gluex-interaction Security Report — Low Risk | ClawSafe

15 /100

gluex-interaction

Operate the GlueX Solana protocol (register profiles, listen to bounties, claim tasks, approve rewards, map social graph connections) directly from the CLI

合法的 Solana GlueX 协议 CLI 交互工具，代码与文档一致，无阴影功能或恶意行为

Skill Namegluex-interaction

Duration41.4s

Enginepi

✓

Safe to install

可安全使用。注意：package.json 依赖建议锁定版本以防供应链风险。

Findings 2 items

Severity	Finding	Location
Low	依赖版本未锁定 Supply Chain package.json 中主要依赖使用 ^ 或无版本锁定 (如 @coral-xyz/anchor: ^0.29.0, @solana/web3.js: ^1.89.0)，npm install 可能拉取非确定性版本 `"@coral-xyz/anchor": "^0.29.0"` → 建议使用精确版本或 lockfile，确保可复现构建	`scripts/package.json:7`
Low	读取 Solana 私钥路径 Sensitive Access 代码访问 ~/.config/solana/id.json 加载密钥对进行交易签名，这是加密货币操作的必要行为 `const keypairPath = path.resolve(os.homedir(), '.config/solana/id.json')` → 已在 SKILL.md 中声明并警告不要处理用户私钥，属正常操作	`scripts/interact.ts:16`

Resource	Declared	Inferred	Status	Evidence
Filesystem	`READ`	`READ`	✓ Aligned	scripts/interact.ts:16 读取 ~/.config/solana/id.json
Network	`READ`	`READ`	✓ Aligned	scripts/interact.ts:22 连接 api.devnet.solana.com
Shell	`NONE`	`NONE`	—	无 subprocess 或 shell 执行
Environment	`NONE`	`NONE`	—	无 os.environ 访问

103 findings

🔗

Medium External URL 外部 URL

https://img.shields.io/twitter/follow/gluex_protocol?style=social&label=Follow

SKILL.md:16

🔗

Medium External URL 外部 URL

https://x.com/gluex_protocol

SKILL.md:16

🔗

Medium External URL 外部 URL

https://img.shields.io/badge/Telegram-GlueX_Builders-blue

SKILL.md:16

🔗

Medium External URL 外部 URL

https://t.me/gluex_protocol

SKILL.md:16

🔗

Medium External URL 外部 URL

https://img.shields.io/badge/Website-gluex.ai-green

SKILL.md:16

🔗

Medium External URL 外部 URL

https://ai-chen2050.github.io/gluex

SKILL.md:16

🔗

Medium External URL 外部 URL

https://img.shields.io/badge/github-gluex-green

SKILL.md:17

🔗

Medium External URL 外部 URL

https://img.shields.io/badge/ClawHub-Read-orange

SKILL.md:18

🔗

Medium External URL 外部 URL

https://clawhub.ai/ai-chen2050/gluex

SKILL.md:18

🔗

Medium External URL 外部 URL

https://api.devnet.solana.com

scripts/interact.ts:22

🔗

Medium External URL 外部 URL

https://registry.npmmirror.com/@babel/runtime/-/runtime-7.29.2.tgz

scripts/package-lock.json:22

🔗

Medium External URL 外部 URL

https://registry.npmmirror.com/@coral-xyz/anchor/-/anchor-0.29.0.tgz

scripts/package-lock.json:30

🔗

Medium External URL 外部 URL

https://registry.npmmirror.com/@coral-xyz/borsh/-/borsh-0.29.0.tgz

scripts/package-lock.json:54

🔗

Medium External URL 外部 URL

https://registry.npmmirror.com/@cspotcode/source-map-support/-/source-map-support-0.8.1.tgz

scripts/package-lock.json:69

🔗

Medium External URL 外部 URL

https://registry.npmmirror.com/@jridgewell/resolve-uri/-/resolve-uri-3.1.2.tgz

scripts/package-lock.json:80

🔗

Medium External URL 外部 URL

https://registry.npmmirror.com/@jridgewell/sourcemap-codec/-/sourcemap-codec-1.5.5.tgz

scripts/package-lock.json:88

🔗

Medium External URL 外部 URL

https://registry.npmmirror.com/@jridgewell/trace-mapping/-/trace-mapping-0.3.9.tgz

scripts/package-lock.json:93

🔗

Medium External URL 外部 URL

https://registry.npmmirror.com/@noble/curves/-/curves-1.9.7.tgz

scripts/package-lock.json:102

🔗

Medium External URL 外部 URL

https://paulmillr.com/funding/

scripts/package-lock.json:111

🔗

Medium External URL 外部 URL

https://registry.npmmirror.com/@noble/hashes/-/hashes-1.8.0.tgz

scripts/package-lock.json:116

🔗

Medium External URL 外部 URL

https://registry.npmmirror.com/@solana/buffer-layout/-/buffer-layout-4.0.1.tgz

scripts/package-lock.json:127

🔗

Medium External URL 外部 URL

https://registry.npmmirror.com/@solana/codecs-core/-/codecs-core-2.3.0.tgz

scripts/package-lock.json:138

🔗

Medium External URL 外部 URL

https://registry.npmmirror.com/@solana/codecs-numbers/-/codecs-numbers-2.3.0.tgz

scripts/package-lock.json:152

🔗

Medium External URL 外部 URL

https://registry.npmmirror.com/@solana/errors/-/errors-2.3.0.tgz

scripts/package-lock.json:167

🔗

Medium External URL 外部 URL

https://registry.npmmirror.com/@solana/web3.js/-/web3.js-1.98.4.tgz

scripts/package-lock.json:185

🔗

Medium External URL 外部 URL

https://registry.npmmirror.com/superstruct/-/superstruct-2.0.2.tgz

scripts/package-lock.json:207

🔗

Medium External URL 外部 URL

https://registry.npmmirror.com/@swc/helpers/-/helpers-0.5.19.tgz

scripts/package-lock.json:215

🔗

Medium External URL 外部 URL

https://registry.npmmirror.com/@tsconfig/node10/-/node10-1.0.12.tgz

scripts/package-lock.json:223

🔗

Medium External URL 外部 URL

https://registry.npmmirror.com/@tsconfig/node12/-/node12-1.0.11.tgz

scripts/package-lock.json:228

🔗

Medium External URL 外部 URL

https://registry.npmmirror.com/@tsconfig/node14/-/node14-1.0.3.tgz

scripts/package-lock.json:233

🔗

Medium External URL 外部 URL

https://registry.npmmirror.com/@tsconfig/node16/-/node16-1.0.4.tgz

scripts/package-lock.json:238

🔗

Medium External URL 外部 URL

https://registry.npmmirror.com/@types/connect/-/connect-3.4.38.tgz

scripts/package-lock.json:243

🔗

Medium External URL 外部 URL

https://registry.npmmirror.com/@types/node/-/node-25.5.0.tgz

scripts/package-lock.json:251

🔗

Medium External URL 外部 URL

https://registry.npmmirror.com/@types/uuid/-/uuid-10.0.0.tgz

scripts/package-lock.json:259

🔗

Medium External URL 外部 URL

https://registry.npmmirror.com/@types/ws/-/ws-7.4.7.tgz

scripts/package-lock.json:264

🔗

Medium External URL 外部 URL

https://registry.npmmirror.com/acorn/-/acorn-8.16.0.tgz

scripts/package-lock.json:272

🔗

Medium External URL 外部 URL

https://registry.npmmirror.com/acorn-walk/-/acorn-walk-8.3.5.tgz

scripts/package-lock.json:283

🔗

Medium External URL 外部 URL

https://registry.npmmirror.com/agentkeepalive/-/agentkeepalive-4.6.0.tgz

scripts/package-lock.json:294

🔗

Medium External URL 外部 URL

https://registry.npmmirror.com/arg/-/arg-4.1.3.tgz

scripts/package-lock.json:305

🔗

Medium External URL 外部 URL

https://registry.npmmirror.com/base-x/-/base-x-3.0.11.tgz

scripts/package-lock.json:310

🔗

Medium External URL 外部 URL

https://registry.npmmirror.com/base64-js/-/base64-js-1.5.1.tgz

scripts/package-lock.json:318

🔗

Medium External URL 外部 URL

https://www.patreon.com/feross

scripts/package-lock.json:327

🔗

Medium External URL 外部 URL

https://feross.org/support

scripts/package-lock.json:331

🔗

Medium External URL 外部 URL

https://registry.npmmirror.com/bn.js/-/bn.js-5.2.3.tgz

scripts/package-lock.json:337

🔗

Medium External URL 外部 URL

https://registry.npmmirror.com/borsh/-/borsh-0.7.0.tgz

scripts/package-lock.json:342

🔗

Medium External URL 外部 URL

https://registry.npmmirror.com/bs58/-/bs58-4.0.1.tgz

scripts/package-lock.json:352

🔗

Medium External URL 外部 URL

https://registry.npmmirror.com/buffer/-/buffer-6.0.3.tgz

scripts/package-lock.json:360

🔗

Medium External URL 外部 URL

https://registry.npmmirror.com/buffer-layout/-/buffer-layout-1.2.2.tgz

scripts/package-lock.json:383

🔗

Medium External URL 外部 URL

https://registry.npmmirror.com/bufferutil/-/bufferutil-4.1.0.tgz

scripts/package-lock.json:391

🔗

Medium External URL 外部 URL

https://registry.npmmirror.com/camelcase/-/camelcase-6.3.0.tgz

scripts/package-lock.json:404

🔗

Medium External URL 外部 URL

https://registry.npmmirror.com/chalk/-/chalk-5.6.2.tgz

scripts/package-lock.json:415

🔗

Medium External URL 外部 URL

https://registry.npmmirror.com/commander/-/commander-14.0.3.tgz

scripts/package-lock.json:426

🔗

Medium External URL 外部 URL

https://registry.npmmirror.com/create-require/-/create-require-1.1.1.tgz

scripts/package-lock.json:434

🔗

Medium External URL 外部 URL

https://registry.npmmirror.com/cross-fetch/-/cross-fetch-3.2.0.tgz

scripts/package-lock.json:439

🔗

Medium External URL 外部 URL

https://registry.npmmirror.com/crypto-hash/-/crypto-hash-1.3.0.tgz

scripts/package-lock.json:447

🔗

Medium External URL 外部 URL

https://registry.npmmirror.com/delay/-/delay-5.0.0.tgz

scripts/package-lock.json:458

🔗

Medium External URL 外部 URL

https://registry.npmmirror.com/diff/-/diff-4.0.4.tgz

scripts/package-lock.json:469

🔗

Medium External URL 外部 URL

https://registry.npmmirror.com/dot-case/-/dot-case-3.0.4.tgz

scripts/package-lock.json:477

🔗

Medium External URL 外部 URL

https://registry.npmmirror.com/es6-promise/-/es6-promise-4.2.8.tgz

scripts/package-lock.json:486

🔗

Medium External URL 外部 URL

https://registry.npmmirror.com/es6-promisify/-/es6-promisify-5.0.0.tgz

scripts/package-lock.json:491

🔗

Medium External URL 外部 URL

https://registry.npmmirror.com/eventemitter3/-/eventemitter3-4.0.7.tgz

scripts/package-lock.json:499

🔗

Medium External URL 外部 URL

https://registry.npmmirror.com/eyes/-/eyes-0.1.8.tgz

scripts/package-lock.json:504

🔗

Medium External URL 外部 URL

https://registry.npmmirror.com/fast-stable-stringify/-/fast-stable-stringify-1.0.0.tgz

scripts/package-lock.json:512

🔗

Medium External URL 外部 URL

https://registry.npmmirror.com/humanize-ms/-/humanize-ms-1.2.1.tgz

scripts/package-lock.json:517

🔗

Medium External URL 外部 URL

https://registry.npmmirror.com/ieee754/-/ieee754-1.2.1.tgz

scripts/package-lock.json:525

🔗

Medium External URL 外部 URL

https://registry.npmmirror.com/isomorphic-ws/-/isomorphic-ws-4.0.1.tgz

scripts/package-lock.json:544

🔗

Medium External URL 外部 URL

https://registry.npmmirror.com/jayson/-/jayson-4.3.0.tgz

scripts/package-lock.json:552

🔗

Medium External URL 外部 URL

https://registry.npmmirror.com/@types/node/-/node-12.20.55.tgz

scripts/package-lock.json:577

🔗

Medium External URL 外部 URL

https://registry.npmmirror.com/commander/-/commander-2.20.3.tgz

scripts/package-lock.json:582

🔗

Medium External URL 外部 URL

https://registry.npmmirror.com/json-stringify-safe/-/json-stringify-safe-5.0.1.tgz

scripts/package-lock.json:587

🔗

Medium External URL 外部 URL

https://registry.npmmirror.com/lower-case/-/lower-case-2.0.2.tgz

scripts/package-lock.json:592

🔗

Medium External URL 外部 URL

https://registry.npmmirror.com/make-error/-/make-error-1.3.6.tgz

scripts/package-lock.json:600

🔗

Medium External URL 外部 URL

https://registry.npmmirror.com/ms/-/ms-2.1.3.tgz

scripts/package-lock.json:605

🔗

Medium External URL 外部 URL

https://registry.npmmirror.com/no-case/-/no-case-3.0.4.tgz

scripts/package-lock.json:610

🔗

Medium External URL 外部 URL

https://registry.npmmirror.com/node-fetch/-/node-fetch-2.7.0.tgz

scripts/package-lock.json:619

🔗

Medium External URL 外部 URL

https://registry.npmmirror.com/node-gyp-build/-/node-gyp-build-4.8.4.tgz

scripts/package-lock.json:638

🔗

Medium External URL 外部 URL

https://registry.npmmirror.com/pako/-/pako-2.1.0.tgz

scripts/package-lock.json:649

🔗

Medium External URL 外部 URL

https://registry.npmmirror.com/rpc-websockets/-/rpc-websockets-9.3.6.tgz

scripts/package-lock.json:654

🔗

Medium External URL 外部 URL

https://paypal.me/kozjak

scripts/package-lock.json:667

🔗

Medium External URL 外部 URL

https://registry.npmmirror.com/@types/ws/-/ws-8.18.1.tgz

scripts/package-lock.json:676

🔗

Medium External URL 外部 URL

https://registry.npmmirror.com/eventemitter3/-/eventemitter3-5.0.4.tgz

scripts/package-lock.json:684

🔗

Medium External URL 外部 URL

https://registry.npmmirror.com/utf-8-validate/-/utf-8-validate-6.0.6.tgz

scripts/package-lock.json:689

🔗

Medium External URL 外部 URL

https://registry.npmmirror.com/uuid/-/uuid-11.1.0.tgz

scripts/package-lock.json:702

🔗

Medium External URL 外部 URL

https://registry.npmmirror.com/ws/-/ws-8.19.0.tgz

scripts/package-lock.json:714

🔗

Medium External URL 外部 URL

https://registry.npmmirror.com/safe-buffer/-/safe-buffer-5.2.1.tgz

scripts/package-lock.json:734

🔗

Medium External URL 外部 URL

https://registry.npmmirror.com/snake-case/-/snake-case-3.0.4.tgz

scripts/package-lock.json:753

🔗

Medium External URL 外部 URL

https://registry.npmmirror.com/stream-chain/-/stream-chain-2.2.5.tgz

scripts/package-lock.json:762

🔗

Medium External URL 外部 URL

https://registry.npmmirror.com/stream-json/-/stream-json-1.9.1.tgz

scripts/package-lock.json:767

🔗

Medium External URL 外部 URL

https://registry.npmmirror.com/superstruct/-/superstruct-0.15.5.tgz

scripts/package-lock.json:775

🔗

Medium External URL 外部 URL

https://registry.npmmirror.com/text-encoding-utf-8/-/text-encoding-utf-8-1.0.2.tgz

scripts/package-lock.json:780

🔗

Medium External URL 外部 URL

https://registry.npmmirror.com/toml/-/toml-3.0.0.tgz

scripts/package-lock.json:785

🔗

Medium External URL 外部 URL

https://registry.npmmirror.com/tr46/-/tr46-0.0.3.tgz

scripts/package-lock.json:790

🔗

Medium External URL 外部 URL

https://registry.npmmirror.com/ts-node/-/ts-node-10.9.2.tgz

scripts/package-lock.json:795

🔗

Medium External URL 外部 URL

https://registry.npmmirror.com/tslib/-/tslib-2.8.1.tgz

scripts/package-lock.json:837

🔗

Medium External URL 外部 URL

https://registry.npmmirror.com/typescript/-/typescript-5.9.3.tgz

scripts/package-lock.json:842

🔗

Medium External URL 外部 URL

https://registry.npmmirror.com/undici-types/-/undici-types-7.18.2.tgz

scripts/package-lock.json:854

🔗

Medium External URL 外部 URL

https://registry.npmmirror.com/utf-8-validate/-/utf-8-validate-5.0.10.tgz

scripts/package-lock.json:859

🔗

Medium External URL 外部 URL

https://registry.npmmirror.com/uuid/-/uuid-8.3.2.tgz

scripts/package-lock.json:873

🔗

Medium External URL 外部 URL

https://registry.npmmirror.com/v8-compile-cache-lib/-/v8-compile-cache-lib-3.0.1.tgz

scripts/package-lock.json:881

🔗

Medium External URL 外部 URL

https://registry.npmmirror.com/webidl-conversions/-/webidl-conversions-3.0.1.tgz

scripts/package-lock.json:886

🔗

Medium External URL 外部 URL

https://registry.npmmirror.com/whatwg-url/-/whatwg-url-5.0.0.tgz

scripts/package-lock.json:891

🔗

Medium External URL 外部 URL

https://registry.npmmirror.com/ws/-/ws-7.5.10.tgz

scripts/package-lock.json:900

🔗

Medium External URL 外部 URL

https://registry.npmmirror.com/yn/-/yn-3.1.1.tgz

scripts/package-lock.json:920

File Tree

5 files · 49.0 KB · 1288 lines

JSON 3f · 954L TypeScript 1f · 247L Markdown 1f · 87L

├─ ▾ 📁 scripts

│ ├─ 📜 interact.ts TypeScript 247L · 9.1 KB

│ ├─ 📋 package-lock.json JSON 927L · 34.8 KB

│ ├─ 📋 package.json JSON 15L · 366 B

│ └─ 📋 tsconfig.json JSON 12L · 250 B

└─ 📝 SKILL.md Markdown 87L · 4.5 KB

Dependencies 3 items

Package	Version	Source	Known Vulns	Notes
`@coral-xyz/anchor`	`^0.29.0`	npm	No	无版本锁定
`@solana/web3.js`	`^1.89.0`	npm	No	无版本锁定
`ts-node`	`^10.9.2`	npm	No	无版本锁定

Security Positives

✓ 文档与代码功能完全一致，无阴影功能

✓ 代码结构清晰，无混淆或编码执行

✓ 使用 npm 官方包 @coral-xyz/anchor 和 @solana/web3.js，可追溯来源

✓ 有 package-lock.json 确保依赖确定性

✓ 文档明确警告安全风险（不要打印私钥、测试用 Devnet）

✓ 无凭证收割、远程执行、数据外泄等高危行为

✓ 连接 Devnet 而非 Mainnet，降低资金风险

Scan Report

Findings 2 items

File Tree

Dependencies 3 items

Security Positives