ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Solanaprox Mcp

v1.1.0

Connect your Solana wallet to pay per AI request with USDC or SOL, check balances, estimate costs, and access models like Claude Sonnet 4 and GPT-4 Turbo.

0· 163·1 current·1 all-time
by@unixlamadev-spec
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Suspicious
medium confidence
Purpose & Capability
The skill's name/description (Solana wallet pays for AI requests) aligns with the included README, SKILL.md, and source code which call https://solanaprox.com endpoints and implement ask_ai/check_balance/estimate_cost/list_models. That said, the published metadata claims no required env vars or credentials while the code and docs require SOLANA_WALLET (and optionally SOLANAPROX_URL). This metadata omission is an incoherence.
Instruction Scope
SKILL.md instructions are scoped to the stated purpose (check balance, estimate cost, call SolanaProx API, handle 402 x402 payment responses). They do not instruct reading unrelated local files or exfiltrating secrets. The runtime behavior described (deduct USDC from wallet balance, show payTo address) matches the code.
Install Mechanism
There is no install spec in the registry entry (instruction-only), but the package includes package.json, package-lock.json, and runnable JS/TS sources (bin: dist/index.js). That is inconsistent: the skill is not declared to install anything yet includes code intended to be executed (npx / node). Dependencies are standard npm packages from the registry (no arbitrary download URLs), which reduces risk, but the lack of an install declaration is a packaging/metadata mismatch worth flagging.
!
Credentials
Registry metadata lists no required environment variables or primary credential, but README, SKILL.md, and source code require SOLANA_WALLET (wallet address) and optionally SOLANAPROX_URL. While a wallet address is publicly visible on-chain (not a private key), omitting this required variable from metadata is misleading. The skill does not request private keys, but it will make external network requests and can cause on-chain payments if the user follows instructions — so confirm you only provide a public wallet address (never private keys/seed phrases).
Persistence & Privilege
The skill is not marked always:true and does not ask to modify other skills or system-wide settings. Autonomous invocation is permitted (platform default) — combined with payment functionality this means an autonomous agent could spend the user's deposited USDC if allowed to call ask_ai, so users should be aware of spending risk when enabling agent autonomy.
What to consider before installing
What to consider before installing/using this skill: - Metadata mismatch: the registry entry says no env vars, but the code and docs require SOLANA_WALLET (your Phantom wallet address). The package should declare this; treat the omission as a warning sign. - Network & payment behavior: the skill makes network calls to solanaprox.com and will instruct users to deposit USDC to a hardcoded 'payTo' address. Verify solanaprox.com, the deposit address, and the project/repo (npm package page and GitHub) independently before sending funds. - Never provide private keys or seed phrases. The code only sends the public wallet address in an HTTP header; that is normal, but you must not export your wallet's private key to run this. - Autonomous spending risk: if you allow an agent to call ask_ai automatically, it can cause many paid requests. Keep minimum balances, confirm expensive operations with the user, or disable autonomous invocation if possible. - Packaging caution: the skill includes runnable code and npm dependencies but no install spec in the registry. If you plan to run it locally, inspect the package contents (bin/dist/index.js) and verify the npm package integrity and upstream GitHub repository before running 'npx' or 'npm install'. - If you want higher assurance: check the npm package publisher, verify the Git repository (commits, contributors), and confirm the team behind LPX Digital Group LLC and solanaprox.com are legitimate.
agent-exammple.js:13
Environment variable access combined with network send.
src/index.ts:16
Environment variable access combined with network send.
Patterns worth reviewing
These patterns may indicate risky behavior. Check the VirusTotal and OpenClaw results above for context-aware analysis before installing.

Like a lobster shell, security has layers — review code before you run it.

latestvk97eznjtdkzv2mmmq8gwxh23mh847w0n

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments