Back to skill
Skillv1.0.0
ClawScan security
IQDB · ClawHub's context-aware review of the artifact, metadata, and declared behavior.
Scanner verdict
SuspiciousFeb 11, 2026, 9:29 AM
- Verdict
- suspicious
- Confidence
- medium
- Model
- gpt-5-mini
- Summary
- The skill's documentation and runtime instructions describe operations that require local keypairs, RPC endpoints, npm installs, and even a third‑party Solana CLI installer, but the registry metadata claims no required env vars/config paths—this mismatch and the installer URL are concerning and deserve verification before use.
- Guidance
- Before installing or running this skill: 1) Treat it as needing a Solana signing keypair and RPC access — do not use your main wallet; use a disposable/burner wallet for testing. 2) Verify the referenced npm packages and program IDs independently (search npm, GitHub, and Solana explorer for @iqlabs‑official/solana-sdk, @iqlabsteam/iqdb and the listed program IDs). 3) Do NOT run curl installers from unknown domains (the setup references release.anza.xyz); prefer official Solana install sources. 4) Inspect the actual npm packages you install (look for malicious postinstall scripts) or vendor the code in an isolated environment. 5) Ask the skill author for source/homepage and for metadata to declare required env vars/config paths (ANCHOR_WALLET, ANCHOR_PROVIDER_URL, NETWORK_URL). 6) If you must proceed, run only read operations first (no writes), and monitor any network endpoints the tool talks to. These steps will reduce risk and let you validate that the implementation matches its claims.
Review Dimensions
- Purpose & Capability
- concernThe skill describes on‑chain storage on Solana and therefore legitimately needs access to a signing keypair and RPC endpoints. However, the registry metadata declares no required environment variables or config paths, which contradicts the SKILL.md and references (which repeatedly instruct setting ANCHOR_WALLET, ANCHOR_PROVIDER_URL, NETWORK_URL and using a local keypair file). That mismatch is incoherent and misleading.
- Instruction Scope
- concernSKILL.md and the reference files instruct the user/agent to: read and use a Solana keypair file for signing, set and read environment variables, monkey‑patch SDK internals at runtime, run npm installs, and follow an installer curl command. These go beyond mere documentation and instruct accessing sensitive local files and modifying runtime modules—activities that should be explicitly declared and justified.
- Install Mechanism
- concernThe skill is instruction‑only (no install spec) but the setup doc tells users to npm install several SDK packages (normal) and to run a Solana CLI installer via curl from https://release.anza.xyz/stable/install — that host is not a known official Solana release URL and represents a high‑risk install instruction if followed. Recommending downloads from unknown domains is a red flag.
- Credentials
- concernFunctionality legitimately requires a signing keypair and RPC credentials (ANCHOR_WALLET, ANCHOR_PROVIDER_URL, NETWORK_URL), but the registry lists none. The skill's instructions expect access to sensitive secrets (wallet keypair JSON) and RPC tokens/endpoints; those should be declared in metadata and minimized. The hanLock section explicitly warns it's not secure (XOR), which is transparent but not a substitute for encryption.
- Persistence & Privilege
- okThe skill does not request always:true and is user‑invocable only. It does not claim to modify other skills or global agent settings. Autonomous invocation is allowed (platform default) but is not combined with other high‑privilege flags here.