Skillv1.0.0

ClawScan security

Solana On-Chain Agent Registry, Reputation & Trust · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

SuspiciousFeb 17, 2026, 1:31 PM

Verdict: suspicious
Confidence: high
Model: gpt-5-mini
Summary: The skill is broadly consistent with a Solana SDK, but it declares a mandatory private key while its docs include read-only workflows and reference additional environment secrets (PINATA_JWT, INDEXER_API_KEY) that are not declared — this mismatch could lead to unnecessary credential exposure.
Guidance: This skill appears to be a genuine SDK for the 8004 Solana registry, but there are mismatches you should consider before installing: (1) The skill metadata marks SOLANA_PRIVATE_KEY as required but the docs show read-only usage that doesn't need a key — avoid supplying a main wallet private key if you only want to read data. (2) The SKILL.md references additional secrets (PINATA_JWT, INDEXER_API_KEY) that are not declared; review any environment variables you set and avoid sharing broad-use keys. (3) If you must provide a private key for registration, prefer an ephemeral/account with minimal funds and no long-term authority, or use a signing service with fine-grained delegation. (4) Because this is instruction-only, inspect the upstream repo (https://github.com/QuantuLabs/8004-solana-ts) to confirm behavior before running any code that signs transactions. If you are not comfortable managing keys, do read-only operations without providing SOLANA_PRIVATE_KEY.

Review Dimensions

Purpose & Capability: concernThe skill's name/description and SKILL.md describe a TypeScript SDK for on-chain registry operations; requesting a SOLANA_PRIVATE_KEY as a primary credential is reasonable for write operations. However, the SKILL.md also shows read-only examples that do not require a signer, so declaring SOLANA_PRIVATE_KEY as a required env var for the skill as a whole is disproportionate and inconsistent.
Instruction Scope: concernThe instructions are generally limited to SDK usage (registering agents, uploading to IPFS, indexer queries, signing). However, they reference additional environment variables (INDEXER_API_KEY, PINATA_JWT) and optional local endpoints (http://localhost:5001) that are not declared in the skill metadata. The runtime guidance tells the agent to read process.env.SOLANA_PRIVATE_KEY (expected) but also to use other env vars without declaring them, creating a gap between declared permissions and actual instructions.
Install Mechanism: okThis is an instruction-only skill with no install spec or bundled code files. It merely suggests 'npm install 8004-solana @solana/web3.js' which is standard for using a Node SDK; nothing is downloaded automatically by the platform.
Credentials: concernThe skill declares a single required secret (SOLANA_PRIVATE_KEY) which grants signing power over a Solana account — appropriate for on-chain writes but excessive if the user only needs read-only capabilities. Additionally, the documentation references other sensitive env vars (PINATA_JWT, INDEXER_API_KEY) that are not listed in the metadata, creating ambiguity about which secrets the skill actually needs.
Persistence & Privilege: okThe skill does not request always:true and does not modify other skills or system-wide settings. Autonomous invocation is allowed (platform default) but not, by itself, a new privilege here.