carbium
Carbium provides a robust infrastructure for building on Solana, offering low-latency RPC, gasless swaps, and DEX aggregation.
Install this skill
or
0/100
Security score
The carbium skill was audited on Jun 12, 2026 and we found 11 security issues across 3 threat categories, including 5 critical. Review the findings below before installing.
Categories Tested
Security Issues
critical line 551
Instruction to display credentials
SourceSKILL.md
| 549 | |---|---|---| |
| 550 | | `src_mint` | Yes | Input token mint address | |
| 551 | | `dst_mint` | Yes | Output token mint address | |
| 552 | | `amount_in` | Yes | Input amount in smallest unit (lamports) | |
| 553 | | `slippage_bps` | Yes | Slippage tolerance in basis points | |
critical line 592
Instruction to display credentials
SourceSKILL.md
| 590 | |---|---|---| |
| 591 | | `fromMint` | Yes | Input token mint | |
| 592 | | `toMint` | Yes | Output token mint | |
| 593 | | `amount` | Yes | Input amount in smallest unit | |
| 594 | | `slippage` | Yes | Slippage in basis points | |
critical line 608
Instruction to display credentials
SourceSKILL.md
| 606 | | `owner` | Yes | Wallet address of the user | |
| 607 | | `fromMint` | Yes | Input token mint | |
| 608 | | `toMint` | Yes | Output token mint | |
| 609 | | `amount` | Yes | Input amount in smallest unit | |
| 610 | | `slippage` | Yes | Slippage in basis points | |
critical line 617
Instruction to display credentials
SourceSKILL.md
| 615 | | `priorityMicroLamports` | No | Compute unit price for priority fees | |
| 616 | | `mevSafe` | No | If true, includes Jito tip instruction | |
| 617 | | `gasless` | No | If true, gasless swap (output token must be SOL) | |
| 618 | |
| 619 | Returns a base64-encoded serialized transaction. Deserialize, sign, then submit via RPC. |
critical line 721
Instruction to display credentials
SourceSKILL.md
| 719 | ### Constraint |
| 720 | |
| 721 | Gasless swaps require the **output token to be SOL**. Set `gasless: true` on the `/swap` endpoint. |
| 722 | |
| 723 | ### When to Use |
medium line 669
Node.js base64 decode
SourceSKILL.md
| 667 | |
| 668 | // 2. Deserialize and sign |
| 669 | const tx = VersionedTransaction.deserialize(Buffer.from(transaction, "base64")); |
| 670 | // tx.sign([yourKeypair]); |
| 671 |
medium line 842
Node.js base64 decode
SourceSKILL.md
| 840 | }); |
| 841 | const { result } = await res.json(); |
| 842 | const data = Buffer.from(result.value.data[0], "base64"); |
| 843 | return { |
| 844 | virtualTokenReserves: data.readBigUInt64LE(8), |
medium line 557
Fetch to external URL
SourceSKILL.md
| 555 | |
| 556 | ```typescript |
| 557 | const quote = await fetch( |
| 558 | "https://api.carbium.io/api/v2/quote" + |
| 559 | "?src_mint=So11111111111111111111111111111111111111112" + |
medium line 658
Fetch to external URL
SourceSKILL.md
| 656 | |
| 657 | // 1. Get swap transaction |
| 658 | const res = await fetch( |
| 659 | "https://api.carbium.io/api/v2/swap" + |
| 660 | "?owner=YOUR_WALLET_ADDRESS" + |
medium line 734
Fetch to external URL
SourceSKILL.md
| 732 | |
| 733 | ```typescript |
| 734 | const res = await fetch( |
| 735 | "https://api.carbium.io/api/v2/swap" + |
| 736 | "?owner=WALLET&fromMint=USDC_MINT&toMint=SOL_MINT" + |
medium line 832
Fetch to external URL
SourceSKILL.md
| 830 | |
| 831 | async function fetchBondingCurve(address: PublicKey) { |
| 832 | const res = await fetch(`https://rpc.carbium.io/?apiKey=${process.env.CARBIUM_RPC_KEY}`, { |
| 833 | method: "POST", |
| 834 | headers: { "Content-Type": "application/json" }, |
Scanned on Jun 12, 2026
View Security DashboardRate this skill
Categorydevelopment
UpdatedJune 15, 2026
openclawapibackendbackend-developerdata-engineerproduct-managergrowth-pmdevops-sredevelopmentproduct
dattb-birdeye/skills