Skillv1.0.0

ClawScan security

Colony Solana · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

SuspiciousFeb 20, 2026, 3:59 PM

Verdict: suspicious
Confidence: medium
Model: gpt-5-mini
Summary: The skill appears to implement the described Colony gameplay (including wallet generation, swaps, buys, and claims) but the metadata omits required sensitive environment variables and the runtime needs a private key that grants full on-chain spending — this mismatch and the financial capabilities warrant caution.
Guidance: This skill will generate or require a Solana private key (SOLANA_PRIVATE_KEY) and can sign transactions that move real funds (swap SOL, buy/upgrade lands, claim tokens). Before installing or running it: 1) Do not use your main or high-value wallet — create a dedicated, funded test wallet with a small amount of SOL. 2) Verify the program ID and token mint addresses in the code match the official Colony project and $OLO mint (to avoid interacting with a malicious program). 3) Review the colony-cli.mjs source yourself (or have someone audit it) for any hidden network calls or exfiltration logic. 4) Prefer hardware/air-gapped signing or a watch-only setup if you do not trust the code; never paste your private key into untrusted environments. 5) Note the registry metadata omitted required env vars — ask the publisher to update metadata to declare SOLANA_PRIVATE_KEY and JUPITER_API_KEY. 6) Run npm install in an isolated environment (container/VM) and consider running the CLI locally with read-only commands (status, game-state, land-info) before enabling write/autonomous behavior. If you are not comfortable granting a skill a private key that can spend funds, do not enable autonomous runs or avoid installing the skill.

Review Dimensions

Purpose & Capability: concernThe CLI and SKILL.md behavior (generate a wallet, require SOLANA_PRIVATE_KEY, perform swaps and on-chain buys/claims) are coherent with a Colony game agent, but the registry metadata declared no required env vars or credentials while SKILL.md and code require a SOLANA_PRIVATE_KEY and optionally JUPITER_API_KEY. That discrepancy is an incoherence in the package metadata and the expected privileges.
Instruction Scope: noteRuntime instructions explicitly tell the agent to generate a wallet, persist the private key in SOLANA_PRIVATE_KEY, ask the owner to fund it, and then perform autonomous on-chain actions (swap, buy, upgrade, claim). The instructions do not ask the agent to read unrelated system files, nor to exfiltrate secrets, but they do instruct storing and using a highly sensitive private key and requesting the owner to transfer real SOL — both are high-impact actions that are nevertheless within the stated game purpose.
Install Mechanism: noteThere is no platform install spec, but SKILL.md instructs running npm install to use the included colony-cli.mjs. Dependencies are standard Solana/Anchor/npm packages from the registry (package.json/package-lock.json). No arbitrary download URLs or extract steps are present in the manifest, so install risk is typical for running third‑party Node code (pulls multiple npm packages).
Credentials: concernThe skill requires a private key (SOLANA_PRIVATE_KEY) that allows signing transactions and moving funds; that is proportionate to the stated purpose but represents very high privilege. The SKILL.md also mentions JUPITER_API_KEY for swaps. The manifest's omission of required env vars is inconsistent and reduces transparency about what secrets will be requested/used.
Persistence & Privilege: noteThe skill is not marked always:true and is user-invocable (normal). However, because the agent can be allowed to invoke the skill autonomously and the skill can sign and send transactions with the user's private key, there is an elevated blast radius if allowed to run unattended. This is expected for an autonomous wallet-managing skill but is a meaningful risk to weigh.