Defipoly
WarnAudited by ClawScan on May 10, 2026.
Overview
Defipoly is coherent with its game purpose, but it gives the agent direct funded-wallet authority and automatically signs backend-built Solana transactions without visible local limits or review.
Install only if you are comfortable giving this skill a dedicated funded Solana wallet. Do not use your main wallet, keep balances low, verify the backend URL, and prefer a workflow that previews and approves each transaction before signing.
Findings (4)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
If the backend response is wrong, compromised, or pointed to a different URL, the funded wallet could sign unintended Solana transactions.
The CLI signs a transaction supplied by the backend and then submits it automatically; the artifact does not show local validation of program IDs, recipients, amounts, or a user approval step before signing.
const tx = Transaction.from(Buffer.from(buildData.transaction, 'base64'));
tx.partialSign(keypair);
const signedTx = tx.serialize({ requireAllSignatures: false }).toString('base64');Use only a dedicated low-balance game wallet, and require transaction preview/allowlisting or explicit user approval before signing any on-chain transaction.
The agent can act with the full authority of the loaded wallet, including spending SOL/DPOLY or changing on-chain game positions.
The skill directly loads a Solana private key from an environment variable or local wallet file, while the registry metadata declares no primary credential or env vars.
if (process.env.WALLET_PRIVATE_KEY) {
return Keypair.fromSecretKey(bs58.decode(process.env.WALLET_PRIVATE_KEY));
}
if (existsSync(DEFAULT_WALLET_PATH)) {
return loadWalletFromFile(DEFAULT_WALLET_PATH);Do not import a main wallet; create a separate wallet with only the funds you are willing to risk, and ensure credential requirements are declared clearly.
A local process or user with access to that temp file may be able to reuse the session token while it is valid.
The script persists a bearer token, wallet address, and expiry in a predictable /tmp cache file for about 23 hours, with no documented permission hardening or cleanup.
return `/tmp/defipoly-agent-${hash}.json`;
...
writeFileSync(tokenCachePath(wallet), JSON.stringify(data));Store tokens with restrictive permissions, document the cache location, and provide a cleanup/logout command.
Installing the skill runs npm dependency installation on the local machine.
The skill installs npm dependencies for its Node CLI; this is expected for the stated purpose, but it is still external package execution that users should notice.
"install":[{"id":"deps","kind":"exec","command":"cd {skillDir} && npm install","label":"Install Defipoly agent dependencies"}]Review the package.json/package-lock contents and install only from the reviewed skill directory.