ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Sfaeflow Solana Skill

v1.0.0

Use when running SafeFlow against a deployed Solana program. Trigger for tasks such as generating an agent keypair, asking the owner to fund gas and create w...

0· 55·0 current·0 all-time
byTogo@fwangzil
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Suspicious
medium confidence
Purpose & Capability
The name/description (SafeFlow Solana payment skill) aligns with the included scripts: they generate an agent keypair, persist config, query session state, and execute on-chain payments. However, the skill metadata declares no required binaries or env vars even though the scripts call solana-keygen, node, and npx/ts-node and expect local files (sdk/src/agent and target/idl/safeflow_solana.json). The absence of these declared dependencies/files is an incoherence.
!
Instruction Scope
The runtime instructions/scripts read/write sensitive local state (.safeflow/agent-keypair.json and config.json) and execute an inline TypeScript/JavaScript program via npx ts-node that loads a local SDK module and IDL. The scripts will connect to public Solana RPC endpoints (devnet/mainnet) but do not call any other external endpoints. The instruction set grants the agent the ability to create and use a private key stored on disk and to execute arbitrary JS in the context of the repository — the SKILL.md and manifest do not make it clear where the SDK/IDL come from or whether the JS code is audited.
!
Install Mechanism
There is no install spec. The scripts rely on npx to run ts-node which will fetch packages from the npm registry at runtime if not present. That implicit network installation is not declared and increases risk. Also required local files (sdk/src/agent, target/idl/...) are referenced but not present in the provided file manifest, meaning the scripts will fail or attempt to fetch missing pieces at runtime.
Credentials
The skill requests no environment variables or external credentials in metadata, which is proportional. However, it creates and stores a Solana private key locally (.safeflow/agent-keypair.json) and will read that secret to sign transactions — this is sensitive and should be expected and handled cautiously. No unexpected credentials (AWS, GCP, etc.) are requested.
Persistence & Privilege
always is false and there are no declarations that the skill will modify other skills or system-wide settings. The skill persists its own config and keypair under .safeflow which is normal for this purpose.
What to consider before installing
Do not install or run this skill until the repository author supplies missing artifacts and clarifications. Specific checks to request or perform before use: - Verify the repository includes the referenced SDK (sdk/src/agent) and the IDL file (target/idl/safeflow_solana.json). Inspect those files for unexpected network calls or unknown endpoints. - Confirm system requirements: explicitly require solana-cli (solana-keygen), node, and a pinned ts-node/runtime dependency or provide a package.json; avoid implicit npx pulls if you want reproducible behavior. - Understand and accept local private key storage: the agent keypair is written to .safeflow/agent-keypair.json (sensitive). Consider using hardware wallets, restricted signing services, or running in an isolated environment. - Because the script executes arbitrary JS via npx/ts-node, ensure all JS code is audited and comes from a trusted source; if you cannot validate the code, run in a sandboxed environment or decline. - Ask the author to provide an explicit install spec (or packaged dependencies) and to declare required binaries in the skill metadata. If the skill will fetch runtime packages, request pinned versions and an integrity check. If you cannot obtain these assurances, classify the skill as untrusted and avoid running it with real funds or on production systems.

Like a lobster shell, security has layers — review code before you run it.

latestvk975104zb7342ermxsn5kqjg2n84537h

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments