← Back to Skills Marketplace
Reliable Pumpfun Price Feed
by
Divyasshree
· GitHub ↗
· v1.0.4
· MIT-0
324
Downloads
0
Stars
0
Active Installs
5
Versions
Install in OpenClaw
/install pumpfun-usd-price-stream
Description
Real-time streaming PumpFun token feed on Solana with live USD pricing for every token. Subscribe to a live stream of PumpFun tokens over WebSocket: USD pric...
Usage Guidance
This skill appears coherent and does what it claims, but take these precautions before installing or running it:
- Verify publisher/source: the registry metadata did not clearly surface BITQUERY_API_KEY; confirm the publisher or use a skill from a verified source.
- Treat the API key as sensitive: Bitquery requires the key in the WebSocket URL, which can leak via logs, proxy logs, or shell/IDE history. Never print the full URL; store the key only in an environment variable and avoid emitting it to stdout/stderr.
- Sandbox first: run the script in an isolated environment (virtualenv, container, dedicated VM) to limit blast radius and confirm behavior.
- Limit and rotate keys: create a key with minimum scope if possible and rotate it if you suspect exposure.
- Inspect dependencies: install gql[websockets] from PyPI in a controlled environment and review package provenance if you require higher assurance.
- Logging and history: ensure HISTFILE is disabled or cleared if you run the command with URL-like strings and check system / proxy logs if concerned about leakage.
If you cannot verify the publisher or cannot ensure the key will remain private (or if you cannot run in a sandbox), do not install or run this skill until those conditions are met.
Capability Analysis
Type: OpenClaw Skill
Name: pumpfun-usd-price-stream
Version: 1.0.4
The skill provides a legitimate real-time stream of PumpFun token data from Bitquery via WebSockets. The Python script `scripts/stream_pumpfun.py` and the instructions in `SKILL.md` are well-documented and align with the stated purpose. Notably, the documentation includes a proactive security warning regarding the Bitquery API's requirement to pass the API key in the WebSocket URL, advising users on how to prevent credential leakage in logs. No malicious behaviors, such as data exfiltration or unauthorized execution, were found.
Capability Assessment
Purpose & Capability
Name/description, SKILL.md, and the included Python script all align: this is a Bitquery WebSocket subscription that streams Solana tokens whose address contains 'pump' with USD pricing and derived metrics. The declared required environment variable (BITQUERY_API_KEY) is appropriate. Minor inconsistency: the registry metadata shown earlier displayed 'Required env vars: [object Object]' (a malformed entry) while SKILL.md and the script clearly require BITQUERY_API_KEY — request the registry metadata be corrected so installers surface the secret requirement.
Instruction Scope
SKILL.md and the script instruct only to connect to the Bitquery streaming endpoint, format ticks, and print them. The script constructs a WebSocket URL with the API token as a query parameter (Bitquery requires token-in-URL). The author explicitly warns not to print/log the full URL and recommends sandboxing. This is within scope, but the token-in-URL pattern creates an obvious accidental-leak risk (logs, proxies, shell history) which the skill acknowledges — follow the checklist.
Install Mechanism
No install spec that fetches arbitrary code; dependency is a single Python package (gql[websockets]) declared in requirements.txt. Installation via pip is standard and proportionate to the task. No downloads from unknown URLs or archive extraction are present.
Credentials
Only BITQUERY_API_KEY is required, which is proportional for a Bitquery integration. The SKILL.md documents the token requirement and the fact the token must be passed in the URL. Verify the registry metadata is updated to list this env var so installers are aware. Consider provisioning a key scoped with the least privilege possible and prepared for rotation.
Persistence & Privilege
Skill is user-invocable, not always:true, and does not request system-wide persistence or modify other skills. It does not request elevated privileges or persistent presence beyond normal execution.
How to Use
- Make sure OpenClaw is installed (local or Docker)
- Run the install command in chat:
/install pumpfun-usd-price-stream - After installation, invoke the skill by name or use
/pumpfun-usd-price-stream - Provide required inputs per the skill's parameter spec and get structured output
Version History
v1.0.4
## pumpfun-usd-price-stream v1.0.4
- Added explicit environment variable requirement (`BITQUERY_API_KEY`) to skill metadata (`requires` section).
- Clarified that Bitquery API key must be passed in the WebSocket URL (not headers); emphasized security risks.
- Added a detailed security checklist for safe usage, including reminders to avoid logging or exposing the API key.
- Improved documentation on credential handling and reasons for not printing/logging the WebSocket URL.
- No code changes; documentation and metadata update only.
v1.0.3
**1.0.3 adds security and install recommendations for all users.**
- Added a new section outlining key considerations before installing the skill, including API key handling and external source verification.
- Warns that the `BITQUERY_API_KEY` secret may not be declared in registry metadata and should be checked by installers.
- Recommends running the script in a sandbox and avoiding API key exposure via logs or URL sharing.
- No changes to code or existing behavior; documentation improvements only.
v1.0.2
- Clarified that the Bitquery API key must be passed only in the WebSocket URL (not supported in headers).
- Added explicit warning about API key security risk when used in the URL, recommending caution to avoid exposure in logs or history.
- No changes to functionality or code; documentation update only.
v1.0.1
pumpfun-usd-price-stream v1.0.1
- Added a "Prerequisites" section specifying the environment variable and Python dependency requirements.
- Clarified that the Bitquery API key should be treated as a secret and not logged or exposed.
- Minor documentation reformatting to improve clarity for setup and usage.
- No changes to code or functionality.
v1.0.0
Initial release of real-time PumpFun token feed with live USD pricing.
- Streams all active PumpFun tokens on Solana with full USD-denominated market data (OHLC, volume, moving averages, tick % change) in real time.
- Powered by Bitquery GraphQL API over WebSocket; no polling required.
- Includes built-in filtering for Solana tokens with "pump" in the address to target PumpFun tokens.
- Designed for trader workflows: entry/exit signals, momentum detection, scalping, volume/whale alerts, new token monitoring, and more.
- All price and volume fields are natively quoted in USD for direct use in alerts and dashboards.
- Easy setup with clear usage steps for API key, dependencies, and running the stream.
Metadata
Frequently Asked Questions
What is Reliable Pumpfun Price Feed?
Real-time streaming PumpFun token feed on Solana with live USD pricing for every token. Subscribe to a live stream of PumpFun tokens over WebSocket: USD pric... It is an AI Agent Skill for Claude Code / OpenClaw, with 324 downloads so far.
How do I install Reliable Pumpfun Price Feed?
Run "/install pumpfun-usd-price-stream" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.
Is Reliable Pumpfun Price Feed free?
Yes, Reliable Pumpfun Price Feed is completely free, licensed under MIT-0. You can download, install and use it at no cost.
Which platforms does Reliable Pumpfun Price Feed support?
Reliable Pumpfun Price Feed is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).
Who created Reliable Pumpfun Price Feed?
It is built and maintained by Divyasshree (@divyn); the current version is v1.0.4.
More Skills