← Back to Skills Marketplace
silostack

SilkyWay

by silostack · GitHub ↗ · v1.0.9
cross-platform ✓ Security Clean
656
Downloads
0
Stars
0
Active Installs
3
Versions
Install in OpenClaw
/install silkyway
Description
Agent banking and payments on Solana. Send and receive stablecoins with cancellable escrow transfers. Optional on-chain accounts with policy-enforced spendin...
Usage Guidance
This skill appears to do what it says (a Solana payments CLI) and uses an expected npm install path, but review these before installing or using with real funds: - Private keys are stored locally and unencrypted in ~/.config/silkyway/config.json (bs58). Protect that file, avoid syncing it to cloud backups, and restrict filesystem permissions. - There is an undocumented environment override: setting SILK_API_URL will redirect the CLI to any server. Only set this if you trust the server. A malicious endpoint could respond with crafted payloads or accept signed transactions; the private key itself still stays local, but changing the endpoint can alter transaction flows. - Verify the npm package origin (publisher, npm page, GitHub repo and releases) before installing globally. Confirm the published package includes the expected dist/cli binary and matches the source repository. - On first use, prefer devnet (test tokens) to exercise functionality before using mainnet with real USDC. - If you need stronger protection, consider using an encrypted key store or hardware signer rather than keeping raw secret keys in a plaintext config file. If you want, I can: (1) list exact files that hold private keys/config, (2) show the calls that use SILK_API_URL, or (3) draft a short checklist to harden local config and permissions before use.
Capability Analysis
Type: OpenClaw Skill Name: silkyway Version: 1.0.9 The OpenClaw skill bundle provides a Solana CLI tool for payments, implementing a non-custodial 'build-sign-submit' transaction flow where private keys are generated and stored locally at `~/.config/silkyway/config.json` and never transmitted to the backend. While storing private keys in plaintext (base58-encoded) in a local configuration file is a security vulnerability if the user's machine is compromised, this behavior is explicitly documented in `SKILL.md` and `README.md`, indicating transparency rather than malicious intent. All network communications are directed to the expected `silkyway.ai` domains, and there are no signs of data exfiltration, unauthorized execution, persistence mechanisms, or prompt injection attempts in the `SKILL.md` or code files. Dependencies are standard and appropriate for a Solana CLI tool.
Capability Assessment
Purpose & Capability
Name/description (agent banking/payments on Solana) matches the code and SKILL.md. The package is an npm CLI (@silkysquad/silk) that implements wallet creation, escrow transfers, claim/cancel, on-chain accounts, contacts, and a support chat — all coherent with the stated purpose.
Instruction Scope
SKILL.md instructs the agent to install and run the 'silk' CLI and references the expected config paths (~/.config/silkyway). The runtime instructions and included code only call the SilkyWay API (api.silkyway.ai / devnet-api.silkyway.ai) and the app web UI (app.silkyway.ai). One inconsistency: the code reads process.env.SILK_API_URL to override the API base, but the skill metadata/requirements do not declare this env var — this allows changing the server the CLI talks to and should be considered by deployers.
Install Mechanism
Install is an npm package (@silkysquad/silk). This is a standard distribution channel for a CLI; risk is moderate but expected for a Node.js CLI. No arbitrary HTTP download/extract install steps are present.
Credentials
The skill declares no required credentials or env vars, which aligns with the functionality. However, the code stores private keys locally (bs58-encoded) in ~/.config/silkyway/config.json in plaintext — expected for a simple CLI but a sensitive practice. Also, the code respects an undocumented SILK_API_URL env var which can redirect API calls to an arbitrary endpoint; that environment override is not described in SKILL.md/metadata and increases attack surface if misconfigured or set maliciously.
Persistence & Privilege
The skill is not always-included and uses normal autonomous invocation defaults. It persists its own config and contacts under ~/.config/silkyway and does not attempt to modify other skills or system-wide settings. Writing local wallet config (including private keys) is expected for a CLI wallet but is a sensitive action — documented in SKILL.md.
How to Use
  1. Make sure OpenClaw is installed (local or Docker)
  2. Run the install command in chat: /install silkyway
  3. After installation, invoke the skill by name or use /silkyway
  4. Provide required inputs per the skill's parameter spec and get structured output
Version History
v1.0.9
- Change default config/data path from `~/.config/silk` to `~/.config/silkyway` for all CLI data (wallets, contacts, etc). - Update documentation (README.md, SKILL.md) to reflect new config path and file locations. - Update package version to 1.0.9.
v1.0.8
SilkyWay 1.0.8 - Updated documentation in SKILL.md to provide detailed setup, usage, and command references for agent banking and payments on Solana. - Describes new features such as escrow payments with cancellable transfers, optional on-chain accounts with enforced spending limits, address book, multi-wallet support, and support chat. - Lists instructions for cluster configuration, funding, account setup, and detailed CLI usage. - Clarifies usage of both escrow payments and on-chain accounts, including their differences and appropriate scenarios.
v1.0.3
- New SKILL.md provides full documentation for installing and using silkyway (silk) for agent payments on Solana. - Details setup steps, multi-wallet support, USDC escrow payments, on-chain accounts, and address book features. - Includes CLI reference and explanations of agent/human roles, spending limits, and payment flows. - Adds support chat feature and clear instructions for testing on devnet vs mainnet.
Metadata
Slug silkyway
Version 1.0.9
License
All-time Installs 0
Active Installs 0
Total Versions 3
Frequently Asked Questions

What is SilkyWay?

Agent banking and payments on Solana. Send and receive stablecoins with cancellable escrow transfers. Optional on-chain accounts with policy-enforced spendin... It is an AI Agent Skill for Claude Code / OpenClaw, with 656 downloads so far.

How do I install SilkyWay?

Run "/install silkyway" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.

Is SilkyWay free?

Yes, SilkyWay is completely free (open-source). You can download, install and use it at no cost.

Which platforms does SilkyWay support?

SilkyWay is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).

Who created SilkyWay?

It is built and maintained by silostack (@silostack); the current version is v1.0.9.

More Skills
self-improving agent
Captures learnings, errors, and corrections to enable continuous improvement. Use when: (1) A command or operation fails unexpectedly, (2) User corrects Clau...
⬇ 463283 · by pskoett
Skill Vetter
Security-first skill vetting for AI agents. Use before installing any skill from ClawdHub, GitHub, or other sources. Checks for red flags, permission scope, and suspicious patterns.
⬇ 259410 · by spclaudehome
Polymarket
Query Polymarket prediction markets. Check odds, find trending markets, search events, track price movements.
⬇ 232503 · by joelchance
Self-Improving + Proactive Agent
Self-reflection + Self-criticism + Self-learning + Self-organizing memory. Agent evaluates its own work, catches mistakes, and improves permanently. Use when...
⬇ 200423 · by ivangdavila
Github
Interact with GitHub using the `gh` CLI. Use `gh issue`, `gh pr`, `gh run`, and `gh api` for issues, PRs, CI runs, and advanced queries.
⬇ 191115 · by steipete
ontology
Typed knowledge graph for structured agent memory and composable skills. Use when creating/querying entities (Person, Project, Task, Event, Document), linkin...
⬇ 190156 · by oswalpalash

💬 Comments