Openpump Solana Mcp
SuspiciousAudited by ClawScan on May 10, 2026.
Overview
This skill is a real-money Solana trading system with autonomous and multi-wallet capabilities, and it runs an unpinned npm MCP server using your live OpenPump API key.
Only install this if you intentionally want an agent to operate real Solana/pump.fun trading tools. Use a fresh low-balance wallet and revocable API key, pin and review the npm package instead of using @latest, disable autonomous heartbeat/sniping/market-making unless explicitly needed, and require manual approval for every buy, sell, transfer, bundle, and wallet operation.
Findings (5)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
A mistaken or over-authorized agent action could move real funds across wallets or perform transactions that are hard to unwind and potentially expose the user to financial, reputational, or compliance risk.
The toolset includes moving funds across multiple wallets with explicit obfuscation, which is broader and riskier than ordinary single-wallet trading.
`mm-fund-pool` | Distribute SOL from source wallet to all pool wallets. Supports multi-hop obfuscation (hops 0-3)
Use a dedicated low-balance account, avoid obfuscation/spam/bundle tools unless deliberately needed, and require explicit confirmation for every transaction.
Trading activity may continue beyond a single user prompt, potentially buying or selling volatile assets if the user enables standing instructions or long-running sessions.
The skill can start autonomous trading sessions, and related artifacts also describe recurring heartbeat monitoring and auto-buy sniping behavior.
`mm-start-session` | Start autonomous market making on a token with configurable strategy |
Disable heartbeat, sniping, and market-making unless you explicitly want them; set tight time, balance, and loss limits; and verify how to stop all running sessions.
A future or compromised npm package release could run with access to the trading API key and financial tools.
The runtime server is auto-installed from the latest npm package version and receives the live API key, while the package code is not present in the reviewed artifacts.
"command": "npx", "args": ["-y", "@openpump/mcp@latest"], "env": { "OPENPUMP_API_KEY": "${OPENPUMP_API_KEY}" }Pin a reviewed package version, inspect the package source/provenance before use, and run it in a constrained environment with a revocable low-privilege API key.
Anyone or anything with this key may be able to view balances and initiate trades or transfers through OpenPump tools.
The requested API key is purpose-aligned, but it enables operations over custodial wallets and real crypto assets.
manages custodial wallets, transfers SOL and SPL tokens
Use a dedicated OpenPump key and wallet with only funds you are willing to risk, store the key carefully, and revoke or rotate it after testing.
Local logs or agent context could reveal wallet activity, balances, positions, and trading history.
The workspace asks the agent to retain and log portfolio state, which is sensitive financial context and may affect later trading decisions.
Compile and log the portfolio summary: Total SOL, Open positions, Total exposure, Available to trade
Keep the workspace private, avoid sharing logs, and clear stored portfolio context when it is no longer needed.