ClawPay Escrow
SuspiciousAudited by ClawScan on May 10, 2026.
Overview
This is a legitimate-looking crypto escrow skill, but it would install an unpinned SDK and use local Solana private-key files to sign mainnet payment transactions.
Only install this if you trust the ClawPay SDK and are comfortable letting an agent use a Solana wallet. Use Devnet or a dedicated low-balance wallet, pin and verify the package version, set the keypair path explicitly, and require explicit approval before every signed transaction.
Findings (3)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
If the wrong keypair is used or a transaction is authorized incorrectly, the agent could spend or lock real SOL from a local wallet.
The skill directs the agent to find and use local Solana private-key files. This is expected for a payment skill, but it is high-impact authority and the fallback search includes broad/common key locations rather than a tightly scoped, user-selected wallet.
The user's Solana wallet keypair is required. Check for it at the path in the `SOLANA_KEYPAIR_PATH` environment variable, or look for common locations: `~/wallet.json`, `~/.config/solana/id.json`, `~/projects/clawpay/program-keypair.json`.
Use a dedicated low-balance wallet, set `SOLANA_KEYPAIR_PATH` explicitly, avoid using a main wallet or program/deployer keypair, and require explicit approval for every signed transaction.
A compromised, changed, or unexpected package version could gain access to wallet key material or sign unintended transactions.
The skill instructs installation of an unpinned external package, and the artifact set contains no code files to review. Because that package is then used with wallet private keys and payment signing, the supply-chain trust requirement is material.
If not installed: ```bash pip3 install clawpay ```
Verify the SDK source and maintainer, pin an exact package version and hash, review the package before use, and prefer running it in a constrained environment with a limited wallet.
A mistaken seller address, amount, network, or escrow address could cause funds to be locked, released, refunded, or fee-charged in ways the user did not intend.
The skill exposes transaction-creating code that can move funds on Solana mainnet. Its guardrails say to confirm the amount and seller key, but they do not clearly define a final approval step immediately before signing or broadcasting.
escrow = client.create_escrow(
seller=Pubkey.from_string("SELLER_PUBKEY"),
amount_sol=AMOUNT,
delivery_secs=DELIVERY_TIME,
verification_secs=VERIFICATION_TIME
)
...
- **Network**: Solana Mainnet (default) or DevnetBefore any transaction, show the wallet address, network, amount, fee, seller public key, escrow address if applicable, and exact action, then require a fresh user confirmation before signing.