TokenDraft
SuspiciousAudited by ClawScan on May 10, 2026.
Overview
TokenDraft is coherent for crypto tournaments, but it asks the agent to hold a raw Solana private key and sign paid on-chain buy-in transactions with limited visible safeguards.
Review carefully before installing. Only use a dedicated low-balance Solana wallet, verify TokenDraft independently, do not provide a main wallet private key, require manual confirmation for any paid or auto-join action, and clear the JWT/private key from the environment when finished.
Findings (4)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
If the key is exposed or misused, the agent environment can authorize wallet actions and spend SOL, not just access tournament data.
The skill requires a raw wallet private key, not just a scoped TokenDraft API credential, and uses it for both authentication and on-chain transaction signing.
SOLANA_PRIVATE_KEY ... Base58-encoded Solana Ed25519 private key used to derive the wallet public key, sign authentication challenges, and sign on-chain buy-in transactions. ... required: true ... sensitive: true
Do not use a main wallet. Use a dedicated low-balance wallet, prefer wallet-based per-transaction approval if available, and ensure the credential is declared and handled as a primary sensitive credential.
A mistaken or manipulated transaction flow could register the user for a paid tournament or authorize an unintended on-chain payment.
The agent is instructed to sign a server-supplied Solana transaction for paid buy-ins. The visible text requires a balance check but does not show explicit user confirmation, spending caps, or transaction-detail validation before signing.
For `buyInAmountSol > 0`, verify SOL balance covers the buy-in + fees first. ... `Sign:` Deserialize `transaction` as `VersionedTransaction`, sign with wallet keypair ... `Send signed transaction`
Require explicit confirmation before every paid join, display tournament ID/name, buy-in amount, fees, recipient/program details, and set a user-approved maximum spend for any auto-join behavior.
A user may install or invoke the skill without realizing it needs a high-value wallet private key.
The supplied registry credential contract says no env vars or primary credential, while SKILL.md requires the sensitive `SOLANA_PRIVATE_KEY`; this under-discloses the credential impact at the metadata level.
Required env vars: none ... Env var declarations: none ... Primary credential: none
The publisher should declare the Solana private key as a primary sensitive credential in registry metadata, and users should review the SKILL.md before providing any wallet secret.
The agent may remain logged in to TokenDraft and can regain a session automatically unless the user clears credentials or revokes access.
The skill creates durable authenticated state and tells the agent to automatically re-authenticate on 401. This is purpose-aligned API plumbing, but users should understand it keeps account access available across later requests.
After successful login, store `TOKENDRAFT_USER_ID` ... and `TOKENDRAFT_JWT` ... as env vars. ... `Token does not expire` ... `re-run this auth flow automatically and retry the failed request`.
Provide a clear logout/cleanup process, avoid long-term token storage where possible, and require user approval before re-authenticating for high-impact actions.