ClawHub

Solana Dev

v1.0.0

Develop Solana dApps with React/Next.js, manage wallet connections, build and test programs using Anchor or Pinocchio, and apply SDKs and testing tools per S...

0· 1.3k·1 current·1 all-time
byPlayda@playdadev
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Suspicious
medium confidence
Purpose & Capability
The name and SKILL.md describe Solana dApp/program development guidance and the included files are detailed, consistent reference docs for that purpose. However, the skill claims to be an "Official Solana Foundation skill" while registry metadata lists no homepage/source and an opaque owner ID — this possible misrepresentation should be verified.
Instruction Scope
Instructions are narrowly scoped to development tasks (UI, SDK, program patterns, testing, security checklists). They do not instruct reading arbitrary local files, accessing unrelated environment variables, or sending data to unexpected endpoints. The docs recommend installing tooling from public repos and using local test VMs when appropriate.
Install Mechanism
This is an instruction-only skill with no install spec and no code files to write to disk, which is the lowest-risk install posture. The instructions reference installing common developer tools (cargo, npm packages, surfpool) from plausible public sources.
Credentials
The skill declares no required environment variables, no credentials, and no config paths. The recommended tooling would normally require standard developer access (package installs, local network) but nothing here requests secrets or unrelated credentials.
Persistence & Privilege
The skill does not request always:true and uses default invocation settings. As an instruction-only skill it does not attempt to modify other skills or system settings. Autonomous invocation is allowed by default (platform behavior) but is not combined with broad privileges here.
What to consider before installing
The skill's content appears to be legitimate Solana developer guidance and does not request credentials or perform installs itself. However, the package claims to be an "Official Solana Foundation" skill while the registry entry has no homepage or verifiable source — that mismatch is the main concern. Before installing or granting the agent network access: 1) verify the skill's origin (official Solana repo or Foundation statement, matching owner), 2) review the linked external URLs yourself to confirm they resolve to expected projects, and 3) run the skill in a least-privileged environment (no secrets available, limited network access) until provenance is confirmed.

Like a lobster shell, security has layers — review code before you run it.

latestvk97f414wnb31s3p4bphyrebgks80ks5s

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments