ClawHub

Solpaw-Launcher

Security checks across malware telemetry and agentic risk

Overview

This skill launches real Solana tokens and its documentation conflicts with its SDK about who signs the launch and who becomes the on-chain creator.

Install only if you understand that this can spend SOL and launch irreversible public tokens through a third-party service. Use a fresh wallet with only the needed funds, never a main wallet key, and avoid relying on the SDK until the publisher reconciles /tokens/launch with the promised local-signing creator model. Require explicit confirmation of token details, creator wallet, fee signature, endpoint, and initial buy before every launch.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (7)

Lp3

Medium
Category
MCP Least Privilege
Confidence
91% confidence
Finding
The skill declares no explicit permissions while requiring environment variables and making external network calls, which creates a transparency and governance gap. In an agent platform, undeclared access to secrets and outbound connectivity can bypass user and policy expectations, especially because the skill can initiate financial/token-launch workflows.

Tp4

High
Category
MCP Tool Poisoning
Confidence
72% confidence
Finding
A description-behavior mismatch is a real security concern because users may authorize a token-launch skill without realizing it can also enumerate prior launches, fetch fee/accounting summaries, or query platform data. That hidden or under-disclosed behavior expands the data-access surface and can expose operational metadata beyond the stated purpose.

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The README promotes autonomous token launches, payment of a non-trivial on-chain fee, and registration with a third-party API, but it does not clearly warn users that funds will be spent, wallet addresses will be transmitted externally, and token creation may have legal or financial consequences. In an agent-skill context, this omission is risky because users may enable automation without realizing the skill can trigger irreversible blockchain transactions and external service interaction.

Missing User Warnings

Medium
Confidence
91% confidence
Finding
The documentation presents a server-signing fallback mode where the platform, not the user-controlled wallet, becomes the onchain creator, but it does not prominently warn about the custody, trust, attribution, and impersonation implications. In a token-launching skill, this can mislead integrators into using a mode that changes security and ownership assumptions, increasing the risk of unauthorized launches, reputational harm, or loss of user control.

Missing User Warnings

Medium
Confidence
87% confidence
Finding
The manifest explicitly requires highly sensitive credentials, including a Solana private key and API key, but provides no warning, scoping guidance, or safer alternative. In a crypto-launching skill, requesting a raw private key is especially dangerous because compromise can directly lead to irreversible theft of on-chain funds or unauthorized token launches.

External Transmission

Medium
Category
Data Exfiltration
Content
```bash
# Build unsigned transaction
TX_DATA=$(curl -s -X POST https://api.solpaw.fun/api/v1/tokens/launch-local \
  -H "Content-Type: application/json" \
  -H "Authorization: Bearer $SOLPAW_API_KEY" \
  -d '{
Confidence
76% confidence
Finding
curl -s -X POST https://api.solpaw.fun/api/v1/tokens/launch-local \ -H "Content-Type: application/json" \ -H "Authorization: Bearer $SOLPAW_API_KEY" \ -d '{ "name": "MyCoolToken", "symbo

External Transmission

Medium
Category
Data Exfiltration
Content
```bash
# Build unsigned transaction
TX_DATA=$(curl -s -X POST https://api.solpaw.fun/api/v1/tokens/launch-local \
  -H "Content-Type: application/json" \
  -H "Authorization: Bearer $SOLPAW_API_KEY" \
  -d '{
Confidence
76% confidence
Finding
https://api.solpaw.fun/

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal