critical
suspicious.env_credential_access
- Location
- scripts/create-token.ts:75
- Finding
- Environment variable access combined with network send.
Hot Fun Integration
AdvisoryAudited by Static analysis on May 10, 2026.
Overview
Detected: suspicious.env_credential_access
Findings (1)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
ConcernHigh Confidence
ASI03: Identity and Privilege AbuseWhat this means
Anyone running this with a funded wallet gives the skill the ability to sign irreversible Solana transactions from that wallet.
Why it was flagged
The CLI directly loads a Solana wallet secret key and uses it to authorize transactions.
Skill content
const privateKey = process.env.PRIVATE_KEY; ... const keypair = loadKeypair(privateKey); ... tx.sign([keypair]);
Recommendation
Use only a low-balance burner wallet, never paste the private key into chat, and require clear transaction preview or simulation before signing.
ConcernHigh Confidence
ASI02: Tool Misuse and ExploitationWhat this means
If the remote API or installed CLI is compromised or returns an unexpected transaction, the wallet could sign actions beyond the user's visible token-creation parameters.
Why it was flagged
The tool obtains a serialized transaction from a remote API, deserializes it, signs it, and sends it to Solana without checking the transaction contents.
Skill content
const res = await fetch(API_URL, { method: 'POST', body: formData }); ... const tx = VersionedTransaction.deserialize(txBytes); tx.sign([keypair]); ... connection.sendRawTransaction(tx.serialize(),Recommendation
Add transaction inspection, simulation, allowlisted program checks, displayed fees/asset changes, and explicit per-transaction approval before broadcasting.
ConcernHigh Confidence
ASI04: Agentic Supply Chain VulnerabilitiesWhat this means
A changed, typosquatted, or compromised npm package version could run different code than the reviewed artifacts while having access to the wallet key.
Why it was flagged
The documented setup installs a mutable latest-version global npm package for a tool that will handle PRIVATE_KEY, and the provided install specs do not pin or verify that package.
Skill content
npm install -g @hot-fun/hot-fun-ai@latest
Recommendation
Pin an exact package version and integrity hash, publish a verifiable source/homepage, include a lockfile or install spec, and avoid global installs where possible.