ClawHub

Sfaeflow Solana Skill

Security checks across malware telemetry and agentic risk

Overview

The skill appears to be a payment-automation wallet skill, but it gives the agent real Solana spending capability with weak user-control and secret-handling guidance.

Install only if you are comfortable giving this skill real wallet authority. Use a dedicated low-balance wallet, keep `.safeflow/agent-keypair.json` out of git/backups/logs, restrict file permissions, verify the Solana cluster and recipient before every transfer, and prefer adding an explicit confirmation or dry-run step before funding it.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Findings (3)

Missing User Warnings

Medium
Confidence
89% confidence
Finding
The skill instructs the agent to generate and store a Solana keypair locally in `.safeflow/agent-keypair.json` but provides no warning about protecting that file, restricting permissions, excluding it from version control, or using secure secret storage. If the host is shared, compromised, or the workspace is accidentally synced, backed up, or committed, an attacker could steal the private key and take over the agent identity and any funds or session authority associated with it.

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The script creates a long-lived Solana agent keypair on disk using `--no-bip39-passphrase` and stores it in a predictable local path without warning the operator that this file contains private key material. If the workstation, repository directory, backups, or CI environment are accessible to another party, the attacker can steal the key and impersonate the agent to spend the wallet's available funds within the configured SafeFlow limits.

Missing User Warnings

High
Confidence
97% confidence
Finding
This script performs an actual Solana payment immediately after parameter parsing, with no interactive confirmation, dry-run, or explicit irreversible-action warning. In the context of an agent skill designed to automate wallet-backed payments, that increases the chance of accidental or unauthorized fund transfers if the script is triggered with attacker-controlled inputs or operator mistakes.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal