Skillv1.0.1

ClawScan security

solana-token-distribution · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

BenignFeb 25, 2026, 6:50 PM

Verdict: benign
Confidence: high
Model: gpt-5-mini
Summary: The skill's requirements and instructions are consistent with a Solana compressed-token airdrop tool; it reasonably needs node and a Helius RPC key — but you must not share private wallet keys and should verify the code/source before running on mainnet.
Guidance: This skill appears to be a legitimate guide for compressed-token airdrops and only requires a Helius RPC key and Node to run the provided TypeScript examples. Before using it: (1) verify the skill's source (follow the GitHub links in the SKILL.md) and test on devnet first; (2) never paste your wallet private key into a chat or untrusted UI — use a secure signing method or hardware wallet; (3) restrict or rotate your Helius API key if you decide to use it, and avoid giving broader credentials than required; (4) if the agent spawns subagents or reads files, confirm the scope (limit to docs/repos) so it doesn't access unrelated local data. If you need higher assurance, request the actual code files from the publisher or run the examples locally in an isolated environment.

Review Dimensions

Purpose & Capability: okName/description (compressed-token airdrops) align with the declared requirements: node and HELIUS_API_KEY. The SKILL.md examples call Helius RPC endpoints and @lightprotocol libraries, which matches the stated purpose. Note: the registry lists no homepage and the skill source is 'unknown' in the registry metadata, while SKILL.md contains a GitHub metadata URL — provenance is plausible but not confirmed by the registry.
Instruction Scope: noteSKILL.md is an instruction-only guide with TypeScript examples for building, batching, and sending compressed-token transactions. The runtime instructions reference creating/signing transactions (requiring a payer key), using process.env.HELIUS_API_KEY (declared), and suggest spawning subagents with Read/Glob/Grep and DeepWiki MCP access when stuck. That subagent guidance could broaden read access if executed by an agent, so scope and data access should be limited to repo/docs only. The instructions do not directly request arbitrary system files, but they do require the user provide/sign with a private key (not declared as an env var).
Install Mechanism: okNo install spec and no code files to execute were provided by the skill bundle (instruction-only). This is low-risk from an install perspective because nothing is downloaded or written by the skill itself.
Credentials: noteThe single required env var (HELIUS_API_KEY) is appropriate for using Helius RPC endpoints referenced in the examples. However, transaction signing requires a payer secret key; the skill does not declare a wallet secret env var but examples show Keypair.fromSecretKey(/* your key */). Users should not paste private keys into untrusted inputs — providing a signing key is necessary for operation but is sensitive and must be handled out-of-band or via secure signing.
Persistence & Privilege: okThe skill does not request always:true or other elevated persistence. It is user-invocable and allows model invocation (the platform default). There is no install step that modifies system or other skills' configs.