Torch Liquidation Bot
AdvisoryAudited by Static analysis on Apr 30, 2026.
Overview
No suspicious patterns detected.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
If started with a linked vault, the bot can repeatedly spend vault SOL on liquidations and change on-chain financial positions.
The skill clearly discloses that it can autonomously build, sign, submit, and confirm liquidation transactions, which is expected for the stated liquidation-bot purpose but financially impactful.
This is not a read-only scanner. This is a fully operational keeper that generates its own keypair, verifies vault linkage, and executes liquidation transactions autonomously in a continuous loop.
Run it only if you intend autonomous liquidations; use a vault with limited funds, monitor activity, and stop the bot if behavior or market conditions are not acceptable.
Supplying the wrong private key, especially a vault authority key or valuable wallet, could expose far more authority than the bot needs.
The skill may use a Solana private key and vault linkage, but it describes the key as optional and gives appropriate guidance to use only a disposable controller key.
"SOLANA_PRIVATE_KEY" ... "sensitive": true ... "Should be a fresh keypair with ~0.01 SOL for gas. Holds no value. All liquidation capital lives in the vault. NEVER supply a vault authority key."
Prefer the generated/disposable controller key, never provide a main wallet or vault authority key, and verify which wallet is linked to the vault.
Installing from npm instead of using the bundled reviewed code could run a package version different from the bundled artifacts.
The documented optional npm install uses a version range, which can resolve to later compatible releases; this is a normal install pattern but users should verify provenance for financial automation.
package: torch-liquidation-bot@^10.7.1 ... "Install Torch Liquidation Bot (npm, optional -- SDK is bundled in lib/torchsdk/ and bot source is bundled under lib/kit on clawhub)"
If using npm, pin and verify the exact package version and source; otherwise prefer the bundled code path when available.
Once started, the bot may continue scanning and attempting liquidations until stopped.
The bot is intentionally long-running and autonomous, but the behavior is disclosed and paired with operational controls such as shutdown, retry, and balance threshold features.
"capabilities": [ ... "autonomous-scan-loop", ... "graceful-shutdown", "retry-with-backoff", "balance-pause-threshold" ]
Run it in a supervised environment, confirm shutdown behavior, and set conservative scan and funding limits.