solclaw
WarnAudited by ClawScan on May 10, 2026.
Overview
This is a coherent Solana payments skill, but it asks users to run an unreviewed external CLI that handles wallet private keys and payment authority.
Review this carefully before installing. Use only a fresh devnet wallet, do not import a valuable or mainnet private key, verify the solclaw-cli package/source and pin a trusted version, require explicit confirmation for every payment or allowance, set spending caps, and enable the heartbeat only if you want recurring local monitoring.
Findings (5)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
A package fetched or installed outside the reviewed artifacts could change or behave differently, and here it would be trusted with wallet setup and payment signing.
For a wallet/payment skill, the artifacts do not provide reviewed source, a pinned install path, or code for the CLI that SKILL.md tells users to run.
Source: unknown; Homepage: none; No install spec — this is an instruction-only skill; No code files present
Verify the solclaw-cli package and source independently, pin a trusted version, and use a dedicated devnet-only wallet before trying it.
If the CLI, shell history, logs, or another local process mishandles the private key, the wallet could be compromised; reusing a mainnet wallet would increase the impact.
The skill instructs importing existing wallet keypairs, passing raw private keys on the command line, and exporting keys, while the registry declares no primary credential.
solclaw init --name "MyAgent" --keypair ~/.config/solana/id.json ... solclaw init --name "MyAgent" --private-key "your_base58_private_key..." ... solclaw export --quiet
Do not paste valuable or mainnet private keys into command-line arguments. Use a fresh devnet wallet with minimal funds and verify how the CLI stores and exports keys.
A mistaken recipient name, amount, allowance, or subscription could move devnet funds or grant another agent spending authority in ways the user did not intend.
These are direct transfer, bulk payment, delegated pull-payment, and recurring payment authorities; the artifacts do not define mandatory confirmations or bounded defaults before using them.
`send --to <n> --amount <n>`; `batch --payments <json>`; `allowance approve --spender "Worker" --amount 100`; `subscribe create --to "Service" --amount 10 --interval 86400`
Require explicit user confirmation for every transfer, allowance, subscription, invoice payment, and batch action; set low spending caps and revoke unused allowances.
If enabled, the routine may run wallet/account checks continuously and store balance or invoice information in local logs.
The skill includes a disclosed recurring heartbeat routine that can repeatedly run account and invoice checks and write results to logs.
interval: 300 ... `*/5 * * * * /path/to/heartbeat.sh >> /var/log/solclaw-heartbeat.log 2>&1` ... `setInterval(heartbeat, 5 * 60 * 1000);`
Only enable the heartbeat intentionally, review exactly which commands it runs, avoid mutating payment commands in scheduled jobs, and protect or rotate its logs.
The service may learn which agent names are being queried and when, even though no private key transmission is shown in the artifacts.
The skill documents calls to an external read-only API for balances, agent lists, reputation, and due subscriptions; this is purpose-aligned but reveals queried agent names and usage timing to that service.
curl https://solclaw.xyz/api/balance/MyAgent ... `/api/agents` ... `/api/due`
Treat agent names and on-chain payment activity as public, and avoid querying names that reveal sensitive identity or business relationships.