THE FLIP

AdvisoryAudited by Static analysis on May 10, 2026.

Overview

Detected: suspicious.env_credential_access, suspicious.potential_exfiltration

Findings (2)

Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.

ConcernHigh Confidence

ASI03: Identity and Privilege Abuse

What this means

If run, the skill can use your Solana keypair to sign devnet transactions and spend devnet USDC/SOL fees; using a wallet that also holds mainnet value would be unnecessarily risky.

Why it was flagged

The script reads a local Solana private key from an env-selected path or the default wallet path, while the skill metadata declares no credential or config-path requirement.

Skill content

const raw = JSON.parse(fs.readFileSync(keyPath || process.env.ANCHOR_WALLET || path.join(process.env.HOME, '.config', 'solana', 'id.json'), 'utf8')); return Keypair.fromSecretKey(Uint8Array.from(raw));

Recommendation

Use a dedicated throwaway devnet wallet, pass the keypair path explicitly, and do not let the agent run transaction commands without your confirmation. The publisher should declare ANCHOR_WALLET/default wallet access and avoid loading a private key for read-only commands.

NoteHigh Confidence

ASI02: Tool Misuse and Exploitation

What this means

An agent running these commands can enter the game, trigger a flip, or claim using the loaded wallet, which may spend tokens or fees on devnet.

Why it was flagged

The skill exposes commands that submit on-chain game transactions and mutate game state; this is purpose-aligned and disclosed, but should remain user-approved.

Skill content

node app/demo.mjs enter HHTHHTTHHTHHTHHTHHTH ... Cost: 1 USDC ... node app/demo.mjs flip ... Permissionless — anyone can call.

Recommendation

Require explicit user approval before enter, flip, claim, withdraw-fees, init, or close-game-v1 actions.

NoteHigh Confidence

ASI04: Agentic Supply Chain Vulnerabilities

What this means

Running the setup executes third-party installation code on your machine.

Why it was flagged

Setup relies on npm package installation and an optional remote shell installer for Solana tooling; this is user-directed setup, but the remote installer is not pinned in the instructions.

Skill content

cd the-flip && npm install ... sh -c "$(curl -sSfL https://release.anza.xyz/stable/install)"

Recommendation

Inspect the installer source, prefer official package manager instructions where possible, and run setup in a constrained environment.

Findings (2)

critical

suspicious.env_credential_access

Location: app/demo.mjs:44
Finding: Environment variable access combined with network send.

warn

suspicious.potential_exfiltration

Location: app/demo.mjs:44
Finding: Sensitive-looking file read is paired with a network send.