Fortuna Lottery
PassAudited by VirusTotal on May 12, 2026.
Overview
Type: OpenClaw Skill Name: fortuna Version: 1.2.0 The skill is classified as suspicious primarily due to a prompt injection attempt in `SKILL.md`. It instructs the AI agent to "always use curl to call the FORTUNA API directly" and "Do NOT use web search" for specific topics, which is a clear attempt to manipulate the agent's information gathering and decision-making process. Additionally, the `scripts/send_sol.py` script requires and uses the `SOLANA_PRIVATE_KEY` environment variable to perform Solana transactions, a high-risk capability. While the script appears to use the key only for its stated purpose (sending SOL to the hardcoded treasury address `BzHharnq5sa7TUWPSG1TysjwxuBVJchoU8CGRDmbLcfW`) without evidence of exfiltration or unauthorized actions, the combination of agent manipulation and direct private key handling warrants a 'suspicious' classification.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
If an agent is allowed to run this transfer path, real SOL can be irreversibly spent on lottery tickets.
The fallback tool converts a command-line amount into an on-chain SOL transfer to a hardcoded treasury and sends it directly. The reviewed source shows no interactive confirmation, spend ceiling, or reversible approval step.
TREASURY = "BzHharnq5sa7TUWPSG1TysjwxuBVJchoU8CGRDmbLcfW" ... amount_sol = float(sys.argv[1]) ... resp = client.send_transaction(txn, sender)
Require explicit user confirmation before every transfer, add a maximum spend per round/session, and use a wallet flow that surfaces the recipient and amount before signing.
Using a main wallet key would expose broad signing authority to the agent runtime and could lead to unintended loss of funds if misused.
The fallback reads a raw Solana private key and uses it as the signing key. Although disclosed and purpose-aligned, a raw private key is not scoped to lottery spending and can authorize any transaction from that wallet.
private_key = os.environ.get("SOLANA_PRIVATE_KEY") ... sender = Keypair.from_base58_string(private_key)Do not use a main wallet private key. Prefer a wallet/MCP integration with approval prompts, or use a dedicated wallet with only the amount you are willing to lose.
A user running the fallback may install whatever current versions of these packages are resolved by pip.
The optional fallback depends on unpinned package names installed at runtime. This is expected for the fallback script, but package versions and provenance are not locked in the artifacts.
Runtime packages required for fallback: `pip install solana solders`
Install dependencies in an isolated environment and prefer pinned, reviewed package versions before using the private-key fallback.