If you cannot get clear answers about credential handling and the human approval gating, treat the skill as risky and avoid providing high-privilege secrets (especially PRIVATE_KEY).
Capability Analysis
Type: OpenClaw Skill Name: tokenbroker Version: 1.0.2 The skill bundle is suspicious due to significant prompt injection and content injection vulnerabilities. It processes untrusted input from GitHub repositories (e.g., `README.md`, `package.json` as per `PROJECT-SCAN.md` and `GITHUB.md`) and uses this data directly in critical operations. This includes making API calls to external endpoints (e.g., `https://api.nadapp.net` in `src/generators/nadfun.ts`) with potentially malicious SVG image data or metadata, and, more critically, passing this untrusted data as arguments to `invokeSkill` calls to other AI agents (e.g., `nadfun`, `AuditAgent`, `SocialWhisperer` as seen in `GITHUB.md`, `LAUNCH.md`, `METADATA.md`, `PROMO.md`). This design allows a malicious actor to craft a GitHub repository containing prompt injection payloads, potentially manipulating the agent's behavior or other skills, or injecting malicious content into external services or public social media posts.
Capability Assessment
Purpose & Capability
The skill claims to analyze GitHub repos and orchestrate nad.fun launches — that purpose explains most included files (scan, metadata, promo, nadfun). However registry metadata declares no required environment variables while SKILL.md / METADATA.md / SETUP.md state the skill needs GITHUB_TOKEN, PRIVATE_KEY, BUILDER_ID, NAD_FUN_API_KEY and NETWORK. That mismatch (no env listed in registry but many sensitive envs documented) is incoherent and should be clarified. Requiring a PRIVATE_KEY is plausible for on-chain deployment, but TokenBroker's docs also claim on-chain ops are delegated to a separate 'nadfun' skill (which should manage keys) — asking for PRIVATE_KEY at the TokenBroker level is unclear and may be unnecessary.
Instruction Scope
Instructions include read-only local project scanning (expected) and clearly describe generating a .env and various credential handling modes (A2A, OAuth, PAT). They also instruct the agent to monitor GitHub activity and (after prompting) delegate launches to nadfun. Conflicting guidance appears: some docs say credentials are always injected and never persisted, others describe the Install Wizard writing a .env. The skill also describes automated triggers and A2A calls (invokeSkill) which could cause remote delegation; the degree of automation and when user approval is required is inconsistent across documents.
Install Mechanism
No install spec is provided (instruction-only), and the package contains source files only. No external downloads or installation scripts were included in the manifest. This reduces installation-surface risk compared with remote installers.
Credentials
The code and docs reference multiple sensitive environment values (GITHUB_TOKEN, PRIVATE_KEY, NAD_FUN_API_KEY, BUILDER_ID) while the registry metadata lists none — this mismatch is concerning. PRIVATE_KEY in particular grants signing power; TokenBroker claims it delegates signing to nadfun, yet some docs require the private key locally. The skill asks users to create a .env and also promotes A2A secret injection — conflicting recommendations increase the chance of improper key storage/exfiltration. Requesting a full PRIVATE_KEY without a clear, necessary reason at this skill boundary is disproportionate.
Persistence & Privilege
The skill does not request always:true and is user-invocable; autonomous invocation is allowed (platform default). It does describe writing a local .env and maintaining local history files (e.g., .tokenbroker/history.json) — those are normal for this type of meta-skill but should be highlighted to users. There is no indication the skill modifies other skills or system-wide settings beyond invoking other agent skills (A2A), which is expected for orchestration.
How to Use
  1. Make sure OpenClaw is installed (local or Docker)
  2. Run the install command in chat: /install tokenbroker
  3. After installation, invoke the skill by name or use /tokenbroker
  4. Provide required inputs per the skill's parameter spec and get structured output
Version History
v1.0.2
- Added generators for identity, reasoning, promo, nadfun API, and pipeline orchestration - Introduced modular architecture under src/generators/ for token launch asset generation - Expanded documentation for on-chain deployment and API integration with nad.fun - Enhanced security guidance: all credentials now handled via local .env file only - Quick Start and usage examples for agents included in the documentation
v1.0.1
Version 1.0.1 – Refactor as a meta-skill for orchestrating token launches, with increased modularity and delegated on-chain operations. - Refactored TokenBroker as a meta-skill focused on orchestration, delegating all on-chain and sensitive operations to dependency skills (nadfun, monad-development). - Updated documentation to clarify separation of responsibilities and introduce improved module structure (added SETUP.md, removed ABI.md, TRADING.md, VERIFY.md). - Enhanced security section: explicit boundaries around credential handling, emphasizing non-persistence and environmental injection. - Added comprehensive setup and installation guidance, including clearer dependencies and network references.
v1.0.0
TokenBroker 1.0.0 - Initial Release - Introduces an autonomous agent skill for launching tokens on nad.fun by scanning and analyzing GitHub projects. - Provides a 4-step token deployment flow using the Monad blockchain, including bonding curve support. - Bundles modules for repository activity tracking, metadata generation, orchestration, smart contract interaction, statistics, and marketing promotion. - Includes a step-by-step install wizard for environment setup, wallet configuration, network selection, and GitHub integration. - Supplies configuration guidance and quick start instructions for seamless integration with agent frameworks.
Metadata
Slug tokenbroker
Version 1.0.2
License
All-time Installs 3
Active Installs 2
Total Versions 3
Frequently Asked Questions

What is Tokenbroker?

AI Agent Skill for GitHub project analysis and nad.fun token launch. Analyzes repos, generates token identity/promo, and launches on nad.fun. It is an AI Agent Skill for Claude Code / OpenClaw, with 1592 downloads so far.

How do I install Tokenbroker?

Run "/install tokenbroker" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.

Is Tokenbroker free?

Yes, Tokenbroker is completely free (open-source). You can download, install and use it at no cost.

Which platforms does Tokenbroker support?

Tokenbroker is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).

Who created Tokenbroker?

It is built and maintained by starrftw (@starrftw); the current version is v1.0.2.

More Skills
self-improving agent
Captures learnings, errors, and corrections to enable continuous improvement. Use when: (1) A command or operation fails unexpectedly, (2) User corrects Clau...
⬇ 463283 · by pskoett
Skill Vetter
Security-first skill vetting for AI agents. Use before installing any skill from ClawdHub, GitHub, or other sources. Checks for red flags, permission scope, and suspicious patterns.
⬇ 259410 · by spclaudehome
Polymarket
Query Polymarket prediction markets. Check odds, find trending markets, search events, track price movements.
⬇ 232503 · by joelchance
Self-Improving + Proactive Agent
Self-reflection + Self-criticism + Self-learning + Self-organizing memory. Agent evaluates its own work, catches mistakes, and improves permanently. Use when...
⬇ 200423 · by ivangdavila
Github
Interact with GitHub using the `gh` CLI. Use `gh issue`, `gh pr`, `gh run`, and `gh api` for issues, PRs, CI runs, and advanced queries.
⬇ 191115 · by steipete
ontology
Typed knowledge graph for structured agent memory and composable skills. Use when creating/querying entities (Person, Project, Task, Event, Document), linkin...
⬇ 190156 · by oswalpalash

💬 Comments