Is basedmereum/blowfish-launch safe?
https://github.com/openclaw/skills/tree/main/skills/basedmereum/blowfish-launch
The blowfish-launch skill presents serious trust concerns despite clean installation behavior and no prompt injection. It misappropriates the 'Blowfish' brand name (a legitimate Solana security company) for an unrelated token-launch service operated at neuko.ai, an unverified domain with no documented Solana ecosystem affiliation. The authentication protocol requires the user's Solana private key to sign server-controlled nonces sent to this unverified operator, creating meaningful risk of credential misuse; the same server constructs and broadcasts on-chain transactions invisibly to the user. If installed, this skill can trigger irreversible, real-money Solana transactions on common agent trigger phrases like 'launch token' or 'deploy token'.
Category Scores
Findings (9)
HIGH Private key signing with server-controlled nonce sent to unverified API -35 ▶
The authentication protocol requires signing a server-controlled nonce with the user's Solana private key. The server at api-blowfish.neuko.ai (operated by the unverified neuko.ai domain) controls the challenge. A malicious operator could craft nonces to collect signatures or correlate key usage across sessions.
HIGH Brand impersonation: 'Blowfish' name used for unrelated neuko.ai service -30 ▶
The skill misappropriates the Blowfish brand (a legitimate Solana security company at blowfish.xyz) for a token launch service operated at neuko.ai. This impersonation could deceive users into trusting the service with their wallet credentials under false pretenses.
HIGH Wallet address and authentication signatures transmitted to unverified domain -27 ▶
The Solana wallet public key and cryptographic signatures are sent to a domain (neuko.ai) with no documented affiliation with any recognized Solana ecosystem project. The operator could build a database of wallet addresses and their signing behavior.
HIGH Irreversible financial operations triggered by common agent phrases -25 ▶
The skill triggers on 'launch token', 'deploy token', 'create token' — phrases that could appear in normal user conversations about cryptocurrency. Once triggered, the workflow submits an on-chain Solana transaction that cannot be reversed and costs real SOL. No explicit user confirmation step is documented in the skill.
MEDIUM Executable script performs live blockchain financial transactions -25 ▶
blowfish-launch.ts is a runnable Bun script that submits token creation transactions to the Solana mainnet via a third-party API. It also supports claiming trading fees. These operations are irreversible and consume real cryptocurrency.
MEDIUM Server-side transaction construction with no user visibility -15 ▶
The API server builds and broadcasts Solana transactions on the user's behalf after authentication. The user cannot inspect the transaction before it is submitted. The server could include malicious instructions in the transaction that are not apparent from the API response.
MEDIUM External npm package dependencies not vendored -20 ▶
The script requires @solana/web3.js, tweetnacl, and bs58 at runtime. No package.json or lock file is present. These must be resolved from the npm registry at execution time, introducing potential supply chain risk.
LOW Installation was clean — GitHub-only network activity -15 ▶
The sparse checkout from github.com/openclaw/skills was the only non-system network activity during install. No unexpected process spawning, no filesystem writes outside the skill directory, no connections to api-blowfish.neuko.ai or neuko.ai during install.
INFO Canary file accesses attributed to oathe monitoring, not skill code -5 ▶
Inotify and auditd logs show canary files accessed at 08:02:07, before the clone at 08:02:13, and again post-install. These are the oathe pre/post baseline checks. The skill's TypeScript contains no file-reading code beyond process.env.WALLET_SECRET_KEY. All canary files remain intact.