Back to skill
Skillv1.0.1
ClawScan security
trader · ClawHub's context-aware review of the artifact, metadata, and declared behavior.
Scanner verdict
SuspiciousMar 7, 2026, 3:27 PM
- Verdict
- suspicious
- Confidence
- medium
- Model
- gpt-5-mini
- Summary
- The skill's declared requirements and runtime instructions broadly match a Solana trading CLI, but there are small inconsistencies and supply-chain/credential-handling risks you should review before installing.
- Guidance
- This skill appears to be what it claims (a Solana trading CLI) but exercise caution before installing. Steps to consider: - Verify the npm package and author: check the @zeroexcore/trader package page on npm and the linked GitHub repo, confirm the package maintainer and recent activity, and inspect the package contents if possible. - Avoid storing your WALLET_PASSWORD in plaintext config files. Prefer exporting the password as an environment variable at runtime rather than writing it into ~/.openclaw/openclaw.json unless you confirm that file is encrypted and access-limited. - Understand that global npm installs can execute arbitrary code during installation; if you cannot vet the package, run the CLI via npx in an isolated environment or inspect the package tarball first. - Back up private keys offline after export, and treat any 'trader wallet export' output as extremely sensitive. - If you need higher assurance, ask the publisher for a reproducible source link, package checksum, or a signed release; do not proceed if you cannot verify the package origin and integrity.
Review Dimensions
- Purpose & Capability
- okName/description, required binary ('trader'), and required env vars (WALLET_PASSWORD, HELIUS_API_KEY) align with a Solana trading CLI. JUPITER_API_KEY is documented as optional for swaps/predictions which matches the behavior. Minor metadata inconsistency: the registry metadata lists no homepage/source but the SKILL.md includes a GitHub homepage, so origin verification is incomplete.
- Instruction Scope
- concernSKILL.md instructs the agent to use the CLI and to store wallet state under ~/.openclaw/, which is within the platform boundary — that's expected. However the docs also show storing the WALLET_PASSWORD in ~/.openclaw/openclaw.json (example: "apiKey": "your_wallet_password"), which implies plaintext or config-stored credentials; that contradicts the 'NEVER disclose wallet password' guidance and weakens the claimed 'secure storage' model. The README also instructs exporting the private key for backup (normal for wallets, but a sensitive operation that must be handled carefully).
- Install Mechanism
- noteThe install uses an npm package (@zeroexcore/trader) to create the 'trader' binary — this is a plausible and common distribution method for a CLI. Npm installs can run arbitrary install scripts and there is no integrity checksum or pinned source in the skill metadata; combined with the registry metadata missing a verified homepage/source, this raises supply-chain risk that should be reviewed.
- Credentials
- noteRequested env vars (WALLET_PASSWORD as primary, HELIUS_API_KEY) are appropriate for a Solana trading CLI. The skill also documents optional JUPITER_API_KEY. Concern: example configuration shows placing WALLET_PASSWORD in the OpenClaw config file, which may store it in cleartext depending on platform settings — this is disproportionate to the declared 'do not disclose' guidance and increases exposure of the primary credential.
- Persistence & Privilege
- okalways:false and no special OS restrictions. The skill does not request permanent 'always' inclusion nor ask to modify other skills' configs. It writes to its own files under ~/.openclaw/, which is normal for per-skill state.