ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Sfaeflow Solana Skill

v1.0.0

Use when running SafeFlow against a deployed Solana program. Trigger for tasks such as generating an agent keypair, asking the owner to fund gas and create w...

0· 78·0 current·0 all-time
byTogo@fwangzil

Install

OpenClaw Prompt Flow

Install with OpenClaw

Best for remote or guided setup. Copy the exact prompt, then paste it into OpenClaw for fwangzil/safe-flow-solana-skill.

Previewing Install & Setup.
Prompt PreviewInstall & Setup
Install the skill "Sfaeflow Solana Skill" (fwangzil/safe-flow-solana-skill) from ClawHub.
Skill page: https://clawhub.ai/fwangzil/safe-flow-solana-skill
Keep the work scoped to this skill only.
After install, inspect the skill metadata and help me finish setup.
Use only the metadata you can verify from ClawHub; do not invent missing requirements.
Ask before making any broader environment changes.

Command Line

CLI Commands

Use the direct CLI path if you want to install manually and keep every step visible.

OpenClaw CLI

Bare skill slug

openclaw skills install safe-flow-solana-skill

ClawHub CLI

Package manager switcher

npx clawhub@latest install safe-flow-solana-skill
Security Scan
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Suspicious
medium confidence
Purpose & Capability
The name/description (SafeFlow Solana payment skill) aligns with the included scripts: they generate an agent keypair, persist config, query session state, and execute on-chain payments. However, the skill metadata declares no required binaries or env vars even though the scripts call solana-keygen, node, and npx/ts-node and expect local files (sdk/src/agent and target/idl/safeflow_solana.json). The absence of these declared dependencies/files is an incoherence.
!
Instruction Scope
The runtime instructions/scripts read/write sensitive local state (.safeflow/agent-keypair.json and config.json) and execute an inline TypeScript/JavaScript program via npx ts-node that loads a local SDK module and IDL. The scripts will connect to public Solana RPC endpoints (devnet/mainnet) but do not call any other external endpoints. The instruction set grants the agent the ability to create and use a private key stored on disk and to execute arbitrary JS in the context of the repository — the SKILL.md and manifest do not make it clear where the SDK/IDL come from or whether the JS code is audited.
!
Install Mechanism
There is no install spec. The scripts rely on npx to run ts-node which will fetch packages from the npm registry at runtime if not present. That implicit network installation is not declared and increases risk. Also required local files (sdk/src/agent, target/idl/...) are referenced but not present in the provided file manifest, meaning the scripts will fail or attempt to fetch missing pieces at runtime.
Credentials
The skill requests no environment variables or external credentials in metadata, which is proportional. However, it creates and stores a Solana private key locally (.safeflow/agent-keypair.json) and will read that secret to sign transactions — this is sensitive and should be expected and handled cautiously. No unexpected credentials (AWS, GCP, etc.) are requested.
Persistence & Privilege
always is false and there are no declarations that the skill will modify other skills or system-wide settings. The skill persists its own config and keypair under .safeflow which is normal for this purpose.
What to consider before installing
Do not install or run this skill until the repository author supplies missing artifacts and clarifications. Specific checks to request or perform before use: - Verify the repository includes the referenced SDK (sdk/src/agent) and the IDL file (target/idl/safeflow_solana.json). Inspect those files for unexpected network calls or unknown endpoints. - Confirm system requirements: explicitly require solana-cli (solana-keygen), node, and a pinned ts-node/runtime dependency or provide a package.json; avoid implicit npx pulls if you want reproducible behavior. - Understand and accept local private key storage: the agent keypair is written to .safeflow/agent-keypair.json (sensitive). Consider using hardware wallets, restricted signing services, or running in an isolated environment. - Because the script executes arbitrary JS via npx/ts-node, ensure all JS code is audited and comes from a trusted source; if you cannot validate the code, run in a sandboxed environment or decline. - Ask the author to provide an explicit install spec (or packaged dependencies) and to declare required binaries in the skill metadata. If the skill will fetch runtime packages, request pinned versions and an integrity check. If you cannot obtain these assurances, classify the skill as untrusted and avoid running it with real funds or on production systems.

Like a lobster shell, security has layers — review code before you run it.

latestvk975104zb7342ermxsn5kqjg2n84537h
78downloads
0stars
1versions
Updated 3w ago
v1.0.0
MIT-0
Togo@fwangzil
latest
Download

SafeFlow Solana Agent Skill

Operate this as a payment skill for AI agents on Solana with on-chain rate limiting.

Default program ID (devnet):

  • DwYEDn6xRpSbnNA7mkszQgDAUoHGfgdBNSi6pwy4qJKy

Quick Start (Owner-Handoff)

  1. Bootstrap agent keypair and print owner handoff instructions:
cd safe-flow-solana-skill/scripts
chmod +x ./*.sh
./bootstrap.sh \
  --program-id DwYEDn6xRpSbnNA7mkszQgDAUoHGfgdBNSi6pwy4qJKy \
  --cluster devnet

  1. Ask owner to:

    • Fund the agent address with SOL for gas (~0.01 SOL)
    • Open the SafeFlow dashboard and create a wallet + session for the agent address
    • Return with walletOwner public key

  2. Save owner-provided config:

./save_config.sh \
  --wallet-owner <OWNER_PUBKEY>
  1. Execute payment:
./execute_payment.sh \
  --recipient <RECIPIENT_ADDRESS> \
  --amount 500000000 \
  --evidence-id "reasoning:task_completed"

How It Works

  1. Agent generates a Solana keypair (stored locally in .safeflow/agent-keypair.json)
  2. Owner creates an AgentWallet PDA + deposits SOL + creates a SessionCap for the agent
  3. Agent uses the SessionCap to execute rate-limited payments autonomously
  4. All payments are enforced on-chain: rate limit, total cap, expiration, and revocation

Session Query

Check remaining budget before attempting payment:

./execute_payment.sh --query --wallet-owner <OWNER_PUBKEY>

Error Handling

The skill classifies payment failures:

ErrorMeaningAgent Action
ExceedsRateLimitToo fastWait, retry with smaller amount
ExceedsTotalLimitBudget exhaustedStop, notify owner
SessionExpiredTime's upAsk owner for new session
SessionRevokedOwner killed itStop immediately

Comments

Loading comments...