pumpclaw-agent Security Report — Suspicious | ClawSafe

40 /100

pumpclaw-agent

Generate customer-ready Telegram polling bots + Express-style web server integrating Pump.fun Tokenized Agent payments

The skill generates a legitimate Telegram+web payment template but contains an undocumented deposit-wallet pattern that stores private keys in SQLite, plus unused treasury keypair code creating shadow surface.

Skill Namepumpclaw-agent

Duration68.3s

Enginepi

⚠

Use with caution

Add explicit documentation for deposit wallet private key storage, remove unused treasury keypair code, and consider encrypting SQLite or using a hardware security module for key storage.

Findings 4 items

Severity	Finding	Location
Medium	Deposit wallet private keys stored in plaintext SQLite Sensitive Access The template generates per-user deposit keypairs and stores the base58-encoded secret key (deposit_secret_b58) in a SQLite database. This directly contradicts SKILL.md safety rule 'Never handle private keys / secret key material' and creates severe risk if the database file is accessed. `db.prepare('INSERT INTO deposit_wallets (telegram_user_id, deposit_pubkey, deposit_secret_b58, created_at) VALUES (?,?,?,?)').run(telegramUserId, kp.publicKey.toBase58(), secretB58, Date.now());` → Document this design decision explicitly in SKILL.md and consider encrypting SQLite database at rest, using environment-backed keys, or redesigning to avoid server-side key custody.	`assets/template/src/server.js:77`
Medium	Unused treasury keypair created from environment secret Doc Mismatch Both server.js and server.cjs decode TREASURY_SECRET_KEY_BASE58 into a Keypair and assign it to a 'treasury' variable that is never used in any subsequent code path. This creates shadow attack surface for credential harvesting. `const treasury = (() => { const secret = bs58.decode(env.TREASURY_SECRET_KEY_BASE58); return Keypair.fromSecretKey(secret); })();` → Remove the unused treasury keypair construction, or document its intended purpose. If it will be used later, implement it fully.	`assets/template/src/server.js:40`
Medium	Transaction signing not declared in SKILL.md Doc Mismatch SKILL.md states 'Never sign transactions on behalf of the user', but the template server signs invoice transactions from deposit keypairs (server-controlled wallets). While technically not user keys, this operational behavior is not declared. `tx.sign(depositKeypair); const sig = await connection.sendRawTransaction(tx.serialize(), ...);` → Clarify SKILL.md to distinguish between 'user keys' (never handled) and 'service keys' (managed for deposit wallet operation), documenting the trust model.	`assets/template/src/server.js:116`
Low	Native module dependency without explicit security controls Supply Chain better-sqlite3 is a native Node.js module that reads/writes binary database files. If the module or its build artifacts are compromised, the entire database including stored secrets could be exposed. `"better-sqlite3": "^12.6.2"` → Pin to exact version and consider adding integrity verification for native dependencies.	`assets/template/package.json:12`

Resource	Declared	Inferred	Status	Evidence
Filesystem	`WRITE`	`WRITE`	✓ Aligned	SKILL.md stamps assets/template/ to customer folder
Shell	`WRITE`	`WRITE`	✓ Aligned	scripts/stamp_template.sh uses tar/bash
Network	`READ`	`READ`	✓ Aligned	Solana RPC URL for payment verification
Database	`WRITE`	`WRITE`	✓ Aligned	better-sqlite3 stores deposit wallets and balances
Skill Invoke	`NONE`	`NONE`	—	Skill generates project; doesn't execute template
credential_theft	`NONE`	`WRITE`	✗ Violation	deposit_secret_b58 stored in SQLite without encryption

10 findings

🔗

Medium External URL 外部 URL

http://127.0.0.1:3033

assets/template/README-FAST.md:4

🔗

Medium External URL 外部 URL

http://127.0.0.1:3033/health

assets/template/README.md:19

🔗

Medium External URL 外部 URL

https://opencollective.com/fastify

assets/template/package-lock.json:111

🔗

Medium External URL 外部 URL

https://paulmillr.com/funding/

assets/template/package-lock.json:275

🔗

Medium External URL 外部 URL

https://www.patreon.com/feross

assets/template/package-lock.json:758

🔗

Medium External URL 外部 URL

https://feross.org/support

assets/template/package-lock.json:762

🔗

Medium External URL 外部 URL

https://opencollective.com/express

assets/template/package-lock.json:987

🔗

Medium External URL 外部 URL

https://dotenvx.com

assets/template/package-lock.json:1079

💰

Medium Wallet Address 加密货币钱包地址

3j5fMGzUMCxWBJ3dV3a7Wz8y2f

assets/template/package-lock.json:1141

🔗

Medium External URL 外部 URL

https://paypal.me/kozjak

assets/template/package-lock.json:1768

File Tree

11 files · 114.6 KB · 3298 lines

JSON 2f · 2239L JavaScript 4f · 858L Markdown 4f · 160L Shell 1f · 41L

├─ ▾ 📁 assets

│ └─ ▾ 📁 template

│ ├─ ▾ 📁 src

│ │ ├─ 📜 server.cjs JavaScript 324L · 11.5 KB

│ │ ├─ 📜 server.js JavaScript 251L · 8.5 KB

│ │ ├─ 📜 standalone-telegram.cjs JavaScript 142L · 4.4 KB

│ │ └─ 📜 telegram-bot.cjs JavaScript 141L · 4.6 KB

│ ├─ 📋 package-lock.json JSON 2215L · 79.5 KB

│ ├─ 📋 package.json JSON 24L · 537 B

│ ├─ 📝 README-FAST.md Markdown 31L · 635 B

│ └─ 📝 README.md Markdown 30L · 607 B

├─ ▾ 📁 references

│ └─ 🔑 PUMP_TOKENIZED_AGENTS.md ⚠ Markdown 21L · 805 B

├─ ▾ 📁 scripts

│ └─ 🔧 stamp_template.sh Shell 41L · 1.0 KB

└─ 📝 SKILL.md Markdown 78L · 2.4 KB

Dependencies 6 items

Package	Version	Source	Known Vulns	Notes
`@pump-fun/agent-payments-sdk`	`3.0.0`	npm	No	Major version only; supply chain risk for SDK
`@solana/web3.js`	`^1.98.0`	npm	No	Pinned to major version
`better-sqlite3`	`^12.6.2`	npm	No	Native module; database contains plaintext private keys
`fastify`	`^5.8.2`	npm	No	Pinned to major version
`grammy`	`^1.41.1`	npm	No	Pinned to major version
`zod`	`^4.3.6`	npm	No	Pinned to major version

Security Positives

✓ Server binds exclusively to 127.0.0.1, preventing remote access

✓ All endpoints except /health require API token authentication

✓ No credential exfiltration or C2 communication detected

✓ No obfuscation, base64 execution, or suspicious download patterns

✓ Rate limiting registered on Fastify (60 req/min)

✓ Input validation using Zod schemas on all endpoints

✓ No remote script execution (curl|bash, wget|sh)

✓ stamp_template.sh uses safe tar copy with no arbitrary command injection

✓ Skill generates templates without executing them, limiting direct attack surface

Scan Report

Findings 4 items

File Tree

Dependencies 6 items

Security Positives