Solana Sniper Bot
SuspiciousAudited by ClawScan on May 10, 2026.
Overview
The skill is transparent about being a Solana trading bot, but it can autonomously spend funds from a Solana private key and the provided code does not implement the advertised stop-loss/auto-sell safeguards.
Review this skill carefully before running it with real funds. If you proceed, use only a fresh dedicated Solana wallet with a tiny balance, verify that sell/stop-loss logic actually exists, start in dry-run or test mode, set strict spend limits, and monitor the process continuously.
Findings (4)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
The bot could spend real SOL on mainnet trades automatically, including risky or incorrect trades, before the user can review them.
The bot automatically executes swaps when its internal threshold is met and sends transactions with preflight disabled, with no per-trade confirmation step shown.
if total_risk < RISK_THRESHOLD and len(positions) < MAX_POSITIONS:
log.info(f" BUY SIGNAL! Sniping {BUY_AMOUNT} SOL...")
...
result = await execute_swap(quote)
...
"params": [base64.b64encode(bytes(tx)).decode(), {"skipPreflight": True}]Use a dry-run or testnet mode first, require explicit approval before live swaps, enable preflight checks, and set hard per-run and daily loss limits.
Anyone running this with a funded wallet gives the bot broad ability to sign transactions and spend wallet funds.
The implementation loads a full Solana private key and uses it to create a signing keypair, giving the bot direct authority over wallet transactions.
PRIVATE_KEY = os.environ["SOLANA_PRIVATE_KEY"] ... keypair = Keypair.from_bytes(base58.b58decode(PRIVATE_KEY))
Never use a main wallet; use a fresh dedicated wallet with only small funds, restrict environment access, and prefer a transaction approval flow or delegated limited authority where possible.
A user may leave the bot running believing losses are automatically limited or profits captured, when the provided code may only buy and then hold positions.
These are important safety and loss-limiting claims, but the supplied sniper.py implementation shows buy execution and trade logging without corresponding price monitoring, take-profit, stop-loss, or sell execution logic.
Supports cron-based monitoring, take-profit/stop-loss, and portfolio tracking. ... 6. **Auto-Sell** — Exits via Jupiter when TP/SL hit
Treat the provided implementation as unverified buy-side automation until exit logic is implemented and tested; do not rely on advertised stop-loss or auto-sell behavior without reviewing working code.
Restarting or running multiple instances can bypass the intended position limit and lead to more trades than the user expects.
The bot runs indefinitely and enforces MAX_POSITIONS only through an in-memory dictionary initialized empty on each run, while trade history is merely appended to a log and not reloaded for enforcement.
positions = {}
...
while True:
...
if total_risk < RISK_THRESHOLD and len(positions) < MAX_POSITIONS:Persist and reload open positions, enforce total spend limits across restarts, prevent multiple simultaneous instances, and provide a clear stop/kill switch.