Skillv1.0.0

ClawScan security

Solana Sniper Bot · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

BenignFeb 11, 2026, 10:25 PM

Verdict: benign
Confidence: high
Model: gpt-5-mini
Summary: The skill's code, instructions, and required environment variables are consistent with an autonomous Solana sniping/trading bot — it requests the wallet private key and an LLM API key which are necessary for its stated behavior, but those are highly sensitive and carry real financial risk.
Guidance: This skill appears to do what it claims, but it requires your wallet private key and will autonomously sign and send trades. Before installing: (1) Do not use your main wallet — create a dedicated funding wallet with only the funds you can afford to lose. (2) Inspect the code yourself (or have someone you trust do so); the repo is plain Python and uses known APIs. (3) Run inside an isolated environment (container or VM) and use a Python virtualenv to avoid global pip installs. (4) Consider running on Solana devnet/testnet first to validate behavior. (5) Limit the bot's privileges: prefer a wallet/signing setup that avoids exposing a raw long‑term private key if possible (hardware or remote signer), or rotate the private key after testing. (6) Monitor logs and network activity; be aware that any compromise of the environment or LLM key could affect decisions or leak operational metadata. If you are not comfortable exposing a hot private key, do not install.

Review Dimensions

Purpose & Capability: okThe name/description (Solana sniper/trading bot) aligns with what the files do: monitoring Raydium pools, assessing tokens, calling an LLM for risk scoring, and executing swaps via Jupiter. Required env vars (SOLANA_PRIVATE_KEY and LLM_API_KEY) are expected for signing trades and calling the LLM.
Instruction Scope: noteSKILL.md and scripts instruct the agent to install Python deps, place/run the sniper script, create a .env containing the private key and LLM key, poll Raydium/Jupiter RPCs, send token metadata to Anthropic, and perform swaps. All actions stay within the trading/sniping scope, but they require storing a private key in .env and running a long‑running agent that can autonomously sign/send transactions.
Install Mechanism: notesetup.sh runs pip install of specific packages from PyPI (no obscure downloads). This is expected for a Python tool, but the installer runs pip globally unless a venv is used — note the usual supply-chain and system-impact concerns for pip installs.
Credentials: concernOnly two env vars are required (SOLANA_PRIVATE_KEY and LLM_API_KEY), which are relevant. However, SOLANA_PRIVATE_KEY is extremely sensitive (full control of on‑chain funds). Requesting it is proportionate to the bot's purpose but carries high privilege — the user must understand the financial risk of providing a hot private key to software.
Persistence & Privilege: okSkill does not request always:true and does not modify other skills or system configs. It will run as a long‑running/cron process and can autonomously invoke network calls and sign transactions — normal for this use case but increases blast radius if misused or compromised.