Slv Rpc
SuspiciousAudited by ClawScan on May 10, 2026.
Overview
This skill matches its Solana RPC node-management purpose, but it relies on powerful Ansible execution from unreviewed local template files and uses sensitive SSH/API credentials.
Install only if you trust the SLV template source on your machine. Before deploying, inspect ~/.slv/template, pin the template version, confirm the SSH key and target host, run Ansible in dry-run mode first, and do not approve cleanup, disk, firewall, or service changes unless you intend those server modifications.
Findings (5)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
If the local template directory is missing, modified, or supplied from an untrusted source, the agent could run unreviewed infrastructure automation against your server.
The agent is instructed to run privileged deployment playbooks from a local template directory that is not included in the reviewed artifact set, and it selects the latest local version rather than a pinned reviewed source.
All playbooks are stored in `~/.slv/template/{version}/ansible/`. To find the latest version directory: `TEMPLATE_DIR=$(ls -d ~/.slv/template/*/ | sort -V | tail -1)` ... Do NOT use the skill's own `ansible/` directory for execution.Before using deployment commands, verify where ~/.slv/template came from, inspect the playbooks, pin the intended version, and require a dry-run plus explicit approval before execution.
Approved playbooks can make substantial changes to the target server, including users, packages, firewall rules, services, and node configuration.
The skill uses privileged Ansible operations, including become/root-level changes, but it also explicitly requires confirmation before playbook execution.
ansible-playbook -i inventory.yml cmn/add_solv.yml -e '{"ansible_user":"ubuntu"}' --become ... NEVER run playbooks without user confirmationUse least-privileged SSH access where possible, review the generated inventory and variables, run with --check first, and approve only specific playbooks you understand.
The agent may use credentials that grant access to your servers or ERPC account functionality.
The skill expects access to local SSH credentials for server administration and may use an existing ERPC API key for benchmarking or monitoring.
`ssh_key_path` — Path to SSH private key (default: `~/.ssh/id_rsa`) ... Use ERPC API key from `~/.slv/api.yml` if already configured
Confirm which SSH key and API key are being used, avoid sharing private key contents, and use scoped or disposable credentials where practical.
Running the setup script can modify your local machine by installing packages.
The setup script can install prerequisites using package managers and sudo when the user runs it; this is aligned with preparing an Ansible deployment environment.
pip3 install --user ansible-core ... sudo apt-get update && sudo apt-get install -y ansible-core
Read the script before running it and install prerequisites manually if you prefer tighter control over local system changes.
After deployment, services or restart helpers may keep running on the target server until you disable or remove them.
The skill includes persistent service and restarter setup for the RPC node, which is expected for server operation but persists beyond the immediate chat task.
`setup-solv-service.yml` | Setup systemd service ... `start-solv-service.yml` | Start systemd service ... `run_restarter.yml` | Run restarter script
Review installed systemd units and restarter behavior, and know the stop/disable procedure before deploying to production.