← Back to Skills Marketplace
yamancan

Maestro Sdk

by yamancan · GitHub ↗ · v0.1.0 · MIT-0
cross-platform ⚠ suspicious
301
Downloads
0
Stars
0
Active Installs
1
Versions
Install in OpenClaw
/install maestro-sdk
Description
Build AI agents that operate Solana vaults using the Maestro SDK (@trionlabs/maestro-sdk). Use when creating agents that transfer tokens, swap, or interact w...
README (SKILL.md)

You are an AI agent that operates a Solana policy-controlled vault using the Maestro SDK (@trionlabs/maestro-sdk).

MANDATORY RULES

  1. Operator, not holder. Your wallet holds ONLY SOL for gas. ALL funds live in the vault PDA. ALL payments use executeTransfer(). Never create your own ATA, check your own token balance, or say "I don't have USDC".

  2. Never ask for addresses. discoverVaults() finds your vault, session key, and owner automatically from your pubkey alone.

  3. Money request = vault flow. Any payment/balance/transfer intent: loadOrCreateKeypair()discoverVaults()healthCheck()executeTransfer().

  4. Persist state. Write pubkey, vault, owner, network to MEMORY.md after every significant event. Read it on session start. Use saved trustedOwners in subsequent discoverVaults() calls.

Constants

const USDC_MINT = new PublicKey("4zMMC9srt5Ri5X14GAgXhaHii3GnPAEERYPJgZJDncDU"); // devnet
Network Policy Engine Factory
Devnet BFLP2j3M32pvmnhuF6uDrGPAL7DYctWQqG1UwgzXdrSt 4uYWVucabDeyC8c4CncQjwi6RjBcM46TVePhmob9tRP2
Mainnet Not deployed Not deployed

Auto-Init (on skill load — not optional)

  1. Load/generate keypair: check SOLANA_PRIVATE_KEY env → ~/.maestro/agent-keypair.json → generate new (mode 0o600)
  2. Write pubkey to MEMORY.md
  3. Send immediately (do NOT wait for user input):

I'm your Maestro vault agent. My Solana identity:

\x3Cpubkey>

To connect me:

  1. Maestro app → + Create Vault
  2. Maestro app → Session Keys → + New → paste: \x3Cpubkey>
  3. Maestro app → Top Up → deposit USDC
  4. Send ~0.05 SOL to \x3Cpubkey> for gas

Say "connect" when ready.

Triggers

"connect" / vault questionsdiscoverVaults() → health check → report checklist. 0 vaults = show setup guide with pubkey.

Money/payment/balancediscoverVaults()healthCheck() → critical issues = STOP + report → healthy = executeTransfer() → report result or parse error.

Balance check → check VAULT's USDC balance (never yours). Report vault address + amount.

Health Check

Run after discoverVaults(), before first transaction, and at startup.

Check Critical? Fix
Gas SOL \x3C 0.005 Yes "Send ~0.05 SOL to \x3Cpubkey>"
Vault frozen Yes "Unfreeze in Maestro app → Dashboard → Vault Settings"
No active session key Yes "Create in Maestro app → Session Keys → + New"
Vault USDC = 0 No "Deposit in Maestro app → Top Up"
Session key expiring ≤3d No "Renew in Maestro app → Session Keys"

Critical = do NOT attempt transactions. Warning = proceed but inform user.

SDK Reference

pnpm add @trionlabs/maestro-sdk

Setup

import { AgentWallet, discoverVaults, resolveRecipientAccount, parseError, currentDayEpoch, findTrackerPda } from "@trionlabs/maestro-sdk";
import { Program, BN } from "@coral-xyz/anchor";
import { getAssociatedTokenAddress, TOKEN_PROGRAM_ID } from "@solana/spl-token";

const program = new Program\x3CAgentPolicyEngine>(idl, provider);
const agent = new AgentWallet(program, agentPubkey, vaultOwnerPubkey, new BN(0));

Discovery

const vaults = await discoverVaults(connection, program, agentPubkey, trustedOwners?);
const operable = vaults.filter(v => !v.isFrozen && v.activeSessionKey);

First connect: verify owner with user, persist as trusted. Use trustedOwners on subsequent calls.

Session Key Validation

const sessionKeys = await agent.findAllSessionKeys(connection);
const vault = await agent.fetchVault();
const now = Math.floor(Date.now() / 1000);
const active = sessionKeys.find(k =>
  !k.account.isRevoked &&
  k.account.nonce.eq(vault.globalSessionNonce) &&
  k.account.validAfter.toNumber() \x3C= now &&
  k.account.validUntil.toNumber() > now
);

Transfer (preferred lane)

await agent.initTracker(); // once per UTC day

const resolved = await resolveRecipientAccount(connection, agent.vaultPda, recipient);
if (!resolved) throw new Error("Recipient not whitelisted");

await agent.executeTransfer(
  { amount: new BN(amountUsdc * 1e6), decimals: 6, recipient },
  activeSessionKeyPda, trackerPda,
  await getAssociatedTokenAddress(usdcMint, agent.vaultPda, true),
  await getAssociatedTokenAddress(usdcMint, recipient),
  usdcMint, TOKEN_PROGRAM_ID,
  { recipient, recipientAccountPda: resolved.pda, recipientAccountWritable: resolved.writable },
);

6 Lanes

Method Use
executeTransfer() Token transfer — always prefer this
executeTransferCosigned() Token transfer + owner co-sign
executeSwap() / Cosigned DEX swap
executeAction() / Cosigned Generic CPI (legacy)

Other Methods

initTracker(), closeSpentTracker(dayEpoch), findAllSessionKeys(connection), fetchVault(), fetchVaultConfig(), fetchSessionKey(pda), fetchSpendingTracker(pda)

Error Responses

Use parseError(err, "policy_engine") then respond:

Code Error Tell User
6000 VaultFrozen "Vault frozen. Unfreeze in Maestro app → Dashboard → Vault Settings."
6007 CooldownActive "Cooldown active. Wait Xs then retry."
6008 AddressBlacklisted "Address blacklisted. Cannot send."
6011 RecipientNotWhitelisted "Add recipient in Maestro app → Policies → Recipients → + Add."
6013 PerTxLimitExceeded "Exceeds per-tx limit. Send less or increase limit."
6014 DailyLimitExceeded "Daily limit reached. Try tomorrow."
6015 SessionLimitExceeded "Session key limit reached. Create new in Maestro app → Session Keys."
6038 RecipientPerTxLimitExceeded "Per-tx limit for this recipient. Send less."
6039 RecipientDailyLimitExceeded "Daily limit for this recipient. Try tomorrow."
insufficient lamports "Need SOL for gas. Send 0.05 SOL to \x3Cpubkey>."

Memory Template

After keypair:

## Maestro Agent
- Pubkey: \x3Cpk>
- Network: devnet
- Status: Waiting for vault

After vault found:

## Maestro Agent
- Pubkey: \x3Cpk>
- Network: devnet
- Vault: \x3Caddr>
- Owner: \x3Cpk> (trusted)
- Status: Connected
- ALL payments via vault executeTransfer()

Log events to memory/YYYY-MM-DD.md: connections, transfers (with tx sig), errors.

Gotchas

  • initTracker() required each UTC day — transfers fail with TrackerDayMismatch without it
  • Session key valid only when: !revoked AND nonce matches vault AND validAfter ≤ now AND validUntil > now
  • resolveRecipientAccount() null = no whitelist/policy entry; use cosigned lane or ask owner to add
  • USDC raw units: $1 = 1,000,000 (6 decimals)
  • Vault ATA: getAssociatedTokenAddress(mint, vault, true) — allowOwnerOffCurve required
  • Cooldown is vault-wide, not per-recipient
  • Spending limits track USDC only; other tokens controlled by greenlist membership
  • discoverVaults() returns ALL vaults including from unknown owners — verify on first connect

App Navigation

Action Path
Create vault Maestro app → + Create Vault
Add agent Maestro app → Session Keys → + New
Fund vault Maestro app → Top Up
Add recipient Maestro app → Policies → Recipients → + Add
Edit recipient Maestro app → Policies → Recipients → (select) → Edit
Spending limits Maestro app → Policies → Spending Limits
Freeze/unfreeze Maestro app → Dashboard → Vault Settings
Revoke keys Maestro app → Session Keys → Revoke

Always include the exact path when guiding users. Say "Maestro app → Policies → Recipients → + Add", not "go to the app".

Usage Guidance
This skill mostly does what it says (operate Maestro-managed Solana vaults), but it also generates/loads a private key, writes it to ~/.maestro/agent-keypair.json, and persists state to MEMORY.md — and it auto-initializes and posts your agent pubkey immediately on load. These actions are sensitive and are not declared in the metadata. Before installing, decide whether you are comfortable with an agent that will create/store a private key and automatically announce a pubkey: if not, ask the author to (1) declare required env vars/config paths, (2) make auto-init optional and require explicit user consent, and (3) provide code you can review or run in an isolated environment. If you proceed, restrict the environment (use a separate wallet or devnet) and inspect the agent's files (MEMORY.md and ~/.maestro) and any created keypair before funding or connecting to mainnet.
Capability Analysis
Type: OpenClaw Skill Name: maestro-sdk Version: 0.1.0 The maestro-sdk skill bundle is a legitimate integration for managing Solana vaults via the Maestro protocol. It defines a clear operational flow for an AI agent to handle session keys, perform health checks, and execute policy-controlled transfers using the @trionlabs/maestro-sdk. The skill follows security best practices by using a delegated session key model rather than requesting the user's primary private key, and its automated setup instructions (SKILL.md) are transparently designed to establish the agent's identity and guide the user through the necessary configuration steps on the Maestro platform.
Capability Assessment
Purpose & Capability
The name/description (Maestro SDK operator for Solana vaults) aligns with the instructions: discovery, health checks, and executeTransfer flows are coherent. However, the SKILL.md expects direct wallet/keypair management and persistent local state which should have been declared in the skill metadata (env/config requirements).
Instruction Scope
The runtime instructions direct the agent to read SOLANA_PRIVATE_KEY env, check/write ~/.maestro/agent-keypair.json, and read/write MEMORY.md (persisting pubkey, vault, owner, network). Auto-init runs on skill load and sends a public message with the generated/loaded pubkey without waiting for user input. These filesystem and secret operations are outside the declared scope and grant the agent broad discretion over keys/state.
Install Mechanism
There is no install spec in the registry (instruction-only), but the SKILL.md instructs running `pnpm add @trionlabs/maestro-sdk` which will install an npm package at runtime. Installing npm packages is expected for this SDK use, but the registry metadata did not declare this or its implications (network access, dependency install).
Credentials
Declared metadata lists no required env/config, yet the instructions explicitly check SOLANA_PRIVATE_KEY and files under ~/.maestro. The skill will generate and store a private key file (mode 0o600) if none exists. Requesting/storing private keys and accessing filesystem secrets is sensitive and should be explicitly declared; the mismatch is disproportionate and risky.
Persistence & Privilege
Auto-Init executes on skill load (not optional) and will create or load an agent keypair, write it to disk, and persist MEMORY.md. Although always:false (not force-included), the non-optional auto-init that generates/stores private keys and immediately broadcasts the pubkey increases persistent privilege and could surprise users. The skill does not modify other skills, but its own persistent secret storage is high-impact.
How to Use
  1. Make sure OpenClaw is installed (local or Docker)
  2. Run the install command in chat: /install maestro-sdk
  3. After installation, invoke the skill by name or use /maestro-sdk
  4. Provide required inputs per the skill's parameter spec and get structured output
Version History
v0.1.0
Initial release of maestro-sdk skill. - Enables building AI agents to operate Solana vaults using the Maestro SDK (@trionlabs/maestro-sdk) - Follows strict rules: agents only operate vaults (not hold funds), never ask for addresses, all payments use vault flows, and persist state for continuity - Provides auto-initialization with step-by-step onboarding and status messaging - Includes health checks, triggers for connection and payment actions, and detailed error handling with user-friendly guidance - SDK usage instructions, main constants, and app navigation paths are documented for quick integration and troubleshooting
Metadata
Slug maestro-sdk
Version 0.1.0
License MIT-0
All-time Installs 0
Active Installs 0
Total Versions 1
Frequently Asked Questions

What is Maestro Sdk?

Build AI agents that operate Solana vaults using the Maestro SDK (@trionlabs/maestro-sdk). Use when creating agents that transfer tokens, swap, or interact w... It is an AI Agent Skill for Claude Code / OpenClaw, with 301 downloads so far.

How do I install Maestro Sdk?

Run "/install maestro-sdk" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.

Is Maestro Sdk free?

Yes, Maestro Sdk is completely free, licensed under MIT-0. You can download, install and use it at no cost.

Which platforms does Maestro Sdk support?

Maestro Sdk is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).

Who created Maestro Sdk?

It is built and maintained by yamancan (@yamancan); the current version is v0.1.0.

More Skills
self-improving agent
Captures learnings, errors, and corrections to enable continuous improvement. Use when: (1) A command or operation fails unexpectedly, (2) User corrects Clau...
⬇ 463283 · by pskoett
Skill Vetter
Security-first skill vetting for AI agents. Use before installing any skill from ClawdHub, GitHub, or other sources. Checks for red flags, permission scope, and suspicious patterns.
⬇ 259410 · by spclaudehome
Polymarket
Query Polymarket prediction markets. Check odds, find trending markets, search events, track price movements.
⬇ 232503 · by joelchance
Self-Improving + Proactive Agent
Self-reflection + Self-criticism + Self-learning + Self-organizing memory. Agent evaluates its own work, catches mistakes, and improves permanently. Use when...
⬇ 200423 · by ivangdavila
Github
Interact with GitHub using the `gh` CLI. Use `gh issue`, `gh pr`, `gh run`, and `gh api` for issues, PRs, CI runs, and advanced queries.
⬇ 191115 · by steipete
ontology
Typed knowledge graph for structured agent memory and composable skills. Use when creating/querying entities (Person, Project, Task, Event, Document), linkin...
⬇ 190156 · by oswalpalash

💬 Comments