solana-trader
Fail
Audited by Gen Agent Trust Hub on Feb 14, 2026
Risk Level: HIGHDATA_EXFILTRATIONPROMPT_INJECTIONEXTERNAL_DOWNLOADSNO_CODE
Full Analysis
- [Data Exposure] (HIGH): The skill documentation requires setting SOLANA_KEYPAIR_PATH to ~/.config/solana/id.json. Access to this sensitive file, combined with the documented use of curl for external API communication, creates a high risk of private key exfiltration.
- [Indirect Prompt Injection] (HIGH): This skill handles high-impact financial operations (sending and swapping tokens) based on external inputs like transaction history and market data. Ingestion points include the Solana RPC and Jupiter API. No boundary markers or sanitization logic are documented, making it susceptible to malicious instructions embedded in blockchain data.
- [External Downloads] (MEDIUM): The installation process uses clawdhub install, which pulls code from an unverified remote source.
- [No Code] (INFO): Only documentation and metadata were provided; the absence of executable scripts prevents a full technical implementation audit.
Recommendations
- AI detected serious security threats
Audit Metadata