solana-bundler-sniper-volume-bot

Security checks across malware telemetry and agentic risk

Overview

This skill openly provides an AI agent with broad live Solana trading and wallet-control powers, including automated buys, volume bots, wallet draining, and privacy swaps, without enough built-in safety boundaries.

Install only if you intentionally want an agent to control live Solana trading and wallet operations through GANK. Use a dedicated low-balance account and API key, keep the key out of chat/logs, manually approve every trade, launch, transfer, wallet-drain, clean-funds, copy-trade, or volume-bot action, and verify destination wallets and amounts before execution.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access

Findings (13)

Missing User Warnings

Medium

Confidence: 96% confidence
Finding: The README advertises wallet operations such as "vamp-all" and "clean-funds" and coordinated trading actions like swarm buys and volume bots without any warning about irreversible transfers, market-manipulation risk, loss of funds, or legal/compliance exposure. In this skill context, these features are inherently high-risk because they can directly move user assets and facilitate abusive trading behavior, making omission of safety warnings materially dangerous.

Missing User Warnings

Low

Confidence: 88% confidence
Finding: The README instructs users to place a live API key in configuration or an environment variable but provides no guidance on secret storage, shell history leakage, accidental commits, logging exposure, or least-privilege handling. In a skill that can launch tokens, move funds, and automate trades, credential compromise could enable unauthorized financial actions across connected wallets, increasing the severity beyond a generic secret-handling issue.

Missing User Warnings

Medium

Confidence: 97% confidence
Finding: This is a true vulnerability because the skill exposes explicitly destructive fund-drain functionality (`vamp-all`) that sells assets, closes accounts, and sweeps SOL, yet presents it as a normal wallet operation without strong confirmation, authorization, or harm warnings. In an agent context, documenting such an endpoint as routine increases the chance an autonomous system will invoke irreversible fund-moving actions from a vague user prompt or prompt injection.

Missing User Warnings

Medium

Confidence: 99% confidence
Finding: This is a true vulnerability because the skill groups wallet-drain (`vamp-all`) and fund-obfuscation (`clean-funds`, described as a privacy swap to 'clean funds') capabilities into recommended recovery flows without prominent warnings, compliance constraints, or abuse prevention. The surrounding context makes this more dangerous, not less: the skill markets 'toxic' trading, coordinated buys, volume bots, and privacy routing, which strongly suggests facilitation of manipulative trading behavior and laundering-like movement of funds by an agent.

Missing User Warnings

Medium

Confidence: 92% confidence
Finding: The examples are explicitly wired to use a live API key from environment or local config and immediately perform real API operations against production endpoints. In a skill/example context, presenting credential-backed destructive or financial actions without an upfront warning increases the chance a user runs them verbatim against real accounts and funds.

Missing User Warnings

High

Confidence: 97% confidence
Finding: This example reserves a mint, uploads metadata, launches a token, funds dev buys, and optionally coordinates additional wallets, all using the caller's real API credentials. Because it reads like a runnable end-to-end sample with no safety notice or confirmation step, it can cause unintended financial commitments and irreversible on-chain actions if copied and executed as-is.

Missing User Warnings

High

Confidence: 96% confidence
Finding: The swarm-buy example automates coordinated purchases across multiple wallets retrieved from the user's account, which can rapidly deploy funds and create market-manipulative behavior. Without a warning, spend cap, or confirmation step, users may unknowingly trigger multi-wallet trading with real balances.

Missing User Warnings

High

Confidence: 95% confidence
Finding: This example starts an automated volume bot over many wallets for a chosen duration, which is a high-risk live trading action and may amount to manipulative market activity. In documentation, offering a copy-paste script for unattended automated trading with no warning materially increases misuse risk and accidental execution against real assets.

Missing User Warnings

High

Confidence: 96% confidence
Finding: The recovery example invokes a bulk operation that sells tokens, closes accounts, and sweeps SOL from all swarm wallets to a destination wallet. These are irreversible asset-moving actions, so omitting a warning or verification step makes accidental mass liquidation or mistaken fund transfer much more likely.

Missing User Warnings

High

Confidence: 95% confidence
Finding: This script continuously polls positions and automatically sells 100% of holdings when a threshold is hit, enabling unattended liquidation of user assets. Without an explicit warning that it executes live sell orders on a timer, users may run it as a harmless monitor and suffer unexpected full exits.

Missing User Warnings

High

Confidence: 98% confidence
Finding: The full pipeline chains mint reservation, metadata upload, token launch, coordinated buyer participation, and a high-intensity volume bot into a single runnable flow using production credentials. This concentration of high-impact actions in one example greatly raises the chance of immediate real-world financial loss, manipulative market activity, or irreversible on-chain effects from a single execution.

Vague Triggers

Medium

Confidence: 94% confidence
Finding: The manifest exposes broad, high-risk trading and wallet-management capabilities without clear activation boundaries, approval requirements, or scope limitations. In an agent setting, vague capability descriptions increase the chance that an LLM or orchestration layer invokes sensitive actions like token launches, swarm buys, copy trading, or wallet draining from ambiguous user prompts.

Missing User Warnings

High

Confidence: 98% confidence
Finding: The manifest advertises highly sensitive capabilities including automated trading, coordinated buys, wallet consolidation, and explicitly 'drain wallets' functionality, but provides no user-facing warnings or consent model. In this context, the skill is more dangerous because it is specifically designed for multi-wallet financial operations and privacy-sensitive fund flows, creating severe risk of unauthorized transfers, market manipulation, and irreversible asset loss.

VirusTotal

61/61 vendors flagged this skill as clean.

View on VirusTotal