ClawHub

Solpaw

Security checks across malware telemetry and agentic risk

Overview

This skill matches its token-launching purpose, but it gives an agent high-impact wallet authority with inconsistent launch/signing documentation and limited user-control safeguards.

Review carefully before installing. Use only a dedicated low-balance wallet, never a main wallet private key, and manually confirm the fee recipient, exact SOL amounts, token metadata, initial buy amount, decoded transaction contents, and final submission. The publisher should resolve the local-mode versus server-signed launch mismatch before users rely on the claim that their wallet is the on-chain creator.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (8)

Lp3

Medium
Category
MCP Least Privilege
Confidence
88% confidence
Finding
The skill declares no permissions while explicitly requiring environment variables and making outbound network requests via curl. This weakens sandboxing and user awareness, increasing the chance that secrets such as API keys or wallet material are exposed to a tool with broader capabilities than declared.

Tp4

High
Category
MCP Tool Poisoning
Confidence
81% confidence
Finding
The documented purpose is token launching, but the analysis indicates additional account/history/statistics retrieval behavior not disclosed in the description. Undisclosed data access expands the trust boundary and can lead users to authorize a skill without understanding the full set of data it can collect or transmit.

Missing User Warnings

Medium
Confidence
90% confidence
Finding
The README explicitly promotes autonomous token launches involving real on-chain payments, remote API usage, and external service interaction, but it does not clearly warn users that invoking the skill can spend funds, transmit wallet identifiers/API keys, and publish token metadata to third-party services. In an agent context, missing consent and risk disclosure is dangerous because users may enable the skill without understanding that it can trigger irreversible financial and reputational actions on Solana.

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The skill instructs use of a base58-encoded Solana private key for signing but does not provide strong warnings about secret handling, storage, logging, or exposure risks. In an agent/tooling context, private-key access is highly sensitive because compromise enables irreversible theft of funds and unauthorized on-chain actions.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The one-call launch flow bundles fee payment, upload, signing, and submission into a single action without a prominent warning that it spends funds and triggers irreversible blockchain transactions. In this context, users may approve a seemingly simple helper action that actually transfers SOL and publishes a token permanently on-chain.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The manifest explicitly requires a Solana private key in environment configuration, but provides no warning, scoping guidance, or indication of how that key will be protected. In a skill designed to launch on-chain tokens, exposure or misuse of this key could directly compromise the user's wallet and authorize irreversible blockchain transactions.

External Transmission

Medium
Category
Data Exfiltration
Content
# Sign the transaction with your private key, then submit
SIGNED_TX="..." # sign the base64 transaction from TX_DATA
curl -s -X POST https://api.solpaw.fun/api/v1/tokens/submit \
  -H "Content-Type: application/json" \
  -H "Authorization: Bearer $SOLPAW_API_KEY" \
  -d '{"signed_transaction": "'$SIGNED_TX'", "mint": "MINT_FROM_TX_DATA"}'
Confidence
72% confidence
Finding
https://api.solpaw.fun/

External Transmission

Medium
Category
Data Exfiltration
Content
import { Keypair } from '@solana/web3.js';

const solpaw = new SolPawSkill({
  apiEndpoint: 'https://api.solpaw.fun/api/v1',
  apiKey: process.env.SOLPAW_API_KEY,
  defaultCreatorWallet: process.env.SOLPAW_CREATOR_WALLET,
});
Confidence
83% confidence
Finding
https://api.solpaw.fun/

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal