Skill flagged — suspicious patterns detected
ClawHub Security flagged this skill as suspicious. Review the scan results before using.
Solanaprox
v2.0.0Pay-per-request AI model access via Solana/USDC using a Phantom wallet address. Query Claude and GPT models without API keys. Wallet-native authentication wi...
⭐ 0· 551·0 current·0 all-time
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Suspicious
medium confidencePurpose & Capability
The name/description (Solana pay-per-request proxy) aligns with the declared runtime actions: check balance and POST requests to solanaprox.com with the wallet address in a header. Requiring SOLANA_WALLET (a wallet identifier) is expected for the stated purpose.
Instruction Scope
SKILL.md confines runtime actions to calls to https://solanaprox.com and reading the SOLANA_WALLET env var. It clearly states prompts/responses flow through a third-party proxy (privacy risk) and instructs the agent to extract only clean text. However, it also recommends running `npx solanaprox-mcp` (which would fetch and execute remote npm code) and includes registry/registration curl examples that interact with other endpoints — these expand the surface beyond simple HTTP proxy calls.
Install Mechanism
There is no install spec (lower risk), but the doc references an npm package and an npx command. If followed, that would pull and execute remote code from npm at runtime, which is a moderate risk and not accounted for in an explicit install step.
Credentials
Only one env var is required (SOLANA_WALLET), which is proportionate if it is strictly a public wallet address. The documentation asserts private keys are never accessed, but the variable name is ambiguous — a less-technical user might place a private key or seed there. That ambiguity could lead to accidental secret exposure. No other unrelated secrets are requested.
Persistence & Privilege
The skill is instruction-only, has no install that makes persistent changes, and does not request always:true. Autonomous invocation is allowed by default but not combined with other strong privilege escalation indicators.
What to consider before installing
This skill appears to do what it says (send your wallet address to solanaprox.com and pay per call), but take precautions before using it:
- Do NOT put private keys, seed phrases, or secret keys into SOLANA_WALLET. The SKILL.md intends SOLANA_WALLET to be a public wallet address, but the variable name is ambiguous and a mistake could expose secrets.
- Be aware that all prompts and responses are routed through a third-party proxy (solanaprox.com). Do not send sensitive data or private information unless you trust that service.
- The doc suggests running `npx solanaprox-mcp` (optional). Running npx will download and execute code from npm — review the package source (npm page and GitHub) before running.
- The SKILL.md metadata references a GitHub repo and an npm package; the registry record lacked a homepage. Verify those links independently (inspect repository and package) before trusting the service.
- If you want to try it, use a dedicated Solana wallet with minimal funds (e.g., <$5) rather than your main wallet.
If you want a firmer benign/malicious determination, provide the package source (GitHub repo or the npm package contents) or clarify exactly what value users are expected to set in SOLANA_WALLET (address vs. key).Like a lobster shell, security has layers — review code before you run it.
latestvk97ay827vh78ct4pqekq9y7n7181w5ek
License
MIT-0
Free to use, modify, and redistribute. No attribution required.
Runtime requirements
⚡ Clawdis
EnvSOLANA_WALLET