← Back to Skills Marketplace
435
Downloads
0
Stars
0
Active Installs
1
Versions
Install in OpenClaw
/install pump-mcp-server
Description
Model Context Protocol server exposing 7 tools, 3 resource types, and 3 prompts for AI agent consumption — Solana wallet operations, vanity address generatio...
Usage Guidance
This skill describes a Solana MCP server and claims concrete JS libraries and secure handling of secret keys, but provides only a prose spec (no code, no dependency list, no install instructions). Before installing or relying on it: 1) Ask the publisher for the actual source code or a vetted install package (show Node/npm dependencies, package.json, and build/install steps). 2) Verify how secret keys are stored, zeroized, and that no logs or external network calls can leak key material. 3) Do not use with real funds or production keys until the implementation is auditable and dependencies are explicit. If you can't inspect code, treat this as untrusted for signing operations.
Capability Analysis
Type: OpenClaw Skill
Name: pump-mcp-server
Version: 0.1.0
The skill is classified as suspicious due to its inherent handling of highly sensitive cryptographic operations, including Solana keypair generation, message signing, and keypair restoration from secret bytes, as described in `SKILL.md`. While the documentation outlines good security practices like zeroization and preventing secret key exposure, the nature of these capabilities presents a significant attack surface for potential vulnerabilities in the underlying implementation or misuse via prompt injection against the AI agent, despite no explicit malicious instructions in the provided markdown.
Capability Assessment
Purpose & Capability
The stated purpose (MCP server for Solana wallet operations) is coherent with the listed tools/resources/prompts. However the SKILL.md explicitly claims implementation details (use of @solana/web3.js, Zod schemas, JS class snippets) but the package provides no code files, no install spec, and no declared runtime (Node/npm) or dependency list. That is a meaningful mismatch: a consumer would reasonably expect declared dependencies or shipped code for these claims.
Instruction Scope
The instructions stay within the advertised scope — they describe keypair generation, signing, validation, and session management and do not instruct reading unrelated files or env vars. They also explicitly recommend zeroizing secrets and not logging secret bytes. However, these are prescriptive best-practices in prose only; there are no concrete runtime checks or enforcement steps, so the security guarantees are claimed but unverifiable from the provided materials.
Install Mechanism
This is an instruction-only skill with no install spec. That alone is low risk, but the SKILL.md's reliance on @solana/web3.js and Zod implies Node runtime dependencies that are not declared. The lack of an explicit, trustworthy install mechanism or packaged code means an agent or integrator may have to fetch/run code ad hoc — increasing risk and making the implementation details unverifiable.
Credentials
The skill requests no environment variables or system config, which is proportionate. Nevertheless, it deals with highly sensitive material (Solana secret keys kept in session memory). The SKILL.md's statement that secret key bytes are never logged and are zeroized is good practice, but without code or runtime guarantees this is an unverified claim; treat any skill that handles private keys as high-risk unless you can inspect the implementation.
Persistence & Privilege
The skill does not request always:true, does not claim system-wide persistence, and makes no changes to other skills' configs. Session state is described as ephemeral (one in-memory keypair), which is reasonable for the purpose.
How to Use
- Make sure OpenClaw is installed (local or Docker)
- Run the install command in chat:
/install pump-mcp-server - After installation, invoke the skill by name or use
/pump-mcp-server - Provide required inputs per the skill's parameter spec and get structured output
Version History
v0.1.0
Initial release of Pump MCP Server providing Solana wallet tooling over Model Context Protocol.
- Exposes 7 wallet-related tools: keypair and vanity generation, signature operations, address validation, and keypair restoration.
- Offers 3 resource types for session keypair info, keypair lookup, and address validation details.
- Includes 3 prompts to guide wallet creation, vanity address setup, and security review.
- All operations occur over stdio transport with strict session keypair state management.
- Designed for secure, ephemeral usage — with input validation and no exposure of secret keys.
Metadata
Frequently Asked Questions
What is Pump MCP Server?
Model Context Protocol server exposing 7 tools, 3 resource types, and 3 prompts for AI agent consumption — Solana wallet operations, vanity address generatio... It is an AI Agent Skill for Claude Code / OpenClaw, with 435 downloads so far.
How do I install Pump MCP Server?
Run "/install pump-mcp-server" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.
Is Pump MCP Server free?
Yes, Pump MCP Server is completely free (open-source). You can download, install and use it at no cost.
Which platforms does Pump MCP Server support?
Pump MCP Server is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).
Who created Pump MCP Server?
It is built and maintained by speraxos (@speraxos); the current version is v0.1.0.
More Skills