Skillv0.1.0

ClawScan security

Solpaw · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

SuspiciousFeb 11, 2026, 9:35 AM

Verdict: suspicious
Confidence: high
Model: gpt-5-mini
Summary: The skill's stated behavior (local signing so your wallet is the on‑chain creator) does not match the shipped code and configuration: it requests a private key but the TypeScript SDK calls the server-side launch endpoint, which would make the platform the on‑chain creator; this inconsistency warrants caution before installing or providing secrets.
Guidance: Do not supply your Solana private key to this skill until the ownership/signing behavior is clarified. Specific actions to consider before installing or using: - Verify which API endpoint the code calls: /tokens/launch (server signs, platform becomes creator) vs /tokens/launch-local (client signs, you remain creator). The included TypeScript calls /tokens/launch — that contradicts the documentation's claim that your wallet will be the onchain creator. - Prefer local signing: if you want to remain the onchain creator, require the skill to use /tokens/launch-local or provide a signing-only helper that never sends your private key to the network or server. - Never place long-term private keys in shared environment variables on multi-user machines. Use ephemeral/local signing (hardware wallet, offline signing, or a process that reads a key from a secure keystore) where possible. - Confirm the platform wallet address and test with minimal-risk flows (use a devnet/testnet or a small-value account) before sending real funds. The 0.1 SOL payment is irreversible and could be lost or result in the platform controlling the token if the server signs. - If you plan to use this skill, request the maintainer update the SDK to clearly expose a payAndLaunch/local-signing method (and/or remove SOLANA_PRIVATE_KEY from required envs if unused), or patch the code to use /tokens/launch-local and local signing. If the maintainer cannot justify the private key requirement, treat it as unnecessary and risky.

Review Dimensions

Purpose & Capability: concernName/description: launch Solana tokens with the agent as onchain creator. Declared requirements include an API key, creator wallet, and a SOLANA_PRIVATE_KEY — reasonable if the skill signs transactions locally. However, the included TypeScript implementation's launchToken() posts to /tokens/launch (server-side signing) rather than /tokens/launch-local (client-side signing). That contradicts the stated purpose that 'your wallet is the onchain creator' and the SKILL.md guidance to 'ALWAYS use Local Mode'.
Instruction Scope: concernSKILL.md describes both the local flow (build unsigned tx, sign locally, submit /tokens/submit or /tokens/launch-local) and a one-call SDK that 'pays fee + uploads + signs + submits'. But the actual solpaw-skill.ts only implements calls that use the server-side /tokens/launch endpoint and never performs local signing. Instructions expect the agent to handle private signing, but the code does not. This mismatch could lead to unexpected server-side signing or token ownership behavior.
Install Mechanism: okInstruction-only skill with no download/extract install steps and only requires curl. No risky install URLs or archive extraction detected.
Credentials: concernThe skill requires three env vars (SOLPAW_API_KEY, SOLPAW_CREATOR_WALLET, SOLANA_PRIVATE_KEY). API key and creator wallet are expected. Requiring the private key is only justified for local signing; but the shipped code does not use it, so requesting the private key as an environment variable appears disproportionate and unnecessary. Additionally, storing private keys in environment variables has standard security risks that users should consider.
Persistence & Privilege: okNo always:true, no install script that modifies other skills or system config, and the skill does not request persistent elevated privileges. Default autonomous invocation is enabled (normal).