kamino

The manifest describes expected functionality for an on-chain Solana agent that must sign transactions; the requirement for SOLANA_PRIVATE_KEY is consistent with the features but constitutes a high-risk operation if the runtime is untrusted. No explicit malicious code, obfuscation, hard-coded credentials, or suspicious domains are present in the provided text. Because implementation details are absent, treat the package as potentially high-risk in practice: review the implementation for any key-exfiltration paths, logging of secrets, or outbound connections besides the configured SOLANA_RPC_URL before use. Use hardware or remote signers and trusted runtimes for accounts with real funds.