ClawHub

Solana

Security checks across malware telemetry and agentic risk

Overview

This Solana skill appears to perform its advertised wallet functions, but it gives an agent real mainnet transaction authority and includes under-scoped safety controls plus questionable token-legitimacy guidance.

Review before installing. Use only a new or low-balance wallet, test on devnet first, do not expose a valuable private key to an autonomous agent, verify every recipient, amount, route, fee, and token launch manually, and avoid using the vanity-address guidance to imply endorsement or legitimacy.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Findings (17)

Context-Inappropriate Capability

Medium
Confidence
92% confidence
Finding
The documentation includes instructions for generating vanity mint addresses via an external CLI, which is unnecessary for basic wallet management and expands the operational surface beyond the stated skill purpose. This encourages use of extra tooling and key material handling that can introduce security, provenance, and misuse risks.

Context-Inappropriate Capability

Medium
Confidence
97% confidence
Finding
The help text explicitly advises using a vanity mint key to make tokens look "more legit-looking," which is deceptive social-engineering guidance rather than a legitimate wallet or token-launch function. In the context of a token-launching skill, this increases the likelihood of misuse for impersonation, scam token creation, or misleading investors about authenticity.

Vague Triggers

Medium
Confidence
89% confidence
Finding
The trigger list contains broad terms such as 'wallet', 'swap', and 'launch token' that can cause the skill to activate in contexts where the user did not intend real blockchain or fund-moving actions. In a financial skill operating on mainnet by default, unintended invocation materially increases the chance of accidental transactions or exposure of sensitive wallet operations.

Missing User Warnings

High
Confidence
97% confidence
Finding
The skill documents high-risk operations involving private keys, mainnet transactions, token swaps, and token launches, but it does not prominently warn about irreversible real-asset loss, secret exposure, or the need for confirmation before signing/broadcasting. In this context, insufficient warnings are dangerous because users may follow examples verbatim on mainnet and unintentionally lose funds or mishandle private keys.

Natural-Language Policy Violations

High
Confidence
99% confidence
Finding
The text explicitly advises using vanity addresses ending in 'pump' to make tokens look more legitimate, which is deceptive by design. This materially increases fraud and social-engineering risk because it helps create misleading token branding intended to influence user trust rather than convey truthful provenance.

Missing User Warnings

High
Confidence
95% confidence
Finding
The swap command performs a real on-chain asset trade immediately after obtaining and signing the transaction, with no explicit user confirmation, dry-run mode, or irreversible-action warning. In an agent skill context, this materially increases the risk of accidental or prompt-induced execution that can move funds irreversibly.

Natural-Language Policy Violations

Medium
Confidence
98% confidence
Finding
This documentation uses overtly deceptive wording by recommending vanity mint keys to appear "more legit-looking." That is not operationally necessary for token launch functionality and suggests intent to help users misrepresent provenance or credibility of issued tokens.

Missing User Warnings

Medium
Confidence
88% confidence
Finding
The token transfer flow will automatically create the recipient's associated token account when it does not exist, which adds an extra on-chain instruction and charges additional rent/transaction fees to the sender. Because the script proceeds without an explicit confirmation or fee warning, a user can be surprised into paying more than intended, especially on mainnet where this tool directly handles real funds.

Ssd 4

Medium
Confidence
98% confidence
Finding
The instruction does not merely mention vanity addresses; it ties them to appearing more legitimate, which promotes deceptive presentation as a tactic. Within a token-launching skill, this context makes the issue more dangerous because it directly facilitates trust manipulation around speculative or potentially fraudulent assets.

Ssd 4

Medium
Confidence
96% confidence
Finding
Encouraging vanity mint keys specifically to increase perceived legitimacy is suspicious because it facilitates deceptive presentation rather than technical operation. In a crypto asset issuance tool, such guidance materially raises abuse risk by helping launch scam or spoofed tokens that appear authentic to users.

Unpinned Dependencies

Low
Category
Supply Chain
Content
solana>=0.34.0
solders>=0.21.0
base58>=2.1.0
python-dotenv>=1.0.0
Confidence
93% confidence
Finding
solana>=0.34.0

Unpinned Dependencies

Low
Category
Supply Chain
Content
solana>=0.34.0
solders>=0.21.0
base58>=2.1.0
python-dotenv>=1.0.0
aiohttp>=3.9.0
Confidence
93% confidence
Finding
solders>=0.21.0

Unpinned Dependencies

Low
Category
Supply Chain
Content
solana>=0.34.0
solders>=0.21.0
base58>=2.1.0
python-dotenv>=1.0.0
aiohttp>=3.9.0
Confidence
90% confidence
Finding
base58>=2.1.0

Unpinned Dependencies

Low
Category
Supply Chain
Content
solana>=0.34.0
solders>=0.21.0
base58>=2.1.0
python-dotenv>=1.0.0
aiohttp>=3.9.0
Confidence
95% confidence
Finding
python-dotenv>=1.0.0

Unpinned Dependencies

Low
Category
Supply Chain
Content
solders>=0.21.0
base58>=2.1.0
python-dotenv>=1.0.0
aiohttp>=3.9.0
Confidence
96% confidence
Finding
aiohttp>=3.9.0

Known Vulnerable Dependency: python-dotenv — 1 advisory(ies): CVE-2026-28684 (python-dotenv: Symlink following in set_key allows arbitrary file overwrite via )

Low
Category
Supply Chain
Confidence
69% confidence
Finding
python-dotenv

Known Vulnerable Dependency: aiohttp — 10 advisory(ies): CVE-2024-52303 (aiohttp has a memory leak when middleware is enabled when requesting a resource ); CVE-2026-34514 (AIOHTTP has CRLF injection through multipart part content type header constructi); CVE-2026-34517 (AIOHTTP has late size enforcement for non-file multipart fields causes memory Do) +7 more

High
Category
Supply Chain
Confidence
92% confidence
Finding
aiohttp

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal