ClawHub

Solana

Security checks across malware telemetry and agentic risk

Overview

This is a disclosed, read-only Solana lookup skill that sends requested blockchain queries to Solana RPC and CoinGecko but does not show wallet-key access, signing, persistence, or destructive behavior.

Install only if you are comfortable sending the public wallet addresses, token mints, and transaction signatures you query to Solana RPC providers and sometimes CoinGecko. Use a trusted RPC endpoint for sensitive analysis, avoid untrusted SOLANA_RPC_URL values, and use --no-prices when you do not want CoinGecko price lookups.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Taint TrackingDirect Taint Flow, Variable-Mediated Taint Flow, Credential Exfiltration Chain
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (3)

Tainted flow: 'req' from os.environ.get (line 139, credential/environment) → urllib.request.urlopen (network output)

Critical
Category
Data Flow
Content
headers={"Content-Type": "application/json"}, method="POST",
        )
        try:
            with urllib.request.urlopen(req, timeout=20) as resp:
                body = json.load(resp)
            if "error" in body:
                err = body["error"]
Confidence
92% confidence
Finding
with urllib.request.urlopen(req, timeout=20) as resp:

Tainted flow: 'req' from os.environ.get (line 139, credential/environment) → urllib.request.urlopen (network output)

Critical
Category
Data Flow
Content
headers={"Content-Type": "application/json"}, method="POST",
        )
        try:
            with urllib.request.urlopen(req, timeout=20) as resp:
                return json.load(resp)
        except urllib.error.HTTPError as exc:
            if exc.code == 429 and attempt < 2:
Confidence
92% confidence
Finding
with urllib.request.urlopen(req, timeout=20) as resp:

Lp3

Medium
Category
MCP Least Privilege
Confidence
95% confidence
Finding
The skill documentation clearly instructs use of a Python helper that performs outbound network access to Solana RPC and CoinGecko and reads configuration from the environment via SOLANA_RPC_URL, yet no permissions are declared. This creates a transparency and governance gap: an agent or user may run a skill with network and env access without explicit consent or policy review, which is especially relevant in crypto contexts where remote endpoints and environment-based configuration can influence behavior.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal