critical
suspicious.env_credential_access
- Location
- scripts/src/pumpfun.js:16
- Finding
- Environment variable access combined with network send.
Solana Copy Trader
AdvisoryAudited by Static analysis on May 10, 2026.
Overview
Detected: suspicious.env_credential_access, suspicious.exposed_secret_literal
Findings (2)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
What this means
If you provide a real wallet private key, the bot can sign transactions that spend from that wallet.
Why it was flagged
This loads a Solana private key into a signing wallet, while the registry metadata declares no primary credential or env vars.
Skill content
const secretKey = bs58.default.decode(process.env.PRIVATE_KEY); wallet = Keypair.fromSecretKey(secretKey);
Recommendation
Do not use a main wallet. Use only a new low-balance trading wallet, and require the skill to declare PRIVATE_KEY and other env vars before live use.
What this means
A copied whale trade can trigger irreversible real-money token swaps, including losses from slippage, bad signals, or rug-pull tokens.
Why it was flagged
In live mode, the bot signs and broadcasts Jupiter swap transactions automatically.
Skill content
swapTx.sign([wallet]); const sig = await connection.sendRawTransaction(swapTx.serialize(), { skipPreflight: false, maxRetries: 3 });Recommendation
Keep paper mode enabled unless you intentionally accept the risk; require an explicit live-mode command, transaction previews, hard loss limits, and per-trade confirmation.
What this means
Users may overtrust the bot's safety claims and buy highly risky new tokens.
Why it was flagged
The advertised Pump.fun safety gate can pass a token merely for existing, which is much weaker than a robust rug-protection check.
Skill content
let score = 50; // base score — token exists ... pass: score >= 40
Recommendation
Treat the safety score as informational only; implement and document stronger checks such as liquidity, freeze/mint authority, holder distribution, and sellability.
What this means
A compromised or incompatible dependency update could run with access to the same process as wallet credentials and trade execution code.
Why it was flagged
Caret version ranges allow different dependency versions to be installed later in a process that handles private keys and blockchain transactions.
Skill content
"@solana/web3.js": "^1.98.4", "axios": "^1.13.5", "bs58": "^6.0.0", "dotenv": "^17.3.1"
Recommendation
Pin exact dependency versions, include a lockfile, audit dependencies, and run the bot in an isolated environment.
What this means
Your trading activity, wallet analysis, or bot status may be shared with Telegram or attempted externally even when alerts are not clearly configured.
Why it was flagged
Trade and wallet alert text is sent to Telegram, and the code shown does not guard against sending when optional Telegram credentials are unset.
Skill content
await axios.post(`https://api.telegram.org/bot${config.botToken}/sendMessage`, { chat_id: config.chatId, text: msg, parse_mode: 'HTML' }Recommendation
Disable or guard Telegram sends unless you explicitly configure alerts, and avoid sending sensitive trading details to third-party chats.
Findings (2)
critical
suspicious.exposed_secret_literal
- Location
- scripts/src/config.js:33
- Finding
- File appears to expose a hardcoded API secret or token.