Solana Funding Arb Cn
PassAudited by VirusTotal on May 12, 2026.
Overview
Type: OpenClaw Skill Name: solana-funding-arb-cn Version: 1.0.1 This OpenClaw AgentSkills bundle is classified as suspicious due to its inherent high-risk capabilities, despite its stated purpose as an automated trading bot. The skill explicitly instructs the AI agent to handle sensitive user credentials by loading `SOLANA_PRIVATE_KEY` or `SOLANA_WALLET_PATH` from environment variables or local files (`~/.secrets/funding-arb-config.json`, `~/.secrets/.env`). This private key is then used to sign and send financial transactions on Solana DEXes (e.g., in `scripts/src/core/arbitrage.ts`, `scripts/src/core/funding-arbitrage.ts`, `scripts/src/trading/drift-client.ts`), granting the bot direct control over user funds. Furthermore, the `SKILL.md` instructs the agent to establish persistence by adding `scripts/cron-runner.sh` to `crontab -e`, ensuring continuous execution of the trading logic. While these actions align with the bot's intended functionality, they represent significant security risks (e.g., potential for unauthorized fund transfers, persistence, or credential exfiltration if the skill were compromised or subtly altered) and are not considered benign.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
If live trading code, configuration, or dependencies behave unexpectedly, funds in the configured wallet can be traded, lost, or exposed to liquidation/platform risk.
The skill asks for Solana wallet signing material for live trading, while the provided requirements declare no primary credential or required env vars. A Solana private key can authorize trades or movement of funds.
SOLANA_PRIVATE_KEY=[1,2,3,...] # Or use wallet file SOLANA_WALLET_PATH=/path/to/wallet.json
Do not use a primary wallet. Test only in dry-run first, then use a dedicated low-balance wallet if you proceed, and require the skill metadata to explicitly declare private-key/wallet access.
The bot can mutate on-chain positions and spend/trade wallet funds automatically once live trading is enabled.
The included engine can sign and broadcast on-chain transactions using the wallet, including with `skipPreflight`. This is expected for trading, but it is high-impact and no per-trade confirmation gate is shown.
transaction.sign(this.config.wallet);
const signature = await this.connection.sendRawTransaction(transaction.serialize(), {
skipPreflight: true,
maxRetries: 3
});Keep live trading disabled until you have reviewed the code, require explicit approval for every trade, set small hard limits, and avoid `skipPreflight` unless you understand the consequences.
A failed trade sequence could leave you with unintended market exposure and potential losses.
The code acknowledges that one leg of an arbitrage can succeed while the second leg fails, leaving an unhedged position that may require manual cleanup.
// TODO: Handle partial execution - may need to manually close position
logger.error('CRITICAL: Sell failed after buy succeeded!');Do not run live multi-leg trading until partial-execution handling, rollback/hedging behavior, and position limits are fully implemented and tested.
Users may trust the bot or strategy more than warranted and enable live automated trading with real funds too quickly.
The wording overstates safety for a strategy that can suffer slippage, liquidation, smart-contract/platform, rate-reversal, and partial-execution risks.
→ Zero price risk (hedged) → Collect funding from both sides!
Treat the return and safety claims as marketing, not guarantees. Require conservative loss scenarios, audited execution logic, and manual monitoring before risking funds.
If you add the cron job, the bot may keep checking and potentially trading while you are not watching.
The cron wrapper loads environment secrets and runs the auto-trader on a schedule. This setup is disclosed, but once installed it can continue operating without interactive review.
source "$HOME/.secrets/.env" ... npx ts-node --transpile-only src/trading/auto-trader.ts >> "$LOG_FILE" 2>&1
Only enable cron after dry-run testing, use a limited wallet, monitor logs, and know how to remove the crontab entry.
Running `npm install` will bring in third-party packages that can affect your local environment.
The skill requires Node dependencies and blockchain SDKs even though the registry/install metadata presents it as having no install spec. A lockfile is present, so this is an under-declaration note rather than evidence of malicious supply-chain behavior.
"dependencies": {
"axios": "^1.6.0",
"express": "^4.18.2"
},
"optionalDependencies": {
"@solana/web3.js": "^1.73.0",
"@zetamarkets/sdk": "^1.64.0"
}Review `package.json` and `package-lock.json` before installing, and the publisher should declare the install/dependency requirements in metadata.