Skill flagged — suspicious patterns detected
ClawHub Security flagged this skill as suspicious. Review the scan results before using.
GlueX
v1.0.3Operate the GlueX Solana protocol (register profiles, listen to bounties, claim tasks, approve rewards, map social graph connections) directly from the CLI.
⭐ 1· 158·0 current·0 all-time
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Suspicious
medium confidencePurpose & Capability
The code and SKILL.md align with the stated purpose (publishing/listening/claiming/approving bounties on Solana). Required binaries (node/npm/npx) and the included dependencies (@coral-xyz/anchor, @solana/web3.js) are reasonable for this functionality. However, the skill accesses a local Solana keypair file (~/.config/solana/id.json) which is expected for signing transactions but is not declared in the skill's registry metadata (required config paths: none).
Instruction Scope
Runtime instructions and the code instruct the agent to load a local private key file and perform on-chain transactions (publish, claim, approve) and run persistent listeners. The SKILL.md warns about not leaking keys, but there is no built-in user-confirmation flow per transaction; an agent invoking the skill could sign transactions without further explicit prompts.
Install Mechanism
No automated install spec in the registry (instruction-only). The repo includes a package.json and package-lock.json that will cause npm to download standard npm packages from public registries; nothing in the lockfile points at obscure download hosts or arbitrary archives. Installing requires running 'npm install' locally, which is expected.
Credentials
The skill requests no environment variables but reads the user's Solana keypair file from a well-known local path (~/ .config/solana/id.json). This file contains the raw private key material used to sign and move funds. The registry metadata did not declare this config path as required, which is an incoherence and a sensitive access that should be explicitly noted to users.
Persistence & Privilege
always:false (good), but model invocation is allowed (default). Combined with the skill's ability to load a private key and sign transactions, autonomous invocation increases the blast radius: an agent could run listeners and automatically claim/approve bounties that move funds from the user's wallet. The SKILL.md recommends using Devnet and a funded keypair, but there is no enforcement or consent gating in the code.
What to consider before installing
This skill is coherent with its description: it intentionally loads your Solana keypair from ~/.config/solana/id.json and uses it to sign transactions on Devnet/Mainnet. Before installing: 1) Only run it with a throwaway or dedicated wallet (use Devnet and small amounts) — do not point it at a wallet holding real funds. 2) Inspect the code yourself (interact.ts) and verify the PROGRAM_ID and the IDL path if you plan to use Mainnet. 3) Note the registry metadata omitted the config path; treat that as an intentional access to your private key file. 4) If you allow autonomous agents, restrict or disable automatic invocation for this skill (or require manual confirmations) because an autonomous agent could cause on-chain transfers without further prompts. 5) If you need to use it, run npm install in a controlled environment, and never commit or share your id.json. If you want me to, I can point out the exact lines that read the keypair and send transactions or suggest safer runtime patterns (e.g., prompting or using a signing server/hardware wallet).scripts/interact.ts:15
File read combined with network send (possible exfiltration).
About static analysis
These patterns were detected by automated regex scanning. They may be normal for skills that integrate with external APIs. Check the VirusTotal and OpenClaw results above for context-aware analysis.Like a lobster shell, security has layers — review code before you run it.
latestvk97a5ppy8hncda0nqaza8tk65983838x
License
MIT-0
Free to use, modify, and redistribute. No attribution required.
Runtime requirements
🧩 Clawdis
Binsnode, npm, npx