Skillv1.0.0

ClawScan security

Solana Sniper Architect · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

SuspiciousFeb 11, 2026, 9:41 AM

Verdict: suspicious
Confidence: medium
Model: gpt-5-mini
Summary: The skill's runtime instructions clearly build Solana trading bots and require handling a private key, but the package metadata omits any required credentials and gives no safety guidance — this mismatch and the high-impact actions the skill enables are concerning.
Guidance: This skill will generate scripts that sign and submit Solana transactions and instruct the agent to use a PRIVATE_KEY from environment/.env. Before using: (1) do not give a real mainnet private key — prefer testnet or a disposable wallet; (2) prefer hardware wallets, remote signing, or constructing unsigned transactions for manual signing rather than storing private keys in plaintext .env files; (3) ask the author to update the registry metadata to declare required env vars (e.g., PRIVATE_KEY) and to include security recommendations; (4) review any generated code carefully before running (especially transaction signing, RPC endpoints, and fee/priority logic); and (5) be aware that running HFT trading bots can cause real financial loss and has legal/ethical/market-impact implications.

Review Dimensions

Purpose & Capability: concernThe SKILL.md describes a Solana high-frequency trading bot generator (Jupiter v6 + DexScreener + solders) which is coherent with the skill name. However, the registry metadata provides no description and declares no required environment variables or credentials even though the instructions demand a PRIVATE_KEY environment variable and .env usage. That metadata/instruction mismatch is unexpected and reduces transparency.
Instruction Scope: concernThe instructions explicitly require creating production-ready scripts that sign and submit transactions (priority fees via the solders library) and instruct the agent to read os.getenv('PRIVATE_KEY') and include a .env template. Those runtime actions are high-impact (can move funds) and the SKILL.md gives no guidance to prefer secure signing (hardware wallets, remote signing, or manual signing) or to limit testing to dev/testnet. The instructions also require polling DexScreener and calling Jupiter APIs (external network calls), which is consistent with purpose but broad in scope for an instruction-only skill.
Install Mechanism: okThis is an instruction-only skill with no install spec and no code files, which minimizes immediate supply-chain risk. It will produce Python scripts and a requirements.txt at runtime but does not itself download or install packages.
Credentials: concernThe SKILL.md mandates using PRIVATE_KEY via os.getenv and a .env template, but the skill metadata lists no required env vars or primary credential. Requesting a private key for signing is expected for a trading bot, but the omission from requires.env is an incoherence. Also, advice to put keys in .env (loaded by python-dotenv) can encourage insecure local storage; no safer alternatives (hardware/key management, ephemeral keys, testnet) are suggested.
Persistence & Privilege: okalways is false and there is no install behavior or persistent privileges requested. The skill can be invoked autonomously (disable-model-invocation: false), which is normal for skills and not by itself a red flag; it does not request persistent presence or modify other skills.