ClawHub
Back to skill
v1.0.0

solana-skill

ReviewClawScan verdict for this skill. Analyzed May 1, 2026, 5:15 AM.

Analysis

The skill matches its Solana-wallet purpose, but it can decrypt wallet keys and move real funds without built-in user confirmation, while using weak local key protection.

GuidanceReview carefully before installing. Only use this with wallets and funds you are willing to risk, prefer devnet or low-value wallets first, and do not rely on the current default wallet encryption for valuable private keys. Add explicit confirmation and transaction-review steps before allowing an agent to send funds or execute swaps.

Findings (5)

Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.

Abnormal behavior control

Checks for instructions or behavior that redirect the agent, misuse tools, execute unexpected code, cascade across systems, exploit user trust, or continue outside the intended task.

Tool Misuse and Exploitation
SeverityHighConfidenceHighStatusConcern
scripts/send.ts
signature = await sendSol(fromWallet, toAddress, amount); ... const signature = await sendAndConfirmTransaction(connection, tx, [fromWallet], { commitment: 'confirmed' });

The send CLI takes recipient and amount arguments and then signs/broadcasts a real transaction; the complete file shows validation but no explicit user-confirmation step before moving funds.

User impactA mistaken or autonomous invocation could irreversibly transfer SOL or SPL tokens from a managed wallet.
RecommendationRequire explicit user confirmation immediately before any transfer, show recipient/amount/fees, add configurable limits, and consider a dry-run or allowlist mode.
Tool Misuse and Exploitation
SeverityHighConfidenceHighStatusConcern
scripts/swap.ts
const { swapTransaction, lastValidBlockHeight } = await swapResponse.json(); ... tx.sign([wallet]); ... sendRawTransaction(tx.serialize(), { skipPreflight: true, maxRetries: 3 });

The swap flow signs a transaction returned by the external Jupiter API and broadcasts it with preflight skipped, without artifact evidence of decoded-instruction review or explicit user approval.

User impactIf the route is wrong, stale, malicious, or misunderstood, the wallet may sign and submit an unwanted swap involving real assets.
RecommendationDecode and display the swap transaction, require user approval, simulate or preflight by default, and only allow skipPreflight as an explicit opt-in.
Agentic Supply Chain Vulnerabilities
SeverityLowConfidenceHighStatusNote
package.json
"@solana/web3.js": "^1.98.0", "@solana/spl-token": "^0.4.0", "helius-sdk": "^2.1.0", "tsx": "^4.7.0"

Dependencies are version-ranged and no lockfile is included in the manifest, so a future install could resolve newer dependency code.

User impactThe code a user runs after installing dependencies may differ from the reviewed dependency set.
RecommendationPin dependency versions, include a lockfile, and document the expected installation process.
Permission boundary

Checks whether tool use, credentials, dependencies, identity, account access, or inter-agent boundaries are broader than the stated purpose.

Identity and Privilege Abuse
SeverityHighConfidenceHighStatusConcern
scripts/wallet.ts
const machineId = process.env.USER + process.env.HOME; return createHash('sha256').update(machineId).digest('hex');

Wallet private keys are encrypted using predictable local environment values rather than a user secret, OS keychain, or hardware wallet protection.

User impactIf an encrypted wallet file is copied or exposed, the private key may be easier to recover, putting all funds in that wallet at risk.
RecommendationUse a user-supplied passphrase, OS keychain, hardware wallet signing, or another strong secret; warn users not to store valuable mainnet keys with the current default.
Identity and Privilege Abuse
SeverityLowConfidenceHighStatusNote
SKILL.md
Helius API Key — Get free at https://dashboard.helius.dev/signup ... Store key in `~/.config/solana-skill/config.json`

The skill requires a provider API key even though the registry metadata declares no primary credential or required config path; this is expected for Helius access but should be disclosed in metadata.

User impactUsers must store a local Helius API key, and their queried wallet addresses and RPC activity may be visible to that provider.
RecommendationDeclare the credential/config requirement in metadata and advise users to use a limited-purpose API key.