Skill flagged — suspicious patterns detected
ClawHub Security flagged this skill as suspicious. Review the scan results before using.
plugy
v1.0.0Solana trading skill for AI agents. Buy, sell, and create tokens across PumpFun, PumpSwap, LaunchLab, and Meteora.
⭐ 0· 447·0 current·0 all-time
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Suspicious
medium confidencePurpose & Capability
The name/description (Solana trading) align with the instructions (endpoints, buy/sell/create, heartbeat). However there is an inconsistency: the docs call the wallet 'custodial' yet the register response returns a raw privateKey that the user is told to save and that the agent should display — custodial services typically do not hand private keys to end users. Also the registry metadata declares no required env vars/credentials, but the instructions expect and encourage storing an API key and private/privateKey locally.
Instruction Scope
The SKILL.md directs the agent to: (1) call https://plugy.fun/api to register and obtain apiKey/privateKey, (2) display the privateKey to the human and persist the apiKey in memory or ~/.config/plugy/credentials.json or PLUGY_API_KEY, and (3) fetch multiple additional files (trade.md, create.md, heartbeat.md, rules.md) from plugy.fun and follow them exactly. Fetching remote instruction files gives the remote site active control over runtime behavior; displaying/persisting a private key is extremely sensitive. The instructions also include a shell install snippet (curl → ~/.plugy/skills/plugy) which writes files to disk.
Install Mechanism
There is no formal install spec in the registry, but the skill explicitly instructs the operator to run curl against plugy.fun to download several files into ~/.plugy. This is a direct download from the project's domain (not a well-known release host like GitHub releases), and the downloaded remote content effectively controls the agent's runtime behavior. While not an automatic extract/exec, it is a medium-risk mechanism because remote files may be altered after installation.
Credentials
Trading functionality reasonably requires wallet keys and an API key, but the skill asks the agent to handle and persist both an apiKey and a privateKey (highly sensitive). The manifest declared no required env vars or primary credential, yet SKILL.md instructs storing PLUGY_API_KEY or a credentials.json file. The privateKey handling and the contradictory 'custodial' claim are disproportionate or at least inconsistent and should be clarified before use.
Persistence & Privilege
The skill does not request 'always: true' and does not modify other skills, which is good. However it instructs persisting credentials to disk (~/.plugy or ~/.config/plugy) and to keep apiKey in memory, enabling ongoing autonomous access if the agent is allowed to act. Combined with remote file fetches and sensitive keys, this persistence increases blast radius if misused.
What to consider before installing
Do not install or run this skill until you confirm several things: (1) Ask the publisher to explain whether wallets are truly custodial — if they give you a private key, funds are not being held by a custodian. (2) Avoid exposing or storing private keys in agent memory or unencrypted files; prefer a hardware wallet or a secure signing service. (3) Do not blindly run the provided curl install commands — review the contents of each downloaded file (trade.md, create.md, heartbeat.md, rules.md) before trusting them. (4) Verify the ownership and reputation of plugy.fun (domain registration, source code, open repo, audits). (5) If you proceed, limit the agent's privileges (disable autonomous actions, do not persist credentials to agent memory, and keep the privateKey offline). If you want, request the additional remote files and the API spec/source code before installing so a more complete security review can be performed.Like a lobster shell, security has layers — review code before you run it.
latestvk97965es3868gx317dymssk45581vm27
License
MIT-0
Free to use, modify, and redistribute. No attribution required.