Pump MCP Server
SuspiciousAudited by ClawScan on May 10, 2026.
Overview
The skill is clearly about Solana wallet operations, but it gives an agent wallet-key restoration and message-signing capability without clear approval boundaries, and no implementation was provided to verify the safety claims.
Do not use this with a real wallet until you have inspected the actual MCP server code and configured explicit approval for every key restore and signature. It may be reasonable for disposable development wallets if the implementation matches the stated no-network, no-logging, and zeroization model.
Findings (3)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
If a real wallet key is restored, an agent could sign messages as that wallet, which may authenticate the user or authorize actions depending on the service receiving the signature.
This shows the skill handles Solana private key material and can produce wallet signatures. The artifact does not define a clear user-approval boundary, key scope, or allowed message type before signatures are made.
`restore_keypair` | Restore keypair from secret key bytes | ... `sign_message` | Sign a message with session keypair |
Use only disposable or test wallets unless the actual implementation enforces explicit approval for every restore and signing action, shows the exact message to be signed, and never logs or exports secrets.
An autonomous agent or compromised prompt context could try to invoke signing-related workflows after a keypair is active.
The wallet tools are explicitly intended for agent consumption over MCP, but the instructions do not describe gating, confirmation, or human review for risky calls such as restoring a keypair or signing a message.
Model Context Protocol server exposing tools, resources, and prompts for AI agent consumption over stdio transport with session keypair management.
Configure MCP/tool permissions so `restore_keypair` and `sign_message` require user confirmation, and avoid enabling autonomous use for wallet-signing operations.
You would need to separately trust and inspect whatever external MCP server or package you actually run before giving it wallet keys.
The reviewed artifact describes a wallet MCP server and security model, but no runnable implementation or install path is included for review.
No install spec — this is an instruction-only skill.
Verify the upstream repository/package, pin versions, and review the implementation before using this with any valuable Solana wallet.