Solvera Markets
PassAudited by ClawScan on May 10, 2026.
Overview
This instruction-only skill is coherent for a Web3 marketplace and includes safety guidance, but using it may lead your agent to prepare transactions that affect your crypto wallet.
Install only if you intend to let your agent work with Solvera marketplace transactions. Before signing anything, confirm the chain, contract, token allowlist, reward amount, bond/spend exposure, and calldata destination. Prefer a dedicated wallet with limited funds and require human approval for every broadcast transaction.
Findings (2)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
If a connected wallet signs the generated calldata, token balances, bonds, rewards, or on-chain reputation may change.
The skill exposes transaction-building workflows that can lead to signed on-chain actions, but it clearly discloses that the API only returns calldata and does not itself sign or broadcast.
All write endpoints return calldata only. They do not sign or broadcast. ... POST /api/intents/:id/offers ... POST /api/intents/:id/fulfill ... next_steps: [{ "action": "sign_and_send", "network": "base" }]Use explicit wallet confirmations, verify the network and contract address, and set token allowlists, minimum rewards, maximum bond/spend limits, and per-transaction approval requirements.
A wallet with signing authority can spend assets or create on-chain obligations if misused.
The artifacts indicate that wallet/private-key authority may be involved for signing transactions, while also instructing users not to send private keys to the service.
Keep private keys local; never send them to the API. ... Tx built and signed locally
Use a dedicated low-balance wallet where possible, never paste private keys into chats or APIs, review calldata/allowances before signing, and revoke unnecessary approvals.