Solana Swaps
WarnAudited by ClawScan on May 10, 2026.
Overview
The skill’s purpose is coherent, but its swap workflow handles a real wallet keypair and relies on a missing or ambiguous signing script for irreversible financial transactions.
Review carefully before installing. Only use a low-balance dedicated wallet, require confirmation of the exact final transaction and all fees, and do not run the referenced jupiter-swap.mjs signer unless its code is included and verified.
Findings (4)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
A user could approve one displayed quote but have the agent sign a transaction built from a later quote or with fees they did not explicitly review.
The workflow displays a quote, asks for confirmation, then fetches a new quote after confirmation and adds a high priority-fee setting. The artifacts do not clearly require showing and confirming that exact final quote and fee before signing.
After user confirms, request the swap transaction: ... curl ... "https://api.jup.ag/swap/v1/quote?..." > "$QUOTE_FILE" ... "maxLamports": 5000000, "priorityLevel": "high"
Require the agent to display the exact final quote, minimum received, route, slippage, and priority fee immediately before signing, and require a fresh explicit confirmation for that exact transaction.
If used with a main wallet or a high-value keypair, mistakes or compromised commands could spend funds irreversibly.
The skill uses a local Solana wallet keypair to sign swap transactions. This is necessary for the stated purpose, but it grants authority over real wallet funds.
`SOLANA_KEYPAIR_PATH` | Path to wallet keypair JSON file ... node ... --keypair "$SOLANA_KEYPAIR_PATH" --transaction "$SWAP_TX"
Use a dedicated low-balance wallet, verify every quote and transaction detail, and never expose or display the keypair file contents.
The most security-critical component—the code that signs and submits transactions—is not included in the reviewed artifacts.
The provided manifest says this is an instruction-only skill with no code files, so the referenced signer/submitter script is absent from review even though it would handle wallet signing.
Use the jupiter-swap.mjs script to sign and submit: `node "$(dirname "$0")/scripts/jupiter-swap.mjs" --keypair "$SOLANA_KEYPAIR_PATH" --transaction "$SWAP_TX"`
Do not run the missing signer unless its source is provided, reviewed, and pinned to a trusted path; prefer a wallet or CLI flow that shows the transaction before signing.
A wrong or attacker-controlled local script could receive the keypair path and transaction data, then sign or perform unintended actions.
The command uses an ambiguous `$0`-relative path for a script that is not present in the skill package. In a shell context this may resolve outside the skill directory and execute unintended local JavaScript with the wallet keypair argument.
node "$(dirname "$0")/scripts/jupiter-swap.mjs"
Use an absolute, verified skill-package path for any helper script, include the script in the reviewed package, and avoid passing keypair paths to unverified code.