Solana CLI for trading, prediction markets, defi and x402 payments
AdvisoryAudited by Static analysis on Apr 30, 2026.
Overview
No suspicious patterns detected.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
A future or compromised npm release could run with access to the user's wallet files and sign or submit high-value transactions.
The skill recommends executing a moving npm package version. Because no code files or install spec for that CLI are included, users cannot verify the exact code that will handle wallets and transactions.
Prefer `npx` with `@latest` — it always runs the latest version with no global install to manage:
Use a pinned, reviewed version of the CLI; verify the package publisher and source; test with an empty wallet first; and avoid running @latest for wallets holding meaningful funds.
Anyone or any code that can access these key files may be able to move the user's crypto assets.
The CLI creates, stores, and imports private wallet key material, including existing Solana CLI keys, even though the registry metadata declares no primary credential or required config paths.
Creates a new Ed25519 keypair and stores it as a JSON key file in `~/.sol/wallets/<name>.json` ... `sol wallet import --solana-cli`
Use a dedicated low-balance wallet, protect file permissions and backups, avoid importing cold-wallet keys, and consider hardware-wallet or multisig workflows for valuable assets.
An accidental or misunderstood command could cause irreversible transfers, bad trades, unwanted debt, recurring purchases, or loss of tokens.
The documented command set can move, lock, borrow against, burn, or repeatedly spend funds. The artifacts do not impose a mandatory quote/confirmation step before these high-impact actions.
Pay people in SOL or USDC, buy and sell tokens ... stake SOL, earn yield ... borrow ... set up DCA ... limit orders, provide liquidity ... trade prediction markets, pay for APIs via x402
Require explicit user approval for every transaction, use quote-only or dry-run first, set spending caps and permissions in `~/.sol/config.toml`, and avoid letting an agent execute financial commands autonomously.
Fetching an unexpected or malicious paid URL could spend USDC unless the user uses dry-run or sets a cap.
The x402 fetch command can automatically sign a USDC payment requested by a remote server; the spending cap is available but not shown as a default requirement.
Fetch a URL, automatically paying if the server returns HTTP 402 Payment Required ... `--max <amount>` — Max USDC to spend
Use `--dry-run` and `--max` for x402 requests, disable `canFetch` unless needed, and only fetch paid resources from trusted domains.
Local files may reveal wallet holdings, trading history, and portfolio value to anyone with access to the machine.
The skill stores portfolio snapshots and transaction-derived financial history locally. This is purpose-aligned, but it creates persistent sensitive financial records.
A snapshot is taken automatically on each portfolio view ... Saves the current portfolio state to SQLite for later comparison.
Protect the local machine and `~/.sol` directory, avoid sharing database files, and delete snapshots or transaction logs if they are no longer needed.