ClawHub

solana-light-token-client

Security checks across malware telemetry and agentic risk

Overview

This is a disclosed Solana developer cookbook whose wallet and transaction examples are risky if misused but fit the skill’s stated purpose.

Install only if you understand that the examples may sign and broadcast real Solana transactions. Use localnet or devnet where possible, use a dedicated low-value test wallet instead of a production wallet, keep RPC API keys out of logs and commits, and require explicit confirmation before any mainnet transfer, mint, burn, freeze, close, wrap, or unwrap action.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (7)

Intent-Code Divergence

Medium
Confidence
93% confidence
Finding
The Security section is misleading: it states the skill does not pull, store, or transmit external secrets, while the manifest and prerequisites explicitly require an API key and a local Solana keypair for some workflows. Even if the skill itself only documents their use, downplaying secret handling can cause users or downstream agents to expose sensitive credentials in unsafe ways or apply weaker safeguards than warranted.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The example reads the user's default Solana keypair from ~/.config/solana/id.json and uses it directly for signing, but the surrounding markdown does not clearly warn that this accesses sensitive local key material. In a copy-paste developer guide, this can normalize unsafe handling of private keys and cause users to run examples against a real wallet without understanding the risk.

Missing User Warnings

Medium
Confidence
92% confidence
Finding
This example constructs and submits a real blockchain transaction, but the markdown does not prominently warn that running it will broadcast a transaction and may incur fees or change on-chain state. In a token-management skill, users are especially likely to copy and execute snippets, so omission of a transaction warning materially increases the chance of unintended actions.

Missing User Warnings

Medium
Confidence
97% confidence
Finding
The instruction example both loads the user's local private key and broadcasts a signed transaction, yet it lacks explicit warnings about secret-key access and irreversible on-chain effects. Combining sensitive key access with immediate transaction submission is more dangerous than either behavior alone, because a user can unintentionally authorize real operations from their default wallet by pasting the sample unchanged.

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The TypeScript examples load a private key directly from the default Solana wallet file (`~/.config/solana/id.json`) without any surrounding warning that the code will access sensitive local credentials. In documentation, this is dangerous because users may copy-paste and run it against their real wallet, unintentionally exposing or misusing a production key for signing and mint-authority operations.

Missing User Warnings

Low
Confidence
76% confidence
Finding
The example constructs an RPC URL using an API key from environment variables and immediately uses it for a network connection without warning the user that running the snippet will consume a potentially billable or sensitive credential. While common in developer docs, omission of disclosure can lead to accidental leakage in logs, screenshots, or misuse of a personal RPC account.

Missing User Warnings

Medium
Confidence
88% confidence
Finding
The examples create accounts, mint tokens, decompress, and wrap tokens on-chain using a locally loaded private key, but the document provides no warning that running them performs real blockchain transactions and may incur fees or move assets. In a developer skill, this omission can mislead users into executing state-changing code against devnet or other clusters without understanding the spending and asset-handling implications.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal