ClawHub

Solpaw Interaction Skill

Security checks across malware telemetry and agentic risk

Overview

This skill has a real token-launching purpose, but it asks an agent to handle wallet authority and paid irreversible blockchain actions while the SDK contradicts the promised local-creator flow.

Review carefully before installing. Do not use a main wallet private key; use a dedicated low-balance wallet, set spending limits outside the skill, verify the platform wallet, fee amount, token metadata, creator address, and decoded transaction before signing or submitting, and avoid the included SDK launchToken flow until the Local Mode versus server-signed endpoint mismatch is fixed.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (7)

Lp3

Medium
Category
MCP Least Privilege
Confidence
94% confidence
Finding
The skill declares no explicit permissions while clearly requiring environment secret access and outbound network access to a third-party API. This mismatch reduces transparency and can cause an agent or user to invoke a financially sensitive workflow without understanding that secrets and external calls are involved.

Missing User Warnings

Medium
Confidence
92% confidence
Finding
The README promotes autonomous token launches, fee payments, and optional initial buys without any prominent warning that these actions spend real funds and create on-chain, hard-to-reverse financial artifacts. In an agent-skill context, that omission increases the risk that users enable the skill without understanding that it can trigger irreversible blockchain transactions and token creation.

Missing User Warnings

Medium
Confidence
98% confidence
Finding
The skill requires a raw Solana private key in an environment variable and instructs the user/agent to use it for signing, but it does not provide strong secret-handling guidance or recommend safer signing mechanisms. Any agent, plugin, log, subprocess, or compromised dependency with env access could exfiltrate the key and irreversibly drain the wallet.

Missing User Warnings

Medium
Confidence
91% confidence
Finding
The documentation explicitly exposes a fallback mode where the server signs token-launch transactions, meaning users may delegate critical signing authority to the platform. In a crypto asset-launching context, this creates real trust, custody, and attribution risk because users may not understand that the platform, not their wallet, becomes the onchain creator and can exercise signing control server-side.

External Transmission

Medium
Category
Data Exfiltration
Content
# Sign the transaction with your private key, then submit
SIGNED_TX="..." # sign the base64 transaction from TX_DATA
curl -s -X POST https://api.solpaw.fun/api/v1/tokens/submit \
  -H "Content-Type: application/json" \
  -H "Authorization: Bearer $SOLPAW_API_KEY" \
  -d '{"signed_transaction": "'$SIGNED_TX'", "mint": "MINT_FROM_TX_DATA"}'
Confidence
92% confidence
Finding
https://api.solpaw.fun/

External Transmission

Medium
Category
Data Exfiltration
Content
import { Keypair } from '@solana/web3.js';

const solpaw = new SolPawSkill({
  apiEndpoint: 'https://api.solpaw.fun/api/v1',
  apiKey: process.env.SOLPAW_API_KEY,
  defaultCreatorWallet: process.env.SOLPAW_CREATOR_WALLET,
});
Confidence
90% confidence
Finding
https://api.solpaw.fun/

External Transmission

Medium
Category
Data Exfiltration
Content
"SOLPAW_API_KEY": "",
    "SOLPAW_CREATOR_WALLET": "",
    "SOLANA_PRIVATE_KEY": "",
    "SOLPAW_API_URL": "https://api.solpaw.fun/api/v1"
  },
  "dependencies": ["curl"],
  "install": {
Confidence
89% confidence
Finding
https://api.solpaw.fun/

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal