Back to skill
Skillv1.0.1
ClawScan security
TokenDraft · ClawHub's context-aware review of the artifact, metadata, and declared behavior.
Scanner verdict
SuspiciousFeb 23, 2026, 8:50 PM
- Verdict
- suspicious
- Confidence
- medium
- Model
- gpt-5-mini
- Summary
- The skill's instructions coherently require a Solana private key to sign auth and buy-in transactions (which matches its purpose), but there are inconsistencies and privacy/risk implications you should understand before installing.
- Guidance
- This skill legitimately needs a Solana private key to sign authentication nonces and on-chain buy-in transactions, but that key is highly sensitive — anyone or any agent with it can sign transactions from the wallet. Before installing: (1) confirm the registry metadata is corrected (SKILL.md requires SOLANA_PRIVATE_KEY but metadata lists none); (2) do not use a mainnet wallet with significant funds — create a dedicated, limited wallet for this skill with only the minimum SOL required for buy-ins; (3) understand the skill will persist a long-lived TOKENDRAFT_JWT in env vars and can automatically re-authenticate and retry requests, so consider restricting autonomous invocation or requiring manual confirmation for buy-ins; (4) verify the tokendraft-production.up.railway.app endpoint and ask the publisher for source/hosting details or a homepage/repository before trusting persistent credentials; (5) if you need stronger safety, decline to provide a private key or only allow ephemeral/manual signing (if possible).
Review Dimensions
- Purpose & Capability
- concernThe SKILL.md clearly requires a SOLANA_PRIVATE_KEY (sensitive) for signing nonces and on-chain buy-ins — that is logically required for a wallet-backed tournament skill. However the registry metadata listed no required env vars; this mismatch (metadata says none while the runtime instructions require a private key) is an incoherence you should ask the publisher to fix. The private-key requirement itself is proportionate to the described functionality, but the metadata omission is notable.
- Instruction Scope
- noteThe instructions confine activity to the TokenDraft API endpoints and local signing of messages/transactions. They also instruct the agent to persist TOKENDRAFT_JWT and TOKENDRAFT_USER_ID as environment variables and to automatically re-run auth and retry on 401s. Persisting a long-lived JWT and enabling automatic re-authentication increases the agent's ability to act without user intervention (including signing transactions), which is expected for auto-join/auto-draft features but is a privacy/authorization risk the user should accept consciously.
- Install Mechanism
- okNo install steps or external downloads are present (instruction-only). Nothing is written to disk by an installer here, which is the lowest-risk install mechanism.
- Credentials
- concernThe skill requires a SOLANA_PRIVATE_KEY (sensitive). That is functionally necessary for signing and buy-ins, so it is proportionate to the stated purpose — but because the key grants signing authority, this is high-sensitivity access. The SKILL.md also directs storing TOKENDRAFT_JWT in env vars (persisting credentials). The earlier registry metadata failing to list SOLANA_PRIVATE_KEY is a red flag that the package metadata and runtime instructions are out of sync.
- Persistence & Privilege
- notealways:false (good). The skill tells the agent to store TOKENDRAFT_JWT/TOKENDRAFT_USER_ID as env vars and to reauthenticate automatically on 401 — behavior that grants ongoing ability to act (and to sign transactions) without frequent user prompts. This is likely needed for auto-join/auto-draft but increases the blast radius if the agent or environment is compromised.