Skillv2.0.0

ClawScan security

Solanaprox · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

SuspiciousFeb 26, 2026, 6:35 PM

Verdict: suspicious
Confidence: medium
Model: gpt-5-mini
Summary: The skill's declared behavior (pay-per-call via a Solana wallet address) matches its instructions, but there are notable ambiguities and minor incoherences — especially around the SOLANA_WALLET env var (could be misused to store private keys) and an instruction that suggests running an npm package (npx) which would fetch remote code.
Guidance: This skill appears to do what it says (send your wallet address to solanaprox.com and pay per call), but take precautions before using it: - Do NOT put private keys, seed phrases, or secret keys into SOLANA_WALLET. The SKILL.md intends SOLANA_WALLET to be a public wallet address, but the variable name is ambiguous and a mistake could expose secrets. - Be aware that all prompts and responses are routed through a third-party proxy (solanaprox.com). Do not send sensitive data or private information unless you trust that service. - The doc suggests running `npx solanaprox-mcp` (optional). Running npx will download and execute code from npm — review the package source (npm page and GitHub) before running. - The SKILL.md metadata references a GitHub repo and an npm package; the registry record lacked a homepage. Verify those links independently (inspect repository and package) before trusting the service. - If you want to try it, use a dedicated Solana wallet with minimal funds (e.g., <$5) rather than your main wallet. If you want a firmer benign/malicious determination, provide the package source (GitHub repo or the npm package contents) or clarify exactly what value users are expected to set in SOLANA_WALLET (address vs. key).

Review Dimensions

Purpose & Capability: okThe name/description (Solana pay-per-request proxy) aligns with the declared runtime actions: check balance and POST requests to solanaprox.com with the wallet address in a header. Requiring SOLANA_WALLET (a wallet identifier) is expected for the stated purpose.
Instruction Scope: noteSKILL.md confines runtime actions to calls to https://solanaprox.com and reading the SOLANA_WALLET env var. It clearly states prompts/responses flow through a third-party proxy (privacy risk) and instructs the agent to extract only clean text. However, it also recommends running `npx solanaprox-mcp` (which would fetch and execute remote npm code) and includes registry/registration curl examples that interact with other endpoints — these expand the surface beyond simple HTTP proxy calls.
Install Mechanism: noteThere is no install spec (lower risk), but the doc references an npm package and an npx command. If followed, that would pull and execute remote code from npm at runtime, which is a moderate risk and not accounted for in an explicit install step.
Credentials: concernOnly one env var is required (SOLANA_WALLET), which is proportionate if it is strictly a public wallet address. The documentation asserts private keys are never accessed, but the variable name is ambiguous — a less-technical user might place a private key or seed there. That ambiguity could lead to accidental secret exposure. No other unrelated secrets are requested.
Persistence & Privilege: okThe skill is instruction-only, has no install that makes persistent changes, and does not request always:true. Autonomous invocation is allowed by default but not combined with other strong privilege escalation indicators.