← Back to Skills Marketplace
sterdam

solclaw

by Sterdam · GitHub ↗ · v1.0.0
cross-platform ⚠ suspicious
1311
Downloads
0
Stars
0
Active Installs
1
Versions
Install in OpenClaw
/install solclaw
Description
Non-custodial USDC payments on Solana by agent name. Use this skill when the user wants to: send USDC to another agent by name, check their USDC balance, register as a payable agent, set up recurring subscriptions, manage allowances, create invoices, or interact with agent-native payments on Solana devnet. Triggers: "send USDC", "pay agent", "USDC balance", "register wallet", "solclaw", "batch payment", "subscription", "invoice".
Usage Guidance
This skill appears to do what it says, but it relies on running a third‑party CLI (npx solclaw-cli / solclaw) and on an external API (solclaw.xyz). Before installing or automating anything: 1) Verify the provenance of the solclaw-cli package (inspect the npm package source and author, check GitHub repo and releases) rather than running npx blindly. 2) Do not export or paste private keys into scripts; prefer hardware wallet or keep keys offline. 3) Avoid automated cron jobs that execute payments or 'execute subscription' commands unless you fully trust and have audited the CLI and configuration; limit automation to read-only checks. 4) Test thoroughly on Devnet only and review the CLI code (or request signed release artifacts) before using on Mainnet. If you want, I can list specific checks to perform on the npm package or help craft safer automation patterns (read-only heartbeats, alerts instead of automatic execution).
Capability Analysis
Type: OpenClaw Skill Name: solclaw Version: 1.0.0 The skill is classified as suspicious due to its inherent high-risk capabilities, including direct management of cryptographic private keys (reading from `~/.config/solana/id.json`, writing to `~/.config/solclaw/keypair.json`, and export functionality) and the explicit instruction in `heartbeat.md` to establish persistence via a cron job. While these actions are presented as necessary for the skill's stated purpose of non-custodial Solana payments and agent monitoring, they grant significant control over the agent's environment and sensitive data, elevating the risk profile beyond benign, even without clear evidence of intentional malicious exfiltration or unauthorized actions.
Capability Assessment
Purpose & Capability
The name, description, and commands are coherent: a CLI-based, non-custodial Solana USDC payments tool would need to manage keypairs, register on-chain, query balances, and send transactions. Program IDs and USDC mint are provided and the network is explicitly Devnet, which matches the stated purpose.
Instruction Scope
The SKILL.md instructs the agent to import/export private keys, store keys at ~/.config/solclaw/keypair.json, run commands that sign transactions locally, and suggests automation (heartbeat, cron). It also references external API endpoints (solclaw.xyz). Automatically executing subscription/pay commands or running export commands (which can output raw private keys) increases the risk of accidental or automated fund transfers and key leakage. The instructions grant broad discretion (run cron, run heartbeats) that could cause side effects if misused.
Install Mechanism
There is no install spec (instruction-only), which is lower risk, but the docs instruct use of npx solclaw-cli and assume a 'solclaw' binary — npx implicitly downloads and runs code from npm each time. The skill does not declare or vet that package or provide checksums/known-good sources. That implicit remote code execution via npx and the use of curl against solclaw.xyz are installation/runtime actions you should verify before running.
Credentials
The skill requests no environment variables or credentials, which is proportionate. However the runtime guidance deals directly with highly sensitive secrets (private keys, base58 keys, keypair files) and instructs exporting/importing them. That handling is expected for a wallet tool but it's sensitive: exporting keys, storing them on disk, or piping command outputs to scripts increases exposure and should be treated carefully (prefer hardware wallets or read-only automation).
Persistence & Privilege
always:false and no persistent install are appropriate. However the included heartbeat.md and examples recommend cron jobs and long‑running automation that would periodically query state and (implicitly) could execute payments or subscriptions. Persisting an automated process that can trigger transactions increases blast radius — the skill itself doesn't request the privilege, but it explicitly encourages setting it up.
How to Use
  1. Make sure OpenClaw is installed (local or Docker)
  2. Run the install command in chat: /install solclaw
  3. After installation, invoke the skill by name or use /solclaw
  4. Provide required inputs per the skill's parameter spec and get structured output
Version History
v1.0.0
Initial release of SolClaw: non-custodial USDC payments on Solana by agent name. - Send and receive USDC using agent names instead of wallet addresses - Register as a payable agent, check USDC balance, and manage both batch and split payments - Set up recurring subscriptions, manage ERC-20 style allowances, and create/pay invoices - All operations are non-custodial: private keys stay local, transactions are signed on your machine - Read-only API endpoints provided for on-chain data queries (balance, reputation, leaderboard, subscriptions)
Metadata
Slug solclaw
Version 1.0.0
License
All-time Installs 0
Active Installs 0
Total Versions 1
Frequently Asked Questions

What is solclaw?

Non-custodial USDC payments on Solana by agent name. Use this skill when the user wants to: send USDC to another agent by name, check their USDC balance, register as a payable agent, set up recurring subscriptions, manage allowances, create invoices, or interact with agent-native payments on Solana devnet. Triggers: "send USDC", "pay agent", "USDC balance", "register wallet", "solclaw", "batch payment", "subscription", "invoice". It is an AI Agent Skill for Claude Code / OpenClaw, with 1311 downloads so far.

How do I install solclaw?

Run "/install solclaw" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.

Is solclaw free?

Yes, solclaw is completely free (open-source). You can download, install and use it at no cost.

Which platforms does solclaw support?

solclaw is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).

Who created solclaw?

It is built and maintained by Sterdam (@sterdam); the current version is v1.0.0.

More Skills
self-improving agent
Captures learnings, errors, and corrections to enable continuous improvement. Use when: (1) A command or operation fails unexpectedly, (2) User corrects Clau...
⬇ 463283 · by pskoett
Skill Vetter
Security-first skill vetting for AI agents. Use before installing any skill from ClawdHub, GitHub, or other sources. Checks for red flags, permission scope, and suspicious patterns.
⬇ 259410 · by spclaudehome
Polymarket
Query Polymarket prediction markets. Check odds, find trending markets, search events, track price movements.
⬇ 232503 · by joelchance
Self-Improving + Proactive Agent
Self-reflection + Self-criticism + Self-learning + Self-organizing memory. Agent evaluates its own work, catches mistakes, and improves permanently. Use when...
⬇ 200423 · by ivangdavila
Github
Interact with GitHub using the `gh` CLI. Use `gh issue`, `gh pr`, `gh run`, and `gh api` for issues, PRs, CI runs, and advanced queries.
⬇ 191113 · by steipete
ontology
Typed knowledge graph for structured agent memory and composable skills. Use when creating/querying entities (Person, Project, Task, Event, Document), linkin...
⬇ 190156 · by oswalpalash

💬 Comments