ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Solana Swaps

v0.1.0

Swap tokens on Solana via Jupiter aggregator and check wallet balances. Use when user wants to swap tokens, check SOL/token balance, or get swap quotes.

0· 2.1k·3 current·3 all-time
by@imthatcarlos
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Suspicious
medium confidence
Purpose & Capability
The requested binaries (solana, spl-token, curl, jq, node) and the use of Jupiter's API are appropriate for a Solana swap/quote skill. However, the SKILL.md references JUPITER_API_KEY and a local Node script (scripts/jupiter-swap.mjs) that are not declared in the skill metadata and are not present in the package. Requesting node is reasonable only if the script is supplied; without it the runtime instructions are incomplete.
!
Instruction Scope
Instructions tell the agent to read the wallet keypair (via the solana CLI), call api.jup.ag, write temporary files under /tmp, and run a local Node signing/submission script. The skill explicitly says environment variables (including JUPITER_API_KEY) are preconfigured, but the registry metadata only declares SOLANA_KEYPAIR_PATH. The referenced scripts are not included; that gap either breaks functionality or implies external code will be introduced at runtime — both are red flags. The instructions also rely on automatic access to the user's private key file (via SOLANA_KEYPAIR_PATH), which grants signing ability and must be treated as highly sensitive.
Install Mechanism
This is an instruction-only skill with no install spec, which is lower risk in that nothing is written by an installer. However, running the provided commands requires local CLIs and a Node script that is not packaged; the absence of an install step means the skill assumes the runtime environment already contains compatible tooling and scripts, which increases the chance of breakage or accidental manual copying of missing files from untrusted sources.
!
Credentials
The skill declares only SOLANA_KEYPAIR_PATH as a required env var in registry metadata, but SKILL.md also depends on JUPITER_API_KEY (used in all API calls) and explicitly claims it is preconfigured. That mismatch is problematic: JUPITER_API_KEY is expected for authenticated Jupiter requests and should be declared. More importantly, SOLANA_KEYPAIR_PATH points to a wallet private key file; providing this gives the skill (and any scripts it runs) the ability to sign and submit transactions — a powerful credential that must be proportionate and only given to trusted code. The SKILL.md's admonition 'NEVER log, display, or transmit private key contents' is good guidance but cannot be enforced.
Persistence & Privilege
The skill does not request always:true and is user-invocable only (normal). It does not declare modifications to other skills or system-wide settings. There is no install step that creates persistent agents or credentials. Autonomous invocation is allowed by default but is not an additional red flag here.
What to consider before installing
What to check before installing or enabling this skill: - Missing pieces: SKILL.md references a local Node script (scripts/jupiter-swap.mjs) but the skill bundle contains no code files. Ask the publisher for the missing script or an install spec before trusting/using this skill — without it the instructions are incomplete. - Undeclared API key: The documentation uses JUPITER_API_KEY for authenticated Jupiter requests but the skill metadata does not declare it as a required env var. Confirm where that key is expected to come from and ensure it is stored securely. - High-sensitivity credential: SOLANA_KEYPAIR_PATH points to your wallet keypair file. Any code run with that keypair can sign and submit transactions (i.e., move funds). Only provide that path to code and scripts you have audited and trust. Prefer a limited-purpose hot wallet with minimal funds, a hardware wallet, or signing via a remote signer you control. - Missing audit: Because the skill is instruction-only and references external APIs and a missing script, you should inspect the jupiter-swap.mjs code (or request it) to confirm it does not exfiltrate the keypair file, upload private data, or call unexpected endpoints. - Network calls: The skill interacts with api.jup.ag (expected) but also uses curl and writes /tmp files. Ensure temporary files don't contain private key data and that your environment prevents accidental leakage (e.g., logs). If you cannot obtain and review the missing script and a clear declaration of required env vars, treat this skill as untrusted and avoid supplying your wallet keypair path or API keys.

Like a lobster shell, security has layers — review code before you run it.

latestvk97ca0pqgqpsbvaksy53mscme17zt5bh

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Runtime requirements

💰 Clawdis
Binssolana, spl-token, curl, jq, node
EnvSOLANA_KEYPAIR_PATH

Comments