Back to skill
Skillv1.0.0
ClawScan security
Mi Trading · ClawHub's context-aware review of the artifact, metadata, and declared behavior.
Scanner verdict
SuspiciousFeb 17, 2026, 12:11 PM
- Verdict
- suspicious
- Confidence
- medium
- Model
- gpt-5-mini
- Summary
- The skill's instructions match a Solana trading tool (ClawDex) but the registry metadata omits the sensitive environment variables and wallet/config paths the SKILL.md requires — this mismatch and the need to access a local wallet make the package worth caution and further inspection.
- Guidance
- This skill's instructions perform exactly the kind of operations you'd expect for a Solana trading CLI, but the registry metadata omits the sensitive items the SKILL.md needs (JUPITER_API_KEY, RPC URL, and a local wallet file). Before installing or running: (1) verify the provenance of the 'clawdex' npm package (publisher, repository, audit its source) rather than blindly running npm install -g; (2) never point the tool at your main wallet — use a dedicated wallet with minimal funds for testing; (3) consider running the CLI in an isolated environment/container; (4) confirm whether JUPITER_API_KEY or other secrets are actually required and where they are sent; (5) ask the skill author or registry to update metadata to declare required env vars and config paths. If the registry metadata and a trustworthy upstream repo are provided (and code audit shows no exfiltration), the concern would be reduced.
Review Dimensions
- Purpose & Capability
- noteThe name/description (Solana token trading via ClawDex) aligns with the SKILL.md content: commands, quotes, simulation, and execution are coherent for a trading skill. However, the registry metadata claims no required env vars or config paths while the instructions explicitly reference JUPITER_API_KEY, SOLANA_RPC_URL, and a wallet file (~/.config/solana/id.json), which is inconsistent and unexplained.
- Instruction Scope
- concernThe SKILL.md stays within trading scope (health check, balances, simulate, execute) but it instructs the agent to access a local Solana wallet file and environment variables (JUPITER_API_KEY, optional SOLANA_RPC_URL). Accessing a user's wallet file is sensitive; the instructions do not limit which wallet to use or instruct using a dedicated/trust-limited wallet. The SKILL.md also suggests installing clawdex from npm, which requires running third-party code.
- Install Mechanism
- okThis is instruction-only (no install spec in registry). The SKILL.md recommends 'npm install -g clawdex@latest' if clawdex is not present — a common mechanism but it entails installing an npm package from the public registry. No opaque download URLs or extract steps are present in the skill itself.
- Credentials
- concernThe registry declares no required env vars, but the SKILL.md requires JUPITER_API_KEY during onboarding and references SOLANA_RPC_URL. It also assumes access to a wallet file path (~/.config/solana/id.json). Requesting access to a private wallet file and an API key is proportionate to trading functionality — but it should be declared up front. The lack of declared credentials/config in metadata is a mismatch that could lead to unexpected exfiltration risk if the underlying clawdex binary is untrusted.
- Persistence & Privilege
- okThe skill does not request persistent/all-skill privileges (always: false) and does not modify other skills or system-wide settings in the provided instructions. Autonomous invocation is allowed by default (disable-model-invocation: false) but that is platform default and not by itself flagged.