
Research
/Security News
11 Malicious NuGet Tools Pose as Game Cheats to Drop a Windows Host-Surveillance Payload
11 malicious NuGet tools pose as game cheats to deploy Windows payloads, track hosts, and use Google Sheets for telemetry and control.
solana-clawd
Advanced tools
HERMES x402 — Solana-Native Agentic Harness. First private x402 AI agent with OODA loop, pay.sh confidential payments, Google A2A protocol, dark DeFi intelligence, and Nous Research model routing.
Solana-native agent terminal and MCP server for hackathon demos, operator workflows, and viral onboarding.
One command:
curl -fsSL https://install.solanaclawd.com | bash
Or from npm:
npm install -g solana-clawd
clawd
clawd starts the HERMES terminal.clawd mcp starts the local MCP stdio server.clawd mcp:http starts the MCP HTTP server.clawd doctor verifies the install.curl, npm, run.npm run setup
npm run hermes
export NPM_TOKEN=...
npm run publish:npm
install.solanaclawd.com should serve scripts/install.sh as its root response.
FAQs
HERMES x402 — Solana-Native Agentic Harness. First private x402 AI agent with OODA loop, pay.sh confidential payments, Google A2A protocol, dark DeFi intelligence, and Nous Research model routing.
The npm package solana-clawd receives a total of 24 weekly downloads. As such, solana-clawd popularity was classified as not popular.
We found that solana-clawd demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?

Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.

Research
/Security News
11 malicious NuGet tools pose as game cheats to deploy Windows payloads, track hosts, and use Google Sheets for telemetry and control.

Research
/Security News
4 compromised asyncapi packages deliver miasma botnet loader on macOS, Linux and Windows.

Research
/Security News
A compromised jscrambler npm release added a malicious preinstall hook that runs hidden native binaries on Linux, macOS, and Windows.