IQDB
PassAudited by ClawScan on May 1, 2026.
Overview
This instruction-only skill is coherent for Solana on-chain storage, but it involves wallet signing, permanent on-chain writes, and real payments that users should confirm carefully.
Before using this skill, set up a dedicated low-balance Solana wallet, test workflows on devnet, pin and verify installed packages, and manually approve every mainnet write or payment. Do not store secrets, keys, or PII on-chain, and do not treat hanLock as strong encryption.
Findings (3)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
If the wrong wallet or a high-value wallet is used, transactions could spend real SOL/USDC or write permanent data on-chain.
The skill expects access to a local Solana keypair for transaction signing. That is necessary for the stated blockchain purpose, but it is a sensitive credential that can authorize spending and irreversible writes.
ANCHOR_WALLET=/path/to/keypair.json # Required — Solana keypair for signing
Use a dedicated low-balance wallet, test on devnet first, and require explicit approval before any mainnet transaction or payment.
A mistaken payment address, amount, network, or file selection could cause non-refundable loss or permanently publish unintended data.
The documented x402 flow includes irreversible payments and permanent data inscription. This is central to the skill's purpose and disclosed, but it is high-impact.
Send the quoted amount to the provided payment address... Payment is non-refundable once inscription starts... Files are chunked into transactions and stored permanently on-chain.
Manually confirm the quote, payment address, token, amount, file contents, and network before signing or broadcasting transactions.
Installing unpinned or remotely fetched tooling can expose the environment to upstream package or installer compromise.
The setup guidance uses a remote installer and unpinned npm packages. These are common for blockchain tooling and user-directed, but they increase supply-chain reliance.
sh -c "$(curl -sSfL https://release.anza.xyz/stable/install)" ... npm install @iqlabs-official/solana-sdk @solana/web3.js
Pin dependency versions, verify package provenance, prefer official installation instructions with checksums where available, and install in a project-specific environment.