Skills
skills/agiprolabs/claude-trading-skills/solanatracker-api/Gen Agent Trust Hub

solanatracker-api

Fail

Audited by Gen Agent Trust Hub on Mar 21, 2026

Risk Level: HIGHEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONCREDENTIALS_UNSAFEPROMPT_INJECTION
Full Analysis
  • [EXTERNAL_DOWNLOADS]: The skill provides instructions in references/raptor_setup.md to clone a third-party repository (https://github.com/solanatracker/raptor-binary) containing an external binary.
  • [COMMAND_EXECUTION]: The setup guide instructs users to grant execution permissions (chmod +x raptor) and run the external binary (./raptor) locally. Executing opaque binaries from unverified sources poses a significant security risk.
  • [CREDENTIALS_UNSAFE]: The skill and its associated scripts (scripts/wallet_pnl.py, references/raptor_setup.md) handle highly sensitive credentials, including a Solana PRIVATE_KEY for transaction signing and a SOLANATRACKER_API_KEY for API access.
  • [PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection via attacker-controlled data. Ingestion points: Token metadata (names, symbols, risk descriptions) fetched from the SolanaTracker API in scripts/token_analysis.py. Boundary markers: Absent; data is interpolated directly into report outputs. Capability inventory: Scripts output fetched data to the console where it is processed by the agent. Sanitization: None; the skill does not filter or sanitize external token strings before display.
Recommendations
  • AI detected serious security threats
Audit Metadata
Risk Level
HIGH
Analyzed
Mar 21, 2026, 02:36 PM