Labor Solana skill: Solana ecosystem

Security checks across malware telemetry and agentic risk

Overview

This skill is a clearly disclosed Solana transfer tool, but users must treat it as capable of irreversible SOL transfers when given a funded private key.

Install only if you intentionally want an agent-assisted tool that can send SOL from a key you provide. Keep SOLANA_PRIVATE_KEY in a secrets manager or environment variable, test on devnet first, and verify recipient, amount, and network before confirming any transfer, especially on mainnet where transactions are irreversible.

SkillSpector

By NVIDIA

Vulnerability Patterns

MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (1)

Lp3

Medium

Category: MCP Least Privilege
Confidence: 92% confidence
Finding: The skill explicitly depends on the sensitive environment variable `SOLANA_PRIVATE_KEY` and instructs execution of a command that uses it to sign and send blockchain transactions, but it does not declare corresponding permissions. That creates a permission-model gap: an agent or reviewer may underestimate that this skill can access secret material and perform irreversible value transfer, increasing the chance of unsafe execution or policy bypass.

VirusTotal

1/66 vendors flagged this skill as malicious, and 65/66 flagged it as clean.

View on VirusTotal