Skill flagged — suspicious patterns detected
ClawHub Security flagged this skill as suspicious. Review the scan results before using.
forgex-cli
v1.0.3Solana链上专业命令行工具,实现代币创建、交易、做市、钱包管理及资金转账,支持密码保护和JSON格式输出。
⭐ 0· 163·0 current·0 all-time
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Suspicious
medium confidencePurpose & Capability
The SKILL.md describes a Solana CLI that creates tokens, manages wallets, transfers funds, and runs market‑making bots — and the instructions show commands for each of those tasks. The declared requirements (none) are not unreasonable for an instruction-only wrapper that tells the user to install an external CLI.
Instruction Scope
The instructions direct the user/agent to generate, import, export, and use private keys (via --password and --private-key flags), read and write local files (CSV, JSON, image), and configure RPC endpoints and API keys. These actions involve highly sensitive secrets and file IO. The SKILL.md encourages passing passwords/keys on the command line (exposed to process lists and shell history) and importing private keys from plain CSV — practices that increase risk of accidental exfiltration. The file does not contain any steps that explicitly exfiltrate data, but an agent following these broad instructions could prompt the user to run commands that disclose secrets.
Install Mechanism
This is an instruction-only skill that instructs users to run `npm install -g forgex-cli`. There is no included install spec or verified homepage/source in the skill metadata. The SKILL.md implies an npm package and GitHub presence, but the skill metadata lists 'Source: unknown' and 'Homepage: none', creating a provenance gap: installing a global npm package from an unverifiable source is risky because it executes third‑party code on the user's machine.
Credentials
The skill declares no required environment variables or credentials, which aligns with being instruction-only. However, the documentation references setting a 'codexApiKey' via the tool's config and using RPC endpoints; the skill does not declare or explain how secrets should be stored. More importantly, the instructions rely on user-supplied private keys and passwords (passed on the CLI or in files) — sensitive data that should be handled with stricter guidance (hardware wallets, encrypted stores).
Persistence & Privilege
always:false and no special platform privileges are requested. The skill does not request persistent agent-level access or modify other skills. Autonomous model invocation is allowed (default), but that alone is not a disqualifier; combined with the other concerns it means the agent could propose actions involving funds unless the user intervenes.
What to consider before installing
Before installing or following these instructions: 1) Verify the npm package and its source — check the package page on npm and the linked GitHub repository, confirm the maintainer, read the package code and recent publish history. 2) Never paste real private keys or high-value passwords into command-line arguments or unencrypted CSVs; CLI args can be visible to other processes and stored in shell history. Prefer hardware wallets, ephemeral wallets with minimal funds, or encrypted wallet stores. 3) Test with --dry-run and on devnet/testnet and use a trusted RPC endpoint. 4) If you must install the CLI globally, inspect the package contents locally before running and prefer installing in an isolated environment (container or VM). 5) If you are uncomfortable auditing the package yourself, avoid installing it — a tool that handles token creation and transfers should come from a verifiable, reputable source.Like a lobster shell, security has layers — review code before you run it.
latestvk976vfa92f13b8czpep8ddbq1s836hzc
License
MIT-0
Free to use, modify, and redistribute. No attribution required.