Back to skill
Skillv0.1.1
VirusTotal security
Solpaw · External malware reputation and Code Insight signals for this exact artifact hash.
Scanner verdict
SuspiciousApr 29, 2026, 3:38 AM
- Hash
- 724dfea7378e977f047f7977088ab1a8f075b4f3e1d926ec4f2c19de33724d24
- Source
- palm
- Verdict
- suspicious
- Code Insight
- Type: OpenClaw Skill Name: solpaw-skill-final Version: 0.1.1 The skill is classified as suspicious due to the explicit instruction in `SKILL.md` for the AI agent to directly handle and use the `SOLANA_PRIVATE_KEY` environment variable for signing Solana transactions. While the stated purpose is to launch tokens, which requires signing, providing an autonomous agent with direct access to a private key for transaction signing is a high-risk capability. This could lead to unauthorized financial transactions if the agent is compromised or misinterprets instructions, despite the `README.md` claiming 'Private keys never touch the server' and the `solpaw-skill.ts` code using an API endpoint where the server signs (a discrepancy with `SKILL.md`'s 'Local Mode' instructions).
- External report
- View on VirusTotal