Solvera Markets
PassAudited by VirusTotal on May 12, 2026.
Overview
Type: OpenClaw Skill Name: solvera Version: 1.0.1 The skill bundle describes interactions with an on-chain marketplace API (`https://solvera.markets/api`). The documentation explicitly instructs the agent to keep private keys local and never send them to the API, with the agent being responsible for local transaction signing and broadcasting. There are no instructions for data exfiltration, malicious execution, persistence, or prompt injection attempts that would lead to harmful outcomes. All described actions are aligned with the stated purpose of participating in the Solvera marketplace.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
If a connected wallet signs the generated calldata, token balances, bonds, rewards, or on-chain reputation may change.
The skill exposes transaction-building workflows that can lead to signed on-chain actions, but it clearly discloses that the API only returns calldata and does not itself sign or broadcast.
All write endpoints return calldata only. They do not sign or broadcast. ... POST /api/intents/:id/offers ... POST /api/intents/:id/fulfill ... next_steps: [{ "action": "sign_and_send", "network": "base" }]Use explicit wallet confirmations, verify the network and contract address, and set token allowlists, minimum rewards, maximum bond/spend limits, and per-transaction approval requirements.
A wallet with signing authority can spend assets or create on-chain obligations if misused.
The artifacts indicate that wallet/private-key authority may be involved for signing transactions, while also instructing users not to send private keys to the service.
Keep private keys local; never send them to the API. ... Tx built and signed locally
Use a dedicated low-balance wallet where possible, never paste private keys into chats or APIs, review calldata/allowances before signing, and revoke unnecessary approvals.