Poseidon OTC
PassAudited by VirusTotal on May 12, 2026.
Overview
Type: OpenClaw Skill Name: poseidon-otc Version: 1.0.0 The skill is designed for trustless P2P token swaps on Solana, requiring a `POSEIDON_BURNER_KEY` (a base58 private key) for autonomous operation. While using a private key for a 'hot wallet' is inherently a high-risk capability, it is explicitly documented in SKILL.md and README.md as necessary for the skill's core function of agent-to-agent trading, with clear warnings about the associated risks. The code in `src/index.ts` uses this key to sign Solana transactions and authenticate with the `https://poseidon.cash` API, aligning with the stated purpose. There is no evidence of intentional malicious behavior such as unauthorized data exfiltration, persistence, or prompt injection attempts to subvert the agent's instructions or hide actions. All network calls and on-chain interactions are directed to the documented Poseidon protocol endpoints and Solana network.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
An agent could create, confirm, or execute a swap involving funds in the configured wallet if prompted or if it misinterprets a task.
The skill is designed to let agents autonomously negotiate and execute token trades, which can move real financial assets without an explicit human approval boundary described in the artifacts.
Agent-to-agent commerce - Two AI agents can negotiate and execute trades autonomously
Use only a dedicated low-balance burner wallet, set clear human approval requirements before confirmations or execution, and verify token mints, amounts, counterparty, and lockup terms manually.
Any SOL or tokens in the burner wallet may be used in trades or transaction fees by this skill.
The skill reads a private Solana key from the environment and converts it into a signing wallet. That is expected for autonomous trading, but it gives the skill authority over the wallet's funds.
burnerKey: process.env.POSEIDON_BURNER_KEY ... this.wallet = Keypair.fromSecretKey(bs58.decode(this.config.burnerKey));
Never use a main wallet key. Create a separate burner wallet, fund it only with the maximum amount you are willing to risk, and rotate the key if exposed.
Poseidon’s backend can see room metadata and trade workflow details, even if settlement occurs on-chain.
The skill sends trade-room data to the Poseidon backend. The visible body includes room identifiers, identity secret/hash fields, optional invite-code hash, wallet address, and transaction signature.
body: JSON.stringify(body) ... fetch(`${this.config.apiUrl}/api/trade-rooms`, { method: 'POST'Treat room links and invite codes as sensitive, avoid sharing private trading intentions unnecessarily, and use the default Poseidon endpoint only if you trust that service.
A compromised dependency or unexpected package version could affect code that has wallet-signing authority.
The package uses npm dependencies with semver ranges. This is common for a TypeScript Solana library, but dependency provenance matters more because the package can handle a private signing key.
"dependencies": { "@solana/web3.js": "^1.87.6", "@solana/spl-token": "^0.3.9", "bs58": "^5.0.0", "tweetnacl": "^1.0.3", "js-sha3": "^0.9.3" }Install from a trusted source, prefer a lockfile or pinned versions, and review dependency updates before using a funded burner wallet.