Cabin Sol
AdvisoryAudited by Static analysis on Apr 30, 2026.
Overview
No suspicious patterns detected.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
If copied without review, these commands could deploy to Solana mainnet and spend real SOL.
The skill documents a mainnet deployment workflow that can spend real funds and publish a program. This is purpose-aligned for a Solana development tutor and is disclosed, but users should intentionally confirm network, wallet, and costs before running it.
# Mainnet (costs ~2-5 SOL) solana config set --url mainnet-beta anchor deploy --provider.cluster mainnet
Use devnet or localnet while learning, verify the active Solana cluster and wallet, and only deploy to mainnet after reviewing cost and program behavior.
Transactions may be signed with the user's configured Solana wallet or development keypair.
The examples use Anchor providers and signers to submit transactions. This is expected for Solana development, but it means user wallet authority may be involved when examples are adapted or run.
const provider = anchor.AnchorProvider.env(); anchor.setProvider(provider); ... .signers([account]) .rpc();
Keep learning wallets separate from funded wallets, check which keypair/provider is active, and avoid using mainnet credentials for tests.
Running the command executes a script fetched from the internet on the user's machine.
The challenge documentation includes a user-directed remote installer command for the Metaplex Sugar CLI. This fits the NFT tutorial purpose, but remote installer provenance should be checked before execution.
bash <(curl -sSf https://sugar.metaplex.com/install.sh)
Inspect remote install scripts or use official package-manager instructions before running them, especially on machines with wallets or private keys.