Skillv0.13.15

ClawScan security

Slv Rpc · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

SuspiciousMar 30, 2026, 5:43 PM

Verdict: suspicious
Confidence: medium
Model: gpt-5-mini
Summary: The skill largely matches its stated goal (deploying Solana RPC nodes) but has notable inconsistencies and a potentially unsafe external installer reference that you should verify before running anything.
Guidance: This skill appears to be built to help deploy Solana RPC nodes, but it is missing the playbook/templates it claims to provide — it expects those to exist under ~/.slv/template/{version}/ansible/ (so verify where those come from). Before installing or running anything: 1) Confirm the canonical source repository (ValidatorsDAO/slv or an official release) and prefer downloading playbooks from the official GitHub release; 2) Do NOT run curl | sh from unknown domains — the README/setup script suggests a nonstandard Solana installer URL (release.anza.xyz) which you should treat as suspicious; obtain Solana from official sources instead; 3) Inspect any playbooks you will run (especially tasks that copy keys, mount/format disks, or remove ledgers) and run ansible-playbook with --check first and use limited targets; 4) Keep your private SSH keys local and never paste them into web forms; provide them only via SSH-agent or secure key files and confirm the skill will not exfiltrate them; 5) If you want higher assurance, request the full ansible/jinja template set and a link to the official repo/release tag and re-run this evaluation with those artifacts present.

Review Dimensions

Purpose & Capability: concernThe description promises Ansible playbooks and Jinja2 templates, but the package only contains SKILL.md, AGENT.md, README.md, an example inventory and a setup.sh — there are no ansible/ or jinja/ directories in the bundle. SKILL.md also instructs the agent to execute playbooks living in ~/.slv/template/{version}/ansible/, implying additional artifacts must be installed separately. This mismatch (claiming bundled playbooks vs. actually being an instruction-only skill that depends on external templates) is incoherent and worth verifying.
Instruction Scope: noteThe runtime instructions stay within the domain of node deployment (gather SSH details, generate inventory, run ansible-playbook, monitor RPC health). They reference sensitive local files (SSH keys, ~/.slv/api.yml for an ERPC key) and will cause potentially destructive operations on remote servers (format/mount disks, copy keys, create systemd services, remove ledger files). Those actions are expected for this purpose but require explicit user confirmation before execution; SKILL.md does state to confirm destructive actions. Also, SKILL.md reads/writes files under ~/.slv and expects the user to supply private key paths — verify the agent won't transmit these elsewhere.
Install Mechanism: concernThere is no formal install spec (lowest-risk model) and the provided scripts/setup.sh only prints and optionally runs standard installers (pip/apt/dnf/brew). However, the README/setup.sh suggests installing the solana CLI via a curl command pointing at https://release.anza.xyz/stable/install — this is an uncommon non-official domain for Solana installers and is a red flag. The script itself does not automatically run that curl, but it recommends it to users; any external installer URL that is not an official release host (e.g., release.solana.com or GitHub releases) should be treated cautiously.
Credentials: noteThe skill declares no required environment variables or credentials, which matches the bundle. At runtime it expects the user's SSH private key path and may read an ERPC API key from ~/.slv/api.yml if present. Asking for SSH keys and an optional API key is proportional to deploying remote servers, but users should be aware that private keys and API keys are involved and must be provided via secure channels; the skill does not declare any special secrets beyond that.
Persistence & Privilege: okalways is false and there is no install spec that would force persistent background behavior. The skill is instruction-only (with a helper script) and does not request elevated platform privileges beyond normal user consent to run commands and playbooks.