easyclaw
WarnAudited by ClawScan on May 10, 2026.
Overview
This is a coherent DEX trading skill, but it can use your Solana wallet to place live, potentially unlimited automated orders from websocket signals and uses broad API token aliases.
Review carefully before installing. If you use it, start on devnet or with an unfunded/dedicated wallet, unset generic API_TOKEN/API_BASE_URL/WS_URL environment variables, use --dry-run first, and never run live autotrade without explicit caps and monitoring.
Findings (6)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
If enabled on a funded wallet, the agent can place live trades based on incoming signals rather than asking for confirmation for every order.
The skill explicitly supports executing real DEX orders automatically from realtime signals, a high-impact financial action that is not limited to a single user-confirmed order.
realtime signal -> auto order execution
{baseDir}/scripts/dex-agent.sh autotrade --market-id 1 --margin 1000000 --min-confidence 0.75Use --dry-run first, require explicit user approval before live trading, and set conservative --max-orders, --cooldown-ms, --min-confidence, market, margin, and endpoint values.
A single faulty signal source or wrong endpoint could lead to repeated trades until the process is stopped or the wallet runs out of usable funds.
The autotrade defaults allow unlimited orders and unlimited reconnect attempts on a signal channel, so a bad signal stream or misconfiguration could repeatedly create financial actions.
--max-orders <n> Default: 0 (unlimited) --channel <name> Default: agent.signals --max-reconnect-attempts <n> Default: 0 (unlimited)
Do not use the unlimited defaults for live wallets; set a low --max-orders value, finite reconnect limits, and monitor the process closely.
An unrelated API_TOKEN or API_BASE_URL already present in the environment could be sent to the EasyClaw backend or another configured endpoint.
The backend helper accepts generic API_BASE_URL/API_TOKEN-style environment variables and sends any resolved token as a Bearer credential, which can accidentally use unrelated credentials from the user's environment.
process.env.EASYCLAW_API_BASE_URL ||
process.env.API_BASE_URL ||
...
process.env.EASYCLAW_API_TOKEN ||
process.env.API_AUTH_TOKEN ||
process.env.API_TOKEN ||
...
headers.Authorization = `Bearer ${resolvedToken}`;Unset generic API_* and WS_URL variables before use, prefer EASYCLAW_API_TOKEN/EASYCLAW_API_BASE_URL/EASYCLAW_WS_URL only, and use a narrowly scoped EasyClaw token.
Commands can sign transactions with the selected wallet, including deposits and order placement.
The skill needs a local Solana keypair to sign DEX transactions. This is purpose-aligned, but it is sensitive authority over the selected wallet.
Wallet signer source: `KEYPAIR_PATH` or `ANCHOR_WALLET` (fallback `~/.config/solana/id.json`).
Use a dedicated low-balance trading wallet, prefer devnet/localnet for testing, and confirm program IDs and RPC endpoint before live use.
Running the install path may download and execute npm package installation logic on the local machine.
The skill can install Node dependencies from npm when node_modules is missing. This is normal for a Node skill and a lockfile is included, but it still introduces dependency supply-chain exposure.
(cd "${SKILL_DIR}" && npm install)Review package.json/package-lock.json, install from a trusted network, and consider using a sandboxed environment.
Local strategy and wallet metadata may remain available to later runs of the skill or to anyone with access to the skill folder.
Onboarding stores the user's strategy prompt plus wallet address/path metadata under the skill state directory. This is disclosed and local, but it creates persistent trading context.
fs.writeFileSync(txtPath, `${strategyPrompt.trim()}\n`);
...
wallet_address: walletAddress,
wallet_path: walletPath,
strategy_file: txtPathDo not store secrets in strategy prompts, and delete old files under state/strategies when they are no longer needed.