SNAP Private Payments
Security checks across static analysis, malware telemetry, and agentic risk
Overview
The skill matches its payment purpose, but it can move Solana funds and use private withdrawal/balance secrets through unreviewed helper code and without clear confirmation safeguards.
Treat this as a real-money Solana payment integration. Before installing, review the full SNAP client source and npm package version, use a limited wallet and small test amounts first, require explicit confirmation for every deposit or withdrawal, and avoid giving the agent persistent access to withdrawal notes or viewing keys.
Static analysis
No static analysis findings were reported for this release.
VirusTotal
VirusTotal findings are pending for this skill version.
Risk analysis
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
If an agent misinterprets a request or is prompted indirectly, it could deposit or withdraw funds without an in-skill safety check.
The skill directly invokes fund-moving deposit and withdrawal methods after command matching, but the artifacts do not show a confirmation gate, amount limit, or recipient verification step.
const deposit = await context.snapClient.deposit(pool, amount); ... const signature = await context.snapClient.withdraw(pool, context.note, parseRecipientAddress(recipientAddress));
Use only with explicit user confirmation for every transaction, verify amount and recipient address, and prefer a wallet or runtime policy with spending limits.
Exposing a note or viewing key could reveal private balances or enable withdrawal of shielded funds depending on how the underlying SNAP client handles them.
The code requires a withdrawal note and viewing key, which are sensitive shielded-fund secrets, but the registry metadata lists no primary credential and the artifacts do not describe how these secrets are scoped or protected.
"SNAP OpenClaw withdraw requires a note in context.note before funds can be claimed" ... "SNAP OpenClaw balance check requires context.viewingKey to inspect shielded funds"
Provide notes and viewing keys only for the specific task, avoid storing them in persistent agent context, and review the underlying client before using real funds.
Important payment, proof, relayer, or key-handling behavior may occur in code that is not available for review here.
The included code imports core SNAP client and pool helpers from relative shared files that are not present in the supplied two-file manifest, so the reviewed artifacts omit the implementation that would handle transactions and secrets.
from "../shared/snap-client"; ... from "../shared/pools";
Do not use with real funds until the full source, exact package versions, and helper implementations are reviewed or pinned.
A relayer may see transaction metadata, and the safety depends on the unreviewed SDK implementation and the trustworthiness of the relayer URL.
When a relayer URL is configured, withdrawals are routed through a relayer path while the withdrawal note is passed into that SDK call; the artifacts do not show the relayer data boundary.
if (context.relayerUrl) { const result = await context.snapClient.withdrawViaRelayer(pool, context.note, parseRecipientAddress(recipientAddress), context.relayerUrl); }Use a trusted relayer only when needed, or withdraw directly when privacy and secret-handling requirements are unclear.