ClawHub

Solana Sniper Bot

Security checks across malware telemetry and agentic risk

Overview

This skill is a disclosed Solana trading bot, but it can use a wallet private key to attempt autonomous live trades without a confirmation or dry-run safety gate.

Review carefully before installing. Use only a dedicated low-balance wallet, assume trades can lose all allocated funds, do not rely on the documented stop-loss or auto-sell protections without implementing and testing them, and prefer a dry-run or manual-approval workflow before allowing live transactions.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Findings (4)

Lp3

Medium
Category
MCP Least Privilege
Confidence
92% confidence
Finding
The skill requires sensitive environment secrets, writes files during deployment, and performs network actions, but does not declare explicit permissions. In an agent ecosystem, this creates a capability mismatch that can lead users or orchestrators to grant or execute powerful behavior without clear visibility, especially dangerous here because the skill handles a Solana private key and can place real trades.

Intent-Code Divergence

High
Confidence
98% confidence
Finding
The function claims to execute a Jupiter swap, but it never attaches the generated signature to the deserialized transaction before sending it. As written, the bot may submit an unsigned or improperly signed transaction while using skipPreflight, causing failed trades, inconsistent accounting, and potentially unsafe assumptions that orders were executed when they were not.

Vague Triggers

Medium
Confidence
84% confidence
Finding
The invocation text is broad enough to match generic requests about Solana trading, token monitoring, or building bots, which increases the chance the skill is auto-selected in contexts where the user did not intend autonomous live trading. In this skill, overbroad triggering is more dangerous than usual because activation can expose wallet secrets and lead to automated financial transactions on highly risky assets.

Missing User Warnings

High
Confidence
95% confidence
Finding
The bot automatically buys newly detected tokens based on heuristic and LLM scoring with no user confirmation, rate limiting beyond position count, or final approval step. In this skill context, that is especially dangerous because it controls a real wallet and targets highly adversarial memecoin launches where bad classifications can quickly lead to financial loss.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal