ClawHub

Solpaw

Security checks across malware telemetry and agentic risk

Overview

This skill needs review because it asks for wallet secrets and claims local signing, but the shipped launch path appears to use server-side signing that can change who is the on-chain creator.

Do not provide SOLANA_PRIVATE_KEY or send the 0.1 SOL fee until the maintainer resolves the mismatch between the docs and implementation. If you use this skill, require the /tokens/launch-local plus /tokens/submit flow, confirm the platform wallet independently, use a low-balance or test wallet, and enforce explicit approval before any payment, signing, or launch.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (7)

Lp3

Medium
Category
MCP Least Privilege
Confidence
92% confidence
Finding
The skill declares no explicit permissions even though it clearly requires environment-variable access and network access to external APIs. This mismatch can mislead users and host frameworks about the capability and trust boundary of the skill, reducing informed consent and weakening policy enforcement.

Missing User Warnings

Medium
Confidence
87% confidence
Finding
The README promotes autonomous token launches and optional initial buys on Solana without a clear warning that these actions spend real funds and are generally irreversible once submitted on-chain. In an agent-skill context, that omission increases the chance that operators enable automated financial actions without understanding loss, slippage, fee, or scam-token risks.

Missing User Warnings

Medium
Confidence
97% confidence
Finding
The skill instructs use of a raw base58-encoded Solana private key from an environment variable and shows code loading it directly for signing. Handling a hot private key in plaintext env vars materially increases the risk of secret exposure through logs, process inspection, prompt leakage, misconfigured tooling, or downstream code paths, especially in an agent context that also performs network operations.

Missing User Warnings

Medium
Confidence
89% confidence
Finding
The documented fallback `/tokens/launch` endpoint explicitly allows the server to sign transactions on behalf of the launch flow, while only briefly noting it is 'not recommended.' In a wallet- and token-launching context, server-side signing changes custody and trust assumptions materially: users may misunderstand who is the onchain creator, what keys are being used, and whether the platform can alter launch behavior or metadata before submission.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The manifest explicitly requires highly sensitive secrets, including a Solana private key, but provides no warning about secure handling, storage, or the consequences of exposing them. In the context of a skill that launches on-chain tokens and states the user's wallet is the creator, compromise of these values could directly enable unauthorized blockchain transactions and fund theft.

Missing User Warnings

Medium
Confidence
91% confidence
Finding
The skill initiates a financially sensitive workflow that requires the agent to pay 0.1 SOL to a third-party platform wallet, but the launchToken flow contains no runtime confirmation, consent gate, or prominent warning before the irreversible payment-dependent action proceeds. In an autonomous agent setting, this increases the risk of unintended fund transfers or token launches triggered by prompt injection, operator misunderstanding, or unsafe automation.

External Transmission

Medium
Category
Data Exfiltration
Content
# Sign the transaction with your private key, then submit
SIGNED_TX="..." # sign the base64 transaction from TX_DATA
curl -s -X POST https://api.solpaw.fun/api/v1/tokens/submit \
  -H "Content-Type: application/json" \
  -H "Authorization: Bearer $SOLPAW_API_KEY" \
  -d '{"signed_transaction": "'$SIGNED_TX'", "mint": "MINT_FROM_TX_DATA"}'
Confidence
84% confidence
Finding
https://api.solpaw.fun/

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal