Solana
WarnAudited by ClawScan on May 10, 2026.
Overview
This skill does what it advertises, but it can directly spend real Solana funds and launch public tokens without clear built-in approval limits.
Install only if you are comfortable giving the agent control of a dedicated Solana wallet. Use devnet first, keep only limited funds in the configured wallet, protect the .env file, and manually review every send, swap, and token launch before execution.
Findings (4)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
A mistaken or autonomous invocation could transfer real funds irreversibly from the configured wallet.
The send command signs and broadcasts a Solana transaction immediately, explicitly skipping preflight, with no visible confirmation prompt or spending cap in the script.
opts = TxOpts(skip_preflight=True, preflight_commitment=Confirmed) result = client.send_transaction(tx, opts=opts)
Use only a dedicated low-balance wallet, require explicit user confirmation for every spend/swap/launch, avoid skip-preflight by default, and set amount/network limits.
Anyone or any agent process with access to this environment variable can spend from the configured Solana wallet.
The skill clearly requires a private key that can authorize wallet actions. This is expected for a wallet skill, but it gives the agent authority over funds in that wallet.
`SOLANA_PRIVATE_KEY` | Base58-encoded private key (required) |
Do not use a primary wallet. Create a separate wallet with limited funds, protect the .env file, and rotate the key if it may have been exposed.
Using this guidance could mislead token buyers or create reputational/legal risk for the user.
The wording frames vanity token addresses as a way to appear more legitimate, which can support misleading public presentation of launched tokens.
Use vanity addresses ending in 'pump' for more legit-looking tokens.
Avoid deceptive token presentation. Token launch instructions should emphasize accurate disclosure, compliance, and user review of all public-facing metadata.
Future installs may pull different dependency versions, which can affect wallet behavior or supply-chain risk.
Dependencies are installed from package names with lower-bound versions rather than pinned exact versions or a lockfile.
solana>=0.34.0 solders>=0.21.0 base58>=2.1.0 python-dotenv>=1.0.0 aiohttp>=3.9.0
Pin exact dependency versions, use a lockfile, and install in an isolated virtual environment.