← Back to Skills Marketplace
Solana Trading Terminal — SoulPass
by
soulpassai
· GitHub ↗
· v1.0.0
· MIT-0
97
Downloads
0
Stars
0
Active Installs
1
Versions
Install in OpenClaw
/install soulpass
Description
Solana trading and DeFi skill for AI agents with hardware-secured wallet. Swap tokens on Jupiter DEX, trade meme coins with rug-pull detection, earn yield vi...
Usage Guidance
This skill appears to implement a legitimate Solana CLI that uses Apple Secure Enclave, but there are two things to verify before installing or running it:
1) Source authenticity: only run the Homebrew tap or build commands if you can verify the soulpassai tap/GitHub repo and release signatures. Installing a CLI with sudo to /usr/local/bin gives a lot of power to that binary.
2) Daemon safety: the instructions tell you to run 'soulpass serve' which opens a JSON-RPC endpoint (127.0.0.1:8402) able to perform swaps, payments, and batch transfers. Confirm whether that daemon requires authentication, origin checks, or explicit interactive confirmations for signing. If it accepts unauthenticated local requests, any local process (or a compromised agent) could cause real fund transfers. Prefer one-off CLI commands unless you can ensure the daemon is locked down (bind to localhost only, enable auth tokens, require confirmation on each signed transaction, firewall rules) and you understand who/what can access it.
Additional suggestions: restrict OS (use only on Apple devices with Secure Enclave as claimed), review the published source code or audit binary releases, avoid running the daemon as root, keep merchant config and diary files private, and require user confirmation for any payment or transfer initiated by an agent.
Capability Analysis
Type: OpenClaw Skill
Name: soulpass
Version: 1.0.0
The skill implements a Solana trading terminal and agent commerce framework that requires installing a third-party binary (soulpass) and running a background daemon (soulpass serve). It is classified as suspicious because it grants the agent autonomous control over financial assets and includes explicit instructions in references/diary-voice.md to monitor the owner's habits, language, and 'contradictions' to be logged in a 'public' diary. While these features are aligned with the stated 'SoulPass' social-trading ecosystem (soulpass.ai), the combination of binary installation, financial autonomy, and user surveillance represents a significant security and privacy risk surface.
Capability Assessment
Purpose & Capability
Name/description (Solana trading, hardware-secured signing) align with the requested artifact (a 'soulpass' CLI). However the skill repeatedly claims Apple Secure Enclave signing (Apple-only) while registry metadata lists no OS restriction; install options explicitly require Apple Silicon/Xcode. This OS/requirement mismatch should be clarified. Requiring the 'soulpass' binary only is proportionate for the stated purpose.
Instruction Scope
Runtime instructions instruct the agent to install and run the CLI and to start a local JSON-RPC daemon (soulpass serve) on port 8402 that exposes methods including 'swap', 'pay', 'batch' and 'tx_status'. The SKILL.md does not describe any authentication, access control, or confirmation prompts for signing, nor does it document network exposure controls. A local daemon that will sign transactions using a hardware-secured key is a high-risk capability if it accepts unauthenticated requests from other local processes or network interfaces. The skill also encourages writing/reading local files (soulpass-merchant.json, diary entries) and making them public — this can leak sensitive operational context or business data if not managed carefully.
Install Mechanism
No packaged install spec in the registry, but SKILL.md includes Homebrew tap and GitHub-build commands. Installing via a tap or building from the published GitHub repo is expected for a CLI but still requires verification of the source (brew tap soulpassai/soulpass; git clone https://github.com/soulpassai/soulpass-cli.git). The build step uses sudo to copy a binary to /usr/local/bin, which is a normal install flow but increases impact of a malicious binary. Confirm upstream authenticity (release signatures, official repo) before running.
Credentials
The skill declares no environment variables or external credentials — appropriate for a hardware-keyed CLI. However the SKILL.md expects access to local files (merchant config, diary) and to local network (127.0.0.1:8402). Those are reasonable for a CLI/merchant workflow but represent sensitive surfaces (local RPC & on-disk merchant configs) that should be protected. No incongruent cloud credentials are requested.
Persistence & Privilege
The skill is not marked always:true, but it instructs agents to run a long-lived local daemon that can accept JSON-RPC calls to execute signed transactions. Autonomous agent invocation (platform default) combined with a long-lived signing service increases blast radius: an agent (or another local process) could request swaps or transfers without repeated explicit user approval. The SKILL.md does not describe any user confirmation step or daemon authentication to mitigate this.
How to Use
- Make sure OpenClaw is installed (local or Docker)
- Run the install command in chat:
/install soulpass - After installation, invoke the skill by name or use
/soulpass - Provide required inputs per the skill's parameter spec and get structured output
Version History
v1.0.0
Initial release of Solana Trading Terminal — SoulPass.
- Provides a hardware-secured Solana wallet using Apple Secure Enclave — no extractable private keys or seed phrases.
- Enables instant token swaps on Jupiter DEX, including real-time price checks and custom slippage controls.
- Adds safety tools for meme coin trading, with risk signals and rug-pull detection before executing trades.
- Supports copy trading workflows, whale tracking, and trade automation for DeFi strategies.
- Integrates DeFi yield options via Jupiter Lend for idle tokens.
- Offers a fast JSON-RPC daemon for building automated trading bots and agent-to-agent payments.
Metadata
Frequently Asked Questions
What is Solana Trading Terminal — SoulPass?
Solana trading and DeFi skill for AI agents with hardware-secured wallet. Swap tokens on Jupiter DEX, trade meme coins with rug-pull detection, earn yield vi... It is an AI Agent Skill for Claude Code / OpenClaw, with 97 downloads so far.
How do I install Solana Trading Terminal — SoulPass?
Run "/install soulpass" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.
Is Solana Trading Terminal — SoulPass free?
Yes, Solana Trading Terminal — SoulPass is completely free, licensed under MIT-0. You can download, install and use it at no cost.
Which platforms does Solana Trading Terminal — SoulPass support?
Solana Trading Terminal — SoulPass is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).
Who created Solana Trading Terminal — SoulPass?
It is built and maintained by soulpassai (@soulpassai); the current version is v1.0.0.
More Skills