← Back to Skills Marketplace
tilo-14

solana-payments-wallet-dev

by tilo-14 · GitHub ↗ · v1.0.2
cross-platform ⚠ suspicious
430
Downloads
0
Stars
0
Active Installs
3
Versions
Install in OpenClaw
/install solana-payments-wallet-dev
Description
For stablecoin payment flows and wallet integrations on Solana 200x cheaper token accounts. Receive, send, balance, history, and client-side signing with Pri...
Usage Guidance
This skill is internally consistent for building Solana light-token payment and wallet integrations. Before installing: 1) provide a HELIUS_RPC_URL (it often contains an API key) and treat it as a secret; 2) only supply Privy credentials if you plan to use the Privy signing examples — these are sensitive and are sent to Privy's API (review sign-with-privy.md and verify endpoints); 3) cargo is only required for Rust nullifier examples — you can skip Rust-related steps if you only use the TypeScript examples; 4) the skill may request spawning scoped read-only subagents for research — confirm you’re comfortable with those limited reads; and 5) review the referenced example repositories and Privy integration docs before running any signing or transaction-sending code. If you want lower risk, avoid supplying Privy secrets and avoid spawning subagents that access external documentation automatically.
Capability Analysis
Type: OpenClaw Skill Name: solana-payments-wallet-dev Version: 1.0.2 The skill is classified as suspicious due to its explicit handling and transmission of highly sensitive secrets (`PRIVY_APP_SECRET`, `TREASURY_AUTHORIZATION_KEY`) to an external API (Privy) as detailed in `SKILL.md` and `references/sign-with-privy.md`. While the skill transparently warns about this behavior, the code examples in `references/sign-with-privy.md` instruct the agent to load these secrets from `process.env`, which contradicts the `SKILL.md`'s advice to use a secrets manager. This creates a significant vulnerability where an AI agent, if compromised or misdirected by prompt injection, could misuse or exfiltrate these critical credentials, even if the skill's stated purpose is legitimate.
Capability Assessment
Purpose & Capability
Skill name/description (Solana light-token payments and wallet integrations) matches what the SKILL.md and reference files instruct. Requested binaries (node for JS examples, cargo for Rust nullifier examples) and HELIUS_RPC_URL align with the documented examples.
Instruction Scope
Runtime instructions focus on building/structuring tasks, constructing and signing Solana transactions, and optionally using Privy for embedded signing. The skill explicitly asks to spawn read-only subagents for research (Read, Glob, Grep, DeepWiki MCP) but says to scope reads to skill references, example repos, and docs. The Privy flow will transmit secrets to Privy's API (documented and warned about).
Install Mechanism
Instruction-only skill with no install spec or external downloads; lowest install risk. It does reference 'npx skills add Lightprotocol/skills' for installing examples, which is a standard GitHub-based flow documented in SKILL.md.
Credentials
Declared required env is only HELIUS_RPC_URL (needed for RPC calls). Privy-related secrets (PRIVY_APP_ID, PRIVY_APP_SECRET, TREASURY_WALLET_ID, TREASURY_AUTHORIZATION_KEY) are described as needed only for the optional Privy signing flow — they are documented but not listed as globally required; those secrets are sensitive and will be sent to Privy's endpoints when using that flow.
Persistence & Privilege
always:false and default autonomous invocation; the skill does not request persistent or cross-skill configuration access and does not modify other skills. Subagent use is explicit and scoped in the instructions.
How to Use
  1. Make sure OpenClaw is installed (local or Docker)
  2. Run the install command in chat: /install solana-payments-wallet-dev
  3. After installation, invoke the skill by name or use /solana-payments-wallet-dev
  4. Provide required inputs per the skill's parameter spec and get structured output
Version History
v1.0.2
- Clarified environment variable requirements: only `HELIUS_RPC_URL` is always required; other secrets are needed only for the Privy signing flow. - Updated metadata to reflect optional environment variables for Privy use and provided guidance on obtaining them. - Improved security notes to reference the dedicated Privy signing guide instead of duplicating instructions. - Simplified and clarified instructions regarding secret management and setup.
v1.0.1
1. Updated security section to clarify that Privy signing examples transmit secrets to an external API and must be reviewed before use. 2. Added warnings to load all secrets from a secrets manager and to avoid placing production secrets in an agent-global environment. 3. Expanded details about the Privy signing flow, emphasizing restrictions on endpoint exposure and log handling. 4. Improved notes on subagent scope, stressing restricted file/environment access for security. 5. Minor text edits for clarity, no changes to workflow, API, or skill functionality.
v1.0.0
- Initial release of the payments-and-wallets skill for Solana. - Supports stablecoin payment flows and wallet integrations, leveraging 200x cheaper light-token accounts. - Includes guides and code patterns for sending, receiving, balance checks, transaction history, and client-side signing with Privy and Solana wallet adapters. - Optional support for nullifiers to prevent duplicate payments. - Provides detailed security notes and environment variable requirements. - Extensive documentation and code references linked for payments, wallets, and integration examples.
Metadata
Slug solana-payments-wallet-dev
Version 1.0.2
License
All-time Installs 0
Active Installs 0
Total Versions 3
Frequently Asked Questions

What is solana-payments-wallet-dev?

For stablecoin payment flows and wallet integrations on Solana 200x cheaper token accounts. Receive, send, balance, history, and client-side signing with Pri... It is an AI Agent Skill for Claude Code / OpenClaw, with 430 downloads so far.

How do I install solana-payments-wallet-dev?

Run "/install solana-payments-wallet-dev" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.

Is solana-payments-wallet-dev free?

Yes, solana-payments-wallet-dev is completely free (open-source). You can download, install and use it at no cost.

Which platforms does solana-payments-wallet-dev support?

solana-payments-wallet-dev is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).

Who created solana-payments-wallet-dev?

It is built and maintained by tilo-14 (@tilo-14); the current version is v1.0.2.

More Skills
self-improving agent
Captures learnings, errors, and corrections to enable continuous improvement. Use when: (1) A command or operation fails unexpectedly, (2) User corrects Clau...
⬇ 463283 · by pskoett
Skill Vetter
Security-first skill vetting for AI agents. Use before installing any skill from ClawdHub, GitHub, or other sources. Checks for red flags, permission scope, and suspicious patterns.
⬇ 259410 · by spclaudehome
Polymarket
Query Polymarket prediction markets. Check odds, find trending markets, search events, track price movements.
⬇ 232503 · by joelchance
Self-Improving + Proactive Agent
Self-reflection + Self-criticism + Self-learning + Self-organizing memory. Agent evaluates its own work, catches mistakes, and improves permanently. Use when...
⬇ 200423 · by ivangdavila
Github
Interact with GitHub using the `gh` CLI. Use `gh issue`, `gh pr`, `gh run`, and `gh api` for issues, PRs, CI runs, and advanced queries.
⬇ 191115 · by steipete
ontology
Typed knowledge graph for structured agent memory and composable skills. Use when creating/querying entities (Person, Project, Task, Event, Document), linkin...
⬇ 190156 · by oswalpalash

💬 Comments