solana-security
Security checks across static analysis, malware telemetry, and agentic risk
Overview
This is an instruction-only Solana security auditing guide with no reviewed code execution or credential use, though its automated capability signals appear broader than the artifacts justify.
This skill appears suitable as a Solana smart-contract audit checklist/reference. Treat it as advisory content, not as a wallet or transaction tool; if it ever prompts for private keys, wallet signing, purchases, or account credentials, pause and re-review that behavior.
Static analysis
No static analysis findings were reported for this release.
VirusTotal
VirusTotal findings are pending for this skill version.
Risk analysis
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
If a runtime asks for wallet access, signing, purchases, or credentials, that would exceed what the reviewed instructions appear to need.
These signals describe sensitive wallet and credential capabilities, but the requirements list no credentials or binaries and the supplied skill content is instruction-only auditing guidance.
requires-wallet; can-make-purchases; can-sign-transactions; requires-sensitive-credentials
Use the skill for code review only, and do not grant wallet, signing, purchase, or credential access unless a future version clearly explains why it is necessary.