← Back to Skills Marketplace
XRPL Token Sniping
by
HarleysCodes
· GitHub ↗
· v1.0.0
654
Downloads
0
Stars
0
Active Installs
1
Versions
Install in OpenClaw
/install xrpl-token-snipe
Description
Monitor XRPL for new token launches, verify issuer flags for safety, and execute fast token buys while managing XRP reserves to minimize risk.
Usage Guidance
This skill is coherent in intent (monitor XRPL and buy new tokens) but contains unclear and inconsistent instructions that raise safety concerns. Before using it you should: (1) verify the identity and reputation of the endpoints (xlrps-1.xrpl.link, xrplcluster.com) — do not use unknown hosts for private-key operations; (2) require the author to explicitly state dependencies and an install procedure (e.g., npm install xrpl) and provide secure key-handling instructions (use a vault, never paste private keys into chat or plain files); (3) ask the author to fix inconsistent flag logic and XRPL terminology and to explain how transaction signing and submitting is done securely; (4) test any code in a sandbox or on testnet with a throwaway wallet and minimal funds first; and (5) prefer skills that publish source, a homepage, and a verifiable owner identity. If you cannot confirm endpoints and private-key handling, do not run it with real funds.
Capability Analysis
Type: OpenClaw Skill
Name: xrpl-token-snipe
Version: 1.0.0
The skill is classified as suspicious due to its inherent high-risk nature, requiring direct access to a user's cryptocurrency wallet for submitting transactions on the XRPL network. While the `SKILL.md` provides safety instructions and connects to legitimate XRPL endpoints, it clearly demonstrates the prompt injection attack surface by issuing direct commands and decision-making guidance to the AI agent (e.g., 'SKIP if:', 'MUST VERIFY:'). This capability, even if used for benign purposes in this instance, represents a significant vulnerability that could be exploited if the skill were modified or if malicious instructions were injected.
Capability Assessment
Purpose & Capability
The skill claims to detect new XRPL tokens and buy them, and the SKILL.md contains code examples that implement subscribing to transactions and submitting Payment transactions. That overall purpose matches the content. However, the skill does not declare required dependencies (it uses require('xrpl') in examples) or any credential/environment requirements despite needing a wallet/private key to submit transactions, which is a proportionality mismatch.
Instruction Scope
Instructions tell an agent to subscribe to a WebSocket, parse transactions, and execute immediate buys (front-running). The guidance references a 'wallet' and submitting transactions but gives no secure method for supplying or protecting private keys. Some guidance is inconsistent or inaccurate for XRPL (e.g., mixing 'contract ownership renounced' language, inconsistent guidance about lsfRequireAuth vs. skip logic). The endpoints in examples differ (xlrps-1.xrpl.link vs xrplcluster.com), which is ambiguous and could cause the agent to contact unexpected servers.
Install Mechanism
This is instruction-only (no install spec), which reduces direct install risk. But the examples assume the 'xrpl' Node library and WebSocket connectivity; the skill does not document installing that dependency. Also the skill directs traffic to third-party endpoints (unknown domains), which is a network-supply risk even without an install step.
Credentials
No environment variables or primary credential are declared, yet the runtime examples require a wallet (private key) to sign/submit transactions. There is no guidance on where that key comes from or how it should be stored, which is a security hygiene problem: submitting transactions requires sensitive credentials but the skill doesn't declare or protect them. The skill also references external endpoints of unclear trustworthiness.
Persistence & Privilege
always is false and there is no install or code that requests persistent elevated privileges or modifies other skills/config. The skill does not request persistent presence or platform-wide changes.
How to Use
- Make sure OpenClaw is installed (local or Docker)
- Run the install command in chat:
/install xrpl-token-snipe - After installation, invoke the skill by name or use
/xrpl-token-snipe - Provide required inputs per the skill's parameter spec and get structured output
Version History
v1.0.0
Initial release of xrpl-token-snipe as "firstledger-snipe".
- Detects new token issuances on XRPL via WebSocket subscription.
- Monitors mempool for fresh token offers.
- Enables fast, automated front-running of token buys.
- Provides guidelines for auditing token issuer flags for safety.
- Advises on XRP reserve management and risk.
Metadata
Frequently Asked Questions
What is XRPL Token Sniping?
Monitor XRPL for new token launches, verify issuer flags for safety, and execute fast token buys while managing XRP reserves to minimize risk. It is an AI Agent Skill for Claude Code / OpenClaw, with 654 downloads so far.
How do I install XRPL Token Sniping?
Run "/install xrpl-token-snipe" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.
Is XRPL Token Sniping free?
Yes, XRPL Token Sniping is completely free (open-source). You can download, install and use it at no cost.
Which platforms does XRPL Token Sniping support?
XRPL Token Sniping is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).
Who created XRPL Token Sniping?
It is built and maintained by HarleysCodes (@harleyscodes); the current version is v1.0.0.
More Skills