v2.1.0

Solana Funding Rate Arbitrage

ReviewClawScan verdict for this skill. Analyzed May 1, 2026, 5:28 AM.

Analysis

This skill matches its trading-bot purpose, but it can use a Solana private key to place unattended live trades, so a user should review it carefully before installing.

GuidanceReview this as a real financial trading bot, not just a scanner. Keep `dry_run` enabled, use a dedicated low-balance wallet, avoid sharing or reusing your main private key, do not enable cron until you understand the trading logic and failure handling, and monitor positions closely if you ever switch to live trading.

Findings (7)

Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.

Abnormal behavior control

Checks for instructions or behavior that redirect the agent, misuse tools, execute unexpected code, cascade across systems, exploit user trust, or continue outside the intended task.

Tool Misuse and Exploitation

SeverityHighConfidenceHighStatusConcern

scripts/src/core/arbitrage.ts

transaction.sign(this.config.wallet); const signature = await this.connection.sendRawTransaction(transaction.serialize(), { skipPreflight: true, maxRetries: 3 });

The code signs and broadcasts Solana transactions from the configured wallet, including `skipPreflight: true`, without showing an interactive approval step.

User impactA live run can place real trades and spend funds automatically; transaction simulation checks may be skipped.

RecommendationRequire explicit confirmation for live trades, keep preflight checks enabled unless the user deliberately opts out, and enforce strict position-size and loss limits.

Cascading Failures

SeverityHighConfidenceHighStatusConcern

scripts/src/core/arbitrage.ts

const sellResult = await this.sendTransaction(sellTx); if (!sellResult.success) { // TODO: Handle partial execution - may need to manually close position logger.error('CRITICAL: Sell failed after buy succeeded!');

The arbitrage is executed in sequence, and the code explicitly notes that if the second leg fails after the first succeeds, manual cleanup may be needed.

User impactA failed second leg can leave the user with an unintended unhedged position, creating market and liquidation risk.

RecommendationUse atomic or bundled execution where possible, add automatic emergency close/hedge logic, and halt further trading after any partial execution.

Rogue Agents

SeverityMediumConfidenceHighStatusConcern

scripts/cron-runner.sh

source "$HOME/.secrets/.env" ... npx ts-node --transpile-only src/trading/auto-trader.ts >> "$LOG_FILE" 2>&1

The cron runner loads secrets and runs the auto-trader unattended; SKILL.md also instructs adding it to crontab every four hours.

User impactAfter cron setup, the bot may keep checking and trading without the user actively watching each run.

RecommendationDo not enable cron until dry-run behavior is verified, keep a clear kill switch, and periodically confirm that the cron job and wallet limits are still intended.

Human-Agent Trust Exploitation

SeverityMediumConfidenceHighStatusConcern

USER_GUIDE.md

→ Zero price risk (hedged) → Collect funding from both sides!

The guide uses very strong safety language for a leveraged perpetuals strategy, even though the same artifacts acknowledge slippage, liquidation, spread reversal, and smart-contract risk.

User impactUsers may over-trust the bot or underestimate the chance of loss when enabling live trading.

RecommendationTreat the yield and safety claims skeptically, start with small dry-run or low-balance tests, and require clearer warnings around loss and liquidation risk.

Agentic Supply Chain Vulnerabilities

SeverityLowConfidenceHighStatusNote

metadata

Source: unknown; Homepage: none; No install spec — this is an instruction-only skill.

The skill has no declared source/homepage and no registry install spec, while its docs instruct local npm installation.

User impactUsers have less provenance information when deciding whether to trust the package and its dependencies.

RecommendationReview `scripts/package.json` and `package-lock.json`, install in an isolated environment, and avoid using a real wallet until the code provenance is trusted.

Permission boundary

Checks whether tool use, credentials, dependencies, identity, account access, or inter-agent boundaries are broader than the stated purpose.

Identity and Privilege Abuse

SeverityHighConfidenceHighStatusConcern

SKILL.md

SOLANA_PRIVATE_KEY=[1,2,3,...]  # Or use wallet file; SOLANA_WALLET_PATH=/path/to/wallet.json

Live trading requires a raw Solana private key or wallet file, which can authorize transactions from the user's wallet; this is not declared as a primary credential in the registry metadata.

User impactIf live mode is run with a real wallet, the skill can authorize trades that may lose funds or expose the wallet to transaction risk.

RecommendationUse only a new, low-balance trading wallet; keep dry-run enabled until fully reviewed; and require the skill metadata to clearly declare wallet/private-key access.

Sensitive data protection

Checks for exposed credentials, poisoned memory or context, unclear communication boundaries, or sensitive data that could leave the user's control.

Memory and Context Poisoning

SeverityLowConfidenceHighStatusNote

SKILL.md

~/.clawd/funding-arb/ positions.json ... history.json ... trader-state.json ... logs/

The skill stores current positions, trade history, bot state, and logs locally for reuse across runs.

User impactThese files may reveal trading activity and can influence future automated trading behavior.

RecommendationProtect the directory permissions, avoid syncing it to public/cloud locations, and review or reset state files before restarting live automation.