Back to skill
Skillv1.0.0
ClawScan security
Helius · ClawHub's context-aware review of the artifact, metadata, and declared behavior.
Scanner verdict
BenignMar 11, 2026, 6:27 PM
- Verdict
- benign
- Confidence
- high
- Model
- gpt-5-mini
- Summary
- The skill's files and runtime instructions match its stated purpose (building on Helius/Solana), but it contains agentic onboarding steps that will persist API keys and keypairs to disk and can cause on‑chain payments — review those steps before proceeding.
- Guidance
- This skill appears to be what it claims: a Helius/Solana integration with reference docs and examples. Key things to consider before installing or letting an agent run it: - Onboarding can be agentic: the SKILL.md supports an 'agenticSignup' flow that generates a keypair, expects the wallet to be funded, and processes a USDC on‑chain payment to create a Helius account. Only proceed if you explicitly approve the agent using your funds. - Credentials are persisted: the MCP/CLI flow will save API keys and keypairs to disk (e.g., shared MCP config, ~/.helius-cli/keypair.json). If you prefer, create an API key yourself via the Helius dashboard and set HELIUS_API_KEY manually, rather than allowing the agent to run agenticSignup. - The SKILL.md tells you to run 'claude mcp add helius npx helius-mcp@latest' which will pull code from npm; review/trust that package before installing it. - Review file locations and permissions after onboarding (restrict access to keypair.json, check where the API key is stored). - If you do not want autonomous agents to create accounts or make payments, do not grant the agent permission to run the agentic signup flow; instead use the manual Path A (setHeliusApiKey) and supply your own API key. If you want, I can point out the exact lines in SKILL.md that perform onboarding/payment/persistence, or suggest safe install/run steps (manual vs agentic) you can follow.
Review Dimensions
- Purpose & Capability
- okThe name/description (Helius / Solana infra) aligns with the included SKILL.md and reference docs (Sender, DAS, LaserStream, webhooks, onboarding, etc.). The files provide SDK patterns and MCP tool usage consistent with a Helius integration; nothing requested by the skill is unrelated to building on Helius.
- Instruction Scope
- noteRuntime instructions include onboarding flows that will generate and persist a Solana keypair, require the user/agent to fund a wallet, and call an `agenticSignup` flow which processes USDC payments on‑chain. The SKILL.md also instructs the agent to install the MCP tool (claude mcp add helius npx helius-mcp@latest) and to use MCP tools that read/write shared config. These actions are coherent with the skill's purpose but have side effects (payments, persisted secrets) that the user must approve explicitly.
- Install Mechanism
- okNo network download/install spec in the skill bundle; an included install.sh only copies the skill files into a local Claude skills directory. There is no extract/download from arbitrary URLs in the bundle, so on‑disk changes are limited and explicit to the user running install.sh.
- Credentials
- noteThe skill declares no required environment variables but the documentation references HELIUS_API_KEY and HELIUS_NETWORK and instructs setting an API key (or using MCP tools to persist it). That is proportional to the functionality, but there is a mismatch between 'required.env' metadata (none) and the SKILL.md which expects/uses an API key and will persist credentials to shared config and to ~/.helius-cli/keypair.json. Users should be aware that secrets may be written to disk by the MCP/CLI flows.
- Persistence & Privilege
- noteThe skill itself does not request 'always: true' and does not modify other skills. However, the onboarding instructions and MCP tools intentionally persist API keys and generated keypairs (e.g., ~/.helius-cli/keypair.json and shared MCP config). If the agent executes the agentic signup flow autonomously it can create API keys and trigger on‑chain payments that consume user funds and persist credentials — this is expected for an onboarding tool but is persistent and high-impact.