← Back to Skills Marketplace
solana-skill
by
chattyClaw
· GitHub ↗
· v1.0.0
2359
Downloads
3
Stars
12
Active Installs
1
Versions
Install in OpenClaw
/install solana-basics
Description
Interact with Solana blockchain via Helius APIs. Create/manage wallets, check balances (SOL + tokens), send transactions, swap tokens via Jupiter, and monitor addresses. Use for any Solana blockchain operation, crypto wallet management, token transfers, DeFi swaps, or portfolio tracking.
Usage Guidance
Key points to consider before installing or running this skill:
- It requires a Helius API key stored in ~/.config/solana-skill/config.json, but the registry metadata does not declare this — you must create that file yourself or the skill will fail. Do not paste your key into a public place.
- The wallet encryption uses a default password derived from environment values (USER + HOME hashed). That is predictable and weak: change the implementation to require a user-supplied passphrase or use a hardware/external signer before storing real funds. Do NOT rely on the default behavior if you care about secrecy.
- The skill writes encrypted wallets and logs to ~/.config/solana-skill; ensure filesystem permissions are restricted and back up keys securely. Consider using external signing (hardware wallet) instead of importing private keys into this tool.
- The references allow creating webhooks pointing at arbitrary endpoints; if you enable webhook functionality, only register endpoints you control and review what activity is being forwarded to avoid leaking address activity to third parties.
- There are mentions of regional Helius sender endpoints over HTTP in the docs — verify the endpoints the code actually uses (the code uses getRpcUrl → HTTPS) and avoid using non-TLS endpoints.
- Before trusting with substantial funds: (1) review and if needed modify getDefaultPassword to prompt for a passphrase; (2) run the code locally and inspect it; (3) test sending small amounts first; (4) consider running in an isolated environment.
If you want, I can (a) point out the exact lines you should change to require a passphrase prompt, (b) produce a minimal checklist to safely run this skill, or (c) create a patched version that prompts for a user password instead of deriving one from env vars.
Capability Analysis
Type: OpenClaw Skill
Name: solana-basics
Version: 1.0.0
The skill bundle is classified as benign. All code and documentation align with the stated purpose of interacting with the Solana blockchain via Helius and Jupiter APIs. There is no evidence of intentional harmful behavior such as data exfiltration, malicious execution, persistence, or prompt injection against the agent. Sensitive data like private keys are encrypted at rest using a machine-derived key (as detailed in `scripts/wallet.ts` and `references/security.md`), and file permissions are set securely. All network calls are to legitimate Solana ecosystem endpoints (Helius RPC, Jupiter API) for core functionality.
Capability Assessment
Purpose & Capability
Name/description match the code and SKILL.md: wallet creation, balance lookups via Helius/DAS, sends, and Jupiter swaps are implemented. However the registry metadata declared no required credentials or config, while the code and SKILL.md require a heliusApiKey stored in ~/.config/solana-skill/config.json and will error if it's missing. That mismatch (declaring no required credential while the skill will not function without an API key file) is an incoherence users should know about.
Instruction Scope
SKILL.md and code stay within the stated domain (Solana + Helius + Jupiter) and do not read arbitrary system files. However: (1) the wallet module derives an encryption password from process.env.USER and process.env.HOME (getDefaultPassword), which implicitly uses environment data not declared in the metadata and results in predictable/weak encryption; (2) references include webhook creation with arbitrary webhookURL (the code exposes a path to register webhooks that can post to any endpoint) — that enables sending on-chain events to external endpoints if the user configures it; and (3) some reference endpoints list non-HTTPS regional Helius sender URLs (http), which is an operational/security note. The instructions are otherwise explicit rather than vague, but the agent/code will create persistent config and wallet files and rely on a non-secret machine-derived password unless the user changes behavior.
Install Mechanism
There is no install spec (instruction-only at registry level) and all code is present in the bundle. No external arbitrary download or archive extraction occurs during install. package.json lists reasonable dependencies (@solana/web3.js, helius-sdk, etc.). Risk is limited to running the included scripts (npx tsx) — evaluate those scripts before running.
Credentials
The skill does not declare required environment variables or a primary credential in the registry, but it requires a Helius API key stored in a config file (~/.config/solana-skill/config.json). The code also implicitly uses process.env.USER and process.env.HOME to derive a default wallet password (not documented as a required secret), which is disproportionate: deriving encryption secrets from predictable environment values is weak and surprising. Other than that, the skill does not request unrelated cloud credentials. The discrepancy between declared requirements and actual file/env access is the main proportionality issue.
Persistence & Privilege
The skill creates and reads persistent files under ~/.config/solana-skill (config.json, wallets/, logs). That is expected for a wallet manager, but it's a significant persistent presence on disk and stores encrypted private keys. always:false (normal) and the skill does not modify other skills or global agent settings. Users should be aware these files are long-lived and control their filesystem permissions and backups.
How to Use
- Make sure OpenClaw is installed (local or Docker)
- Run the install command in chat:
/install solana-basics - After installation, invoke the skill by name or use
/solana-basics - Provide required inputs per the skill's parameter spec and get structured output
Version History
v1.0.0
Initial release – powerful Solana blockchain interaction using Helius APIs.
- Create, import, and manage wallets with secure encrypted storage.
- Check SOL and token balances, view portfolios and NFTs, and monitor addresses.
- Send SOL and SPL tokens, including transaction history and fee estimation.
- Swap tokens via Jupiter with quote retrieval and slippage protection.
- Modular scripts and docs: detailed Helius, Jupiter and security references included.
Metadata
Frequently Asked Questions
What is solana-skill?
Interact with Solana blockchain via Helius APIs. Create/manage wallets, check balances (SOL + tokens), send transactions, swap tokens via Jupiter, and monitor addresses. Use for any Solana blockchain operation, crypto wallet management, token transfers, DeFi swaps, or portfolio tracking. It is an AI Agent Skill for Claude Code / OpenClaw, with 2359 downloads so far.
How do I install solana-skill?
Run "/install solana-basics" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.
Is solana-skill free?
Yes, solana-skill is completely free (open-source). You can download, install and use it at no cost.
Which platforms does solana-skill support?
solana-skill is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).
Who created solana-skill?
It is built and maintained by chattyClaw (@chattyclaw); the current version is v1.0.0.
More Skills