Fairscale Solana Skill
PassAudited by VirusTotal on May 11, 2026.
Overview
Type: OpenClaw Skill Name: fairscale-solana-skill Version: 0.1.3 The skill bundle describes an integration with the FairScale Solana reputation API. All files consistently point to `https://x402.fairscale.xyz` for API interactions. The `SKILL.md` and `README.md` provide clear documentation and `curl` examples for using the service, which involve standard HTTP GET/POST requests. There is no evidence of prompt injection attempts against the AI agent, no instructions for data exfiltration, malicious execution, persistence mechanisms, or any other intentionally harmful behavior. The content is aligned with its stated purpose of checking Solana wallet reputation scores.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Wallet addresses and intended transaction amounts queried through the skill may be visible to the FairScale service.
The skill directs the agent to send wallet addresses and transaction amounts to an external API, which is purpose-aligned but creates a third-party data-sharing boundary.
GET https://x402.fairscale.xyz/check?wallet=WALLET_ADDRESS&amount=500
Use the skill only for wallet and transaction information you are comfortable sending to the FairScale endpoint, and avoid including unnecessary private context.
If you use the paid tier, the agent may handle a FairScale session token that could consume prepaid credits if misused.
Although the registry declares no required credentials, the optional paid-credit flow can involve a provider session token tied to prepaid credits.
Get a session token 4. Include `x-session-token` header on requests
Treat any FairScale session token as a credential, store it securely, and only allow its use for intended FairScale API requests.
Using paid credits could involve an irreversible USDC payment.
The paid-credit setup includes a financial transfer to a fixed crypto address. This is disclosed and tied to the service pricing, but it is a high-impact action that should remain user-controlled.
Send USDC to: `fairAUEuR1SCcHL254Vb3F3XpUWLruJ2a11f6QfANEN`
Do not let an agent send funds or buy credits automatically; verify the address, amount, and service legitimacy before paying.