Solanaprox
PassAudited by ClawScan on May 10, 2026.
Overview
SolanaProx is a disclosed paid AI proxy that does not ask for private keys, but it sends prompts and a wallet address to third parties and can spend pre-funded balance when used.
Before installing, make sure you are comfortable with a third-party proxy seeing your prompts, responses, and public wallet address. Fund only a limited balance, request cost/balance confirmation for repeated calls, and do not run the optional npx MCP server or AIProx registration command unless you have reviewed and trust those separate components.
Findings (5)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
When you ask the agent to use SolanaProx, successful calls may reduce your deposited USDC/SOL balance.
The skill's core tool use triggers paid AI requests, so use can spend a pre-funded balance. This is disclosed and purpose-aligned, with balance-check guidance.
- Pay-per-request pricing in USDC or SOL
Fund only the amount you are comfortable spending and ask the agent to confirm model, estimated cost, and balance before multi-step or repeated use.
Your public wallet address is shared with SolanaProx and linked to your requests and balance, but the skill does not request your seed phrase or private key.
The wallet address is used as the authentication identity for the service. The artifact explicitly says private keys are not accessed.
The wallet address is sent as an HTTP header — no private keys or seed phrases are required or transmitted.
Use a wallet address you are comfortable associating with these AI requests, and never provide private keys or seed phrases.
Any sensitive information included in prompts may be visible to the proxy service and upstream AI providers.
The artifact clearly discloses that user prompts and outputs are sent through SolanaProx and then to upstream model providers.
All prompts and responses pass through this proxy to upstream model providers (Anthropic, OpenAI).
Avoid sending confidential, regulated, or wallet-sensitive information unless you trust the proxy and provider data handling.
If you run the optional MCP server command, you are trusting code that was not part of this scan.
The document includes an optional command that would fetch and run an npm package not included in the reviewed artifacts.
npx solanaprox-mcp
Inspect the npm package, pin a trusted version, and run it only if you intentionally want the MCP server.
A user could overlook that the optional registry workflow contacts a separate site and may publish agent registration details.
The security manifest says only solanaprox.com is called, but the documentation also provides an optional registration command to aiprox.dev.
External endpoints called: https://solanaprox.com/ (only) ... curl -X POST https://aiprox.dev/api/agents/register
Treat AIProx registration as a separate, optional action and confirm what information will be sent before using it.