FairScale Solana
ReviewAudited by ClawScan on May 10, 2026.
Overview
The skill is mostly a wallet-reputation API wrapper, but its docs describe automatic USDC payments from an agent wallet without clear approval, limits, or declared payment credentials.
Review the payment model before installing. If you use this skill, do not give the agent access to a funded Solana wallet unless you have explicit per-call approval and spending limits. Also confirm the correct FairScale endpoint and API-key header before entering credentials.
Findings (3)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
If the agent has access to a funded wallet, repeated wallet checks could incur USDC charges without the user clearly approving each paid action.
This describes automatic paid requests from an agent wallet, but the artifacts do not define an approval prompt, budget, spending cap, or user confirmation workflow.
No setup needed! If your agent has a Solana wallet with USDC, it can pay per request automatically. - Single wallet: $0.05 USDC - Batch (10 wallets): $0.40 USDC
Require explicit user confirmation before any paid x402 request, publish spending limits, and make the paid path opt-in rather than automatic.
Users may not realize the skill can require paid account credentials or wallet spending authority until after installation or use.
The skill documents use of a FairScale API key, and also documents wallet-funded requests, while the registry declares no required credentials or environment variables. The credential/payment boundary is therefore under-declared.
openclaw config set skills.entries.fairscale-solana.env.FAIRSCALE_API_KEY "your_key"
Declare FAIRSCALE_API_KEY and any wallet/payment requirements in metadata, and clearly explain what authority the skill needs and how charges are authorized.
Users may make setup or trust decisions based on incomplete or inconsistent authentication details.
This differs from the included API reference and script, which use api2.fairscale.xyz and a fairkey header. The inconsistency may confuse users about whether authentication is required and where credentials are sent.
Free tier: No authentication required. Rate limited by IP. Pro/Enterprise: Include API key in header: x-api-key: fs_your_api_key_here
Align SKILL.md, README.md, API.md, and scripts so they consistently state the correct endpoint, authentication header, and free/paid behavior.