Jupiter Skill for OpenClaw
WarnAudited by ClawScan on May 10, 2026.
Overview
The skill is transparently aimed at Jupiter/Solana swaps, but it can read a local wallet key, sign and submit irreversible transactions, and has an unsafe broad API helper that could leak the Jupiter API key if misused.
Install only if you intentionally want an agent-assisted Jupiter/Solana transaction tool. Use a fresh low-balance wallet, verify every transaction before signing, do not allow autonomous swaps, use trusted RPC/Jupiter endpoints, and treat the registry metadata as incomplete for credentials and wallet access.
Findings (4)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
A mistaken or malicious endpoint could expose the Jupiter API key and request body to an unintended server.
The endpoint is user-controlled and concatenated directly into the URL before sending the API key header. If the endpoint is not constrained to a safe path under api.jup.ag, a malformed value could direct the request and JUP_API_KEY to a non-Jupiter host.
let url = `${BASE_URL}${options.endpoint}`; ... "x-api-key": apiKey ... const response = await fetch(url, { ...fetchOptions, signal: controller.signal });Validate that endpoints start with a single '/', reject absolute/host-changing forms, enforce the final URL origin as https://api.jup.ag, and restrict methods/endpoints to the intended Jupiter API set.
If the agent signs or executes the wrong transaction, tokens or SOL could be moved or lost irreversibly.
The documented workflow chains an API-provided unsigned transaction into local wallet signing and immediate execution. The artifacts do not show a required confirmation or decoded transaction review step before broadcasting.
SIGNED_TX=$(pnpm wallet-sign -t "$UNSIGNED_TX" --wallet ~/.config/solana/id.json) ... pnpm execute-ultra -r "$REQUEST_ID" -t "$SIGNED_TX"
Require explicit user approval immediately before signing and broadcasting. Show decoded instructions, token mints, amounts, slippage, fees, and affected accounts, and prefer a dedicated low-balance wallet.
Anyone or any agent flow that can invoke this with a wallet path can authorize transactions from that wallet.
The script reads a local Solana wallet file containing private key material and creates a signing keypair. This is powerful delegated authority over that wallet, and the registry metadata under-declares the credential/config requirement.
const fileContent = readFileSync(expandedPath, "utf-8"); const secretKey = JSON.parse(fileContent); ... return Keypair.fromSecretKey(Uint8Array.from(secretKey));
Use only a dedicated low-balance wallet, avoid autonomous signing, keep the wallet path explicit per task, and update registry metadata to declare JUP_API_KEY and the wallet private-key file requirement.
Installing from an untrusted copy or ignoring dependency changes could affect code that has wallet-signing authority.
The skill relies on npm/pnpm dependencies and TypeScript execution. This is expected for the stated CLI purpose and a lockfile is included, but it is still supply-chain-relevant because the tool signs blockchain transactions.
"dependencies": { "@solana/web3.js": "^1.95.0", "bs58": "^6.0.0", "commander": "^12.1.0" }, "devDependencies": { "tsx": "^4.19.0", "typescript": "^5.6.0" }Install only from a trusted source, use the provided lockfile, review dependency changes, and avoid running modified versions with valuable wallets.