ClawHub

Solanaprox Mcp

Security checks across malware telemetry and agentic risk

Overview

This is a disclosed paid remote AI gateway that sends prompts and a wallet address to SolanaProx and can spend deposited balance, but the artifacts do not show hidden or unrelated behavior.

Install only if you are comfortable with prompts, code snippets, model settings, and your wallet address being sent to SolanaProx and potentially upstream AI providers. Calls to ask_ai can deduct from your deposited balance, so use cost estimates and balance checks for larger or automated tasks, and do not submit secrets, private keys, regulated data, or proprietary code unless you have reviewed the provider's terms and controls.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (5)

Lp3

Medium
Category
MCP Least Privilege
Confidence
90% confidence
Finding
The skill metadata declares no required environment access, yet the skill content instructs the agent to use external network-backed tools (`ask_ai`, `check_balance`, `estimate_cost`, `list_models`) and references wallet/payment-driven operations. This creates a permission transparency mismatch: users and hosting platforms may believe the skill is low-privilege when it actually drives network/API interactions and potentially payment-related actions, increasing the risk of unintended external calls and charges.

Missing User Warnings

Medium
Confidence
89% confidence
Finding
The README presents `ask_ai` as automatically deducting cost from wallet balance but does not prominently warn, at the point of use, that prompts and wallet identifiers are transmitted to a third-party service and that each request incurs spend. In an MCP/agent context, users may enable tools that send sensitive prompts autonomously, so insufficient disclosure can lead to unintended data exposure and unexpected financial charges.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The function sends arbitrary user prompts and, in the code review path, full source code to a third-party remote service. This creates a real confidentiality and privacy risk because sensitive prompts, proprietary code, secrets embedded in code, or regulated data could be transmitted off-host without explicit notice, consent, redaction, or policy controls.

Missing User Warnings

Medium
Confidence
91% confidence
Finding
The script reads a wallet address from an environment variable and includes it in network requests and balance queries. While a wallet address is typically public rather than secret, transmitting and logging it without a clear privacy warning can still expose user identity, financial metadata, and usage correlation to the service or observers.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The ask_ai tool sends user-supplied prompts and optional system prompts directly to a remote service at SOLANAPROX_URL, which creates a real data disclosure boundary. In an MCP context, users may assume prompts stay local unless clearly told otherwise, so sensitive data, secrets, or proprietary content could be unintentionally transmitted to a third party.

VirusTotal

60/60 vendors flagged this skill as clean.

View on VirusTotal