Back to skill
Skillv0.1.0
VirusTotal security
Solpaw · External malware reputation and Code Insight signals for this exact artifact hash.
Scanner verdict
SuspiciousApr 30, 2026, 3:39 AM
- Hash
- eda06cea837e534b163630f417d7be3ee953fc9cf4519db17dfd8aca050c39e5
- Source
- palm
- Verdict
- suspicious
- Code Insight
- Type: OpenClaw Skill Name: solpaw-skill Version: 0.1.0 The skill is suspicious due to a significant discrepancy between its stated functionality and its actual implementation. The `SKILL.md` and `README.md` explicitly claim that the agent's wallet will be the onchain creator and that local signing is used for token launches. However, the `solpaw-skill.ts` implementation calls the `/tokens/launch` API endpoint, which, according to `references/api-docs.md`, is a 'Lightning mode' where the 'server signs the transaction' and the 'Platform wallet is the onchain creator (not recommended)'. This misrepresentation of token ownership and signing mechanism, despite the skill requiring the sensitive `SOLANA_PRIVATE_KEY` environment variable, raises serious trust concerns about the skill's transparency and the true control over launched assets via `https://api.solpaw.fun`.
- External report
- View on VirusTotal