Skillv0.13.15

ClawScan security

Slv Validator · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

SuspiciousMar 30, 2026, 5:43 PM

Verdict: suspicious
Confidence: medium
Model: gpt-5-mini
Summary: The skill's files and instructions mostly match a Solana-validator deployer, but there are inconsistencies and a few operational behaviors (handling private keys, remote-install curl lines, undeclared prerequisites, external endpoints) that merit review before use.
Guidance: This skill appears to be a genuine Solana-validator deployment helper, but review these before installing or running it: 1) The registry metadata omits required binaries (ansible-core, SSH, optional solana-cli/ERPC), so expect to run installs and supply SSH keys yourself. 2) Inspect any playbook that copies keys (copy_keys.yml) — prefer generating keys on the target server rather than uploading private keys from your workstation. 3) Do NOT blindly run curl|sh installers (README suggests release.anza.xyz); fetch and inspect remote install scripts first. 4) Verify external endpoints listed (jito.*, erpc.global, snapshot URLs) are expected/trusted for your deployment. 5) Run ansible with --check (dry-run), review generated inventory and playbook variable values, and confirm before any destructive steps (stop/cleanup/migrate). If you want higher assurance, ask the skill author for the full Ansible playbook sources (so you can audit copy_keys.yml and any tasks that access secrets) or run these tools in a sandboxed environment first.

Review Dimensions

Purpose & Capability: noteThe skill claims to deploy/manage Solana validators and the included SKILL.md, AGENT.md, example inventory, and setup script are consistent with that purpose. However the registry metadata declares no required binaries or env vars while the documentation clearly requires ansible-core, SSH access, and (optionally) solana-cli and an ERPC API endpoint. The omission of declared prerequisites is a mismatch worth noting.
Instruction Scope: concernRuntime instructions direct the agent to collect SSH info, SSH key paths, generate inventories, run ansible-playbook against remote servers, configure systemd/UFW/fail2ban, and to use playbooks that include 'copy_keys.yml' (copy validator keys to node). Those actions legitimately belong to a validator operator, but they require the agent (or user) to handle private keys and run potentially destructive operations. The docs warn not to log/store private keys, but the skill gives the agent capability to read key paths and transfer keys—this is sensitive and should be confirmed and audited before use. The instructions also reference external snapshot/block-engine endpoints and an optional ERPC API key (not declared in metadata).
Install Mechanism: noteThere is no install spec (instruction-only), which reduces risk. The included scripts/setup.sh installs ansible-core via pip/apt/brew (standard). Documentation suggests installing solana-cli via a curl|sh install URL (https://release.anza.xyz/stable/install), which is an external installer — executing that without inspection is higher risk. Overall install behavior is typical for this tooling but the curl-based install recommendation should be treated cautiously.
Credentials: noteThe skill declares no required environment variables or primary credential, and that generally fits the files. The docs do mention an optional ERPC API key / reference_rpc_url and require SSH private key paths for Ansible connections; those are operationally necessary but were not declared in registry metadata. No unrelated cloud credentials (AWS/GCP) are requested, which is appropriate.
Persistence & Privilege: okalways:false and normal autonomous invocation behavior — appropriate. The skill writes runtime templates to ~/.slv/template/ (user-local) and configures remote services via Ansible; it does not request permanent platform-wide privileges or modify other skills. No 'always:true' or other excessive persistence is present.