Solana Copy Trader
PassAudited by VirusTotal on May 12, 2026.
Overview
Type: OpenClaw Skill Name: solana-copy-trader Version: 1.0.0 The skill bundle is classified as suspicious due to its core functionality involving automated cryptocurrency trading with real funds, which inherently carries high financial risk. While the code includes safeguards like defaulting to paper trading and explicit warnings to use a burner wallet for live execution, it requires the user to provide a Solana private key for real transactions. This capability, though necessary for its stated purpose, represents a significant risk of financial loss if misused or if vulnerabilities exist in the bot's trading logic. There is no evidence of intentional malicious behavior such as unauthorized data exfiltration, persistence mechanisms, or prompt injection attempts against the AI agent.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
If you provide a real wallet private key, the bot can sign transactions that spend from that wallet.
This loads a Solana private key into a signing wallet, while the registry metadata declares no primary credential or env vars.
const secretKey = bs58.default.decode(process.env.PRIVATE_KEY); wallet = Keypair.fromSecretKey(secretKey);
Do not use a main wallet. Use only a new low-balance trading wallet, and require the skill to declare PRIVATE_KEY and other env vars before live use.
A copied whale trade can trigger irreversible real-money token swaps, including losses from slippage, bad signals, or rug-pull tokens.
In live mode, the bot signs and broadcasts Jupiter swap transactions automatically.
swapTx.sign([wallet]); const sig = await connection.sendRawTransaction(swapTx.serialize(), { skipPreflight: false, maxRetries: 3 });Keep paper mode enabled unless you intentionally accept the risk; require an explicit live-mode command, transaction previews, hard loss limits, and per-trade confirmation.
Users may overtrust the bot's safety claims and buy highly risky new tokens.
The advertised Pump.fun safety gate can pass a token merely for existing, which is much weaker than a robust rug-protection check.
let score = 50; // base score — token exists ... pass: score >= 40
Treat the safety score as informational only; implement and document stronger checks such as liquidity, freeze/mint authority, holder distribution, and sellability.
A compromised or incompatible dependency update could run with access to the same process as wallet credentials and trade execution code.
Caret version ranges allow different dependency versions to be installed later in a process that handles private keys and blockchain transactions.
"@solana/web3.js": "^1.98.4", "axios": "^1.13.5", "bs58": "^6.0.0", "dotenv": "^17.3.1"
Pin exact dependency versions, include a lockfile, audit dependencies, and run the bot in an isolated environment.
Your trading activity, wallet analysis, or bot status may be shared with Telegram or attempted externally even when alerts are not clearly configured.
Trade and wallet alert text is sent to Telegram, and the code shown does not guard against sending when optional Telegram credentials are unset.
await axios.post(`https://api.telegram.org/bot${config.botToken}/sendMessage`, { chat_id: config.chatId, text: msg, parse_mode: 'HTML' }Disable or guard Telegram sends unless you explicitly configure alerts, and avoid sending sensitive trading details to third-party chats.