← Back to Skills Marketplace
nikzt

TokenDraft

by Nikzt · GitHub ↗ · v1.0.1
cross-platform ⚠ suspicious
463
Downloads
2
Stars
0
Active Installs
2
Versions
Install in OpenClaw
/install tokendraft
Description
Full suite for TokenDraft fantasy crypto tournaments — authenticate with a Solana wallet, query/join/auto-join tournaments, and manage auto-draft asset prior...
Usage Guidance
This skill legitimately needs a Solana private key to sign authentication nonces and on-chain buy-in transactions, but that key is highly sensitive — anyone or any agent with it can sign transactions from the wallet. Before installing: (1) confirm the registry metadata is corrected (SKILL.md requires SOLANA_PRIVATE_KEY but metadata lists none); (2) do not use a mainnet wallet with significant funds — create a dedicated, limited wallet for this skill with only the minimum SOL required for buy-ins; (3) understand the skill will persist a long-lived TOKENDRAFT_JWT in env vars and can automatically re-authenticate and retry requests, so consider restricting autonomous invocation or requiring manual confirmation for buy-ins; (4) verify the tokendraft-production.up.railway.app endpoint and ask the publisher for source/hosting details or a homepage/repository before trusting persistent credentials; (5) if you need stronger safety, decline to provide a private key or only allow ephemeral/manual signing (if possible).
Capability Analysis
Type: OpenClaw Skill Name: tokendraft Version: 1.0.1 The OpenClaw AgentSkills bundle for 'tokendraft' appears benign. All actions, including the handling of the sensitive `SOLANA_PRIVATE_KEY` (which is used for local signing only, not exfiltration), network calls to `tokendraft-production.up.railway.app`, and the creation of `openclaw cron` jobs, are directly aligned with the stated purpose of interacting with a fantasy crypto tournament platform. The instructions within `SKILL.md` and the cron job messages are functional commands for the AI agent to perform the skill's legitimate operations (authentication, tournament management, asset ranking automation) and do not show evidence of malicious intent such as data exfiltration, unauthorized access, or persistence mechanisms beyond the skill's stated functionality.
Capability Assessment
Purpose & Capability
The SKILL.md clearly requires a SOLANA_PRIVATE_KEY (sensitive) for signing nonces and on-chain buy-ins — that is logically required for a wallet-backed tournament skill. However the registry metadata listed no required env vars; this mismatch (metadata says none while the runtime instructions require a private key) is an incoherence you should ask the publisher to fix. The private-key requirement itself is proportionate to the described functionality, but the metadata omission is notable.
Instruction Scope
The instructions confine activity to the TokenDraft API endpoints and local signing of messages/transactions. They also instruct the agent to persist TOKENDRAFT_JWT and TOKENDRAFT_USER_ID as environment variables and to automatically re-run auth and retry on 401s. Persisting a long-lived JWT and enabling automatic re-authentication increases the agent's ability to act without user intervention (including signing transactions), which is expected for auto-join/auto-draft features but is a privacy/authorization risk the user should accept consciously.
Install Mechanism
No install steps or external downloads are present (instruction-only). Nothing is written to disk by an installer here, which is the lowest-risk install mechanism.
Credentials
The skill requires a SOLANA_PRIVATE_KEY (sensitive). That is functionally necessary for signing and buy-ins, so it is proportionate to the stated purpose — but because the key grants signing authority, this is high-sensitivity access. The SKILL.md also directs storing TOKENDRAFT_JWT in env vars (persisting credentials). The earlier registry metadata failing to list SOLANA_PRIVATE_KEY is a red flag that the package metadata and runtime instructions are out of sync.
Persistence & Privilege
always:false (good). The skill tells the agent to store TOKENDRAFT_JWT/TOKENDRAFT_USER_ID as env vars and to reauthenticate automatically on 401 — behavior that grants ongoing ability to act (and to sign transactions) without frequent user prompts. This is likely needed for auto-join/auto-draft but increases the blast radius if the agent or environment is compromised.
How to Use
  1. Make sure OpenClaw is installed (local or Docker)
  2. Run the install command in chat: /install tokendraft
  3. After installation, invoke the skill by name or use /tokendraft
  4. Provide required inputs per the skill's parameter spec and get structured output
Version History
v1.0.1
- Added structured env var documentation for SOLANA_PRIVATE_KEY, including its encoding, purpose, and sensitivity. - No functional changes; usage and API flow remain the same. - The environment variable requirement is now explicitly declared and described for easier configuration and clarity.
v1.0.0
Initial release with authentication and full tournament suite for TokenDraft: - Solana wallet authentication with secure nonce/signature flow; private key stays local. - Automatic re-authentication and request retry on token expiration (401 errors). - Query, join (free or paid), and auto-join fantasy crypto tournaments, including instant roster drafts. - Manage asset priority rankings for automatic drafting in instant roster tournaments. - Display name management with rate limiting. - Comprehensive documentation of all API flows and required environment variables.
Metadata
Slug tokendraft
Version 1.0.1
License
All-time Installs 0
Active Installs 0
Total Versions 2
Frequently Asked Questions

What is TokenDraft?

Full suite for TokenDraft fantasy crypto tournaments — authenticate with a Solana wallet, query/join/auto-join tournaments, and manage auto-draft asset prior... It is an AI Agent Skill for Claude Code / OpenClaw, with 463 downloads so far.

How do I install TokenDraft?

Run "/install tokendraft" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.

Is TokenDraft free?

Yes, TokenDraft is completely free (open-source). You can download, install and use it at no cost.

Which platforms does TokenDraft support?

TokenDraft is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).

Who created TokenDraft?

It is built and maintained by Nikzt (@nikzt); the current version is v1.0.1.

More Skills
self-improving agent
Captures learnings, errors, and corrections to enable continuous improvement. Use when: (1) A command or operation fails unexpectedly, (2) User corrects Clau...
⬇ 463556 · by pskoett
Skill Vetter
Security-first skill vetting for AI agents. Use before installing any skill from ClawdHub, GitHub, or other sources. Checks for red flags, permission scope, and suspicious patterns.
⬇ 259610 · by spclaudehome
Polymarket
Query Polymarket prediction markets. Check odds, find trending markets, search events, track price movements.
⬇ 232503 · by joelchance
Self-Improving + Proactive Agent
Self-reflection + Self-criticism + Self-learning + Self-organizing memory. Agent evaluates its own work, catches mistakes, and improves permanently. Use when...
⬇ 200551 · by ivangdavila
Github
Interact with GitHub using the `gh` CLI. Use `gh issue`, `gh pr`, `gh run`, and `gh api` for issues, PRs, CI runs, and advanced queries.
⬇ 191226 · by steipete
ontology
Typed knowledge graph for structured agent memory and composable skills. Use when creating/querying entities (Person, Project, Task, Event, Document), linkin...
⬇ 190235 · by oswalpalash

💬 Comments