ClawHub

solana-skill

Security checks across malware telemetry and agentic risk

Overview

The skill is a coherent Solana wallet/trading helper, but it can move funds and store wallet keys with weak safeguards that users should review before installing.

Install only with careful limits. Use a test or low-value wallet unless you replace key storage with a passphrase, OS keychain, or hardware wallet; require manual approval for every send or swap; verify recipient addresses, mints, amounts, slippage, fees, and network before signing; avoid putting real API keys in URLs or logs; and pin/audit dependencies before funding any wallet managed by this skill.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (7)

Intent-Code Divergence

Medium
Confidence
99% confidence
Finding
The wallet encryption key is deterministically derived from USER and HOME environment variables, which are low-entropy and often guessable or observable by local users and processes. This means anyone who obtains the wallet file can likely reconstruct the decryption key and recover the private key, defeating the purpose of encrypting wallet material at rest.

Vague Triggers

Medium
Confidence
88% confidence
Finding
The description is broad enough to activate on almost any Solana-related request, including sensitive operations like wallet import, transfers, and swaps. Over-broad invocation increases the risk that the skill is selected for high-impact financial actions without adequate guardrails, user intent verification, or safer alternatives.

Missing User Warnings

High
Confidence
97% confidence
Finding
The skill advertises wallet import, token transfers, and swaps without prominently warning that these actions are irreversible and may involve highly sensitive secrets such as private keys or seed phrases. In a blockchain context, weak warnings are especially dangerous because mistakes can cause permanent asset loss or credential compromise with no recovery path.

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The documentation shows API keys embedded in URLs and Authorization headers without warning about secret handling, logging exposure, or the higher leakage risk of query-parameter credentials. In a wallet and blockchain skill, operators may copy these patterns directly into tools, browser history, logs, error reports, or shared snippets, exposing Helius credentials and enabling unauthorized API use.

Missing User Warnings

Medium
Confidence
91% confidence
Finding
The webhook example instructs users to forward transaction activity for monitored addresses to an arbitrary external endpoint without warning about privacy, compliance, or data-sharing implications. In a crypto context, address activity can reveal portfolio behavior, counterparties, and trading patterns, so silent third-party transmission creates avoidable confidentiality and operational risk.

Missing User Warnings

Medium
Confidence
91% confidence
Finding
The example demonstrates a full swap flow that deserializes a third-party-provided transaction, signs it with the wallet, and broadcasts it with skipPreflight enabled, but includes no explicit user confirmation or irreversible-action warning before on-chain execution. In a wallet-management skill, this omission is dangerous because consumers may treat the example as safe default behavior and execute value-transferring transactions without adequate review of amounts, destination effects, or transaction contents.

External Transmission

Medium
Category
Data Exfiltration
Content
```typescript
const response = await fetch(
  `https://api.helius.xyz/v0/addresses/${ADDRESS}/transactions?api-key=${KEY}`
);
```
Confidence
90% confidence
Finding
https://api.helius.xyz/

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal