solana-agent-kit
Fail
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: CRITICALEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTIONCREDENTIALS_UNSAFECOMMAND_EXECUTION
Full Analysis
- [EXTERNAL_DOWNLOADS/REMOTE_CODE_EXECUTION] (CRITICAL): In
examples/mcp-server/README.md, the documentation provides a one-liner installation command:curl -fsSL https://raw.githubusercontent.com/sendaifun/solana-mcp/main/scripts/install.sh | bash. Piped remote execution is a critical security risk as the script can be modified at the source to execute arbitrary malicious code on the host system without prior review. - [CREDENTIALS_UNSAFE] (HIGH): Multiple files (
examples/langchain/README.md,examples/vercel-ai/README.md,examples/mcp-server/README.md) instruct users to storeSOLANA_PRIVATE_KEYin environment variables or plaintext JSON configuration files (e.g.,claude_desktop_config.json). Private keys in plaintext are susceptible to accidental exposure via logs, process listing, or unauthorized file access. - [COMMAND_EXECUTION] (HIGH): The skill provides tools that allow an LLM to perform high-value financial transactions, including
transfer,trade,bridge, and most notablysignMessageandsendTransaction. While the documentation suggests adding confirmation prompts, the code examples do not implement a programmatic 'Human-in-the-Loop' (HITL) gate at the tool execution level, meaning the agent could be manipulated into signing malicious transactions via prompt injection. - [EXTERNAL_DOWNLOADS] (MEDIUM): The skill relies on several external packages from the
solana-agent-kitecosystem andsolana-mcp. These sources are not part of the defined 'Trusted Organizations' list and should be audited for supply chain security.
Recommendations
- AI detected serious security threats
Audit Metadata