Skill flagged — suspicious patterns detected
ClawHub Security flagged this skill as suspicious. Review the scan results before using.
ClawDex Trading
v1.0.0Trade tokens on Solana using the ClawDex CLI. Use when the user asks to swap tokens, check balances, get quotes, or manage a Solana trading wallet.
⭐ 0· 652·5 current·5 all-time
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Suspicious
high confidencePurpose & Capability
The name/description (Solana trading via ClawDex/Jupiter) matches the CLI commands shown. However the SKILL.md references environment values and paths (JUPITER_API_KEY, SOLANA_RPC_URL, and ~/.config/solana/id.json) that are required for operation but are not declared in the skill's metadata. That omission is an incoherence between declared requirements and actual needs.
Instruction Scope
The instructions explicitly direct the agent to run clawdex CLI commands that can simulate and execute real swaps (including a required '--yes' for non-interactive execution). They also reference a local wallet file (~/.config/solana/id.json) and an API key. The skill gives the agent permission to read local config and perform fund-moving operations if the wallet is present — this is beyond a purely read-only or quote-only skill and requires explicit, declared consent mechanisms.
Install Mechanism
There is no install spec in the registry, but the SKILL.md suggests running `npm install -g clawdex@latest`. Installing an npm package at runtime pulls code from a remote package registry and grants it execution on the host; this is a legitimate way to obtain a CLI but increases supply-chain risk and should be acknowledged explicitly in the manifest (package provenance, expected version, and source repository).
Credentials
The skill uses and expects secrets/credentials (JUPITER_API_KEY, possibly wallet private key at ~/.config/solana/id.json and RPC URL) yet the skill metadata declares no required env vars or primary credential. Requesting access to a local wallet file and to an API key without declaring them is disproportionate and makes it easy to accidentally expose private keys or allow automated trades.
Persistence & Privilege
always:false (good) but model invocation is allowed (default). Combined with instructions that enable non-interactive swaps (`--yes`) and access to a local wallet, the agent could autonomously execute financial transactions if invoked. The skill does not require explicit interactive confirmations in its manifest; that gap increases risk for autonomous agents.
What to consider before installing
This skill can run real trades and expects access to a local Solana wallet and an API key, but those requirements are not declared in the registry metadata — treat it as risky until clarified. Before installing or enabling it: 1) Do not keep high-value private keys at the default path if you plan to let an agent run such skills; use a dedicated low-value wallet for automation. 2) Require explicit user confirmation for any non-simulated swap or disable autonomous invocation for this skill. 3) Verify the clawdex npm package source (repository, authors, recent releases) and consider pinning a known-good version instead of installing latest. 4) Ensure JUPITER_API_KEY and SOLANA_RPC_URL are managed securely (use environment isolation/secrets manager) and rotate credentials if exposed. 5) Ask the skill author to update the manifest to declare required env vars and document the expected wallet usage and safety model — that would materially reduce the risk and could change this assessment.Like a lobster shell, security has layers — review code before you run it.
latestvk97eqyxarncmvdt4s2ewf1v6wn812fc9
License
MIT-0
Free to use, modify, and redistribute. No attribution required.