功能描述

Manage Solana wallets, launch tokens, run coordinated buys, volume bots, and wallet operations via gank.dev trading terminal API.

使用说明 (SKILL.md)

gank — solana trading terminal for agents

Name: solana-bundler-sniper-volume-bot
Author: pissdart

gank is a multi-wallet solana trading terminal. launch tokens on pump.fun, run swarm buys, volume bots, copy trades, manage wallets. we literally have the most toxic platform atm and now your agents can take full advantage of it lol.

base url: https://gank.dev/api/v2

auth: Authorization: Bearer \x3CGANK_API_KEY>

get your key at gank.dev > settings > api keys. keys start with pb_.

errors always come back as { "success": false, "error": "..." }.

wallet types

gank uses typed wallets. each type is locked to its module — don't mix them up.

type	what it's for
`dev`	launching tokens (pump.fun creator wallet)
`regular`	buying/selling, transfers
`bundle`	bundle buys at launch
`snipe`	sniping new launches
`swarm`	coordinated multi-wallet buys
`volume`	volume bot
`pug`	privacy protocol — clean funds via bnb/eth swap

wallets

list your wallets

GET /wallets/user

returns everything grouped by type.

{
  "dev": [{ "id": 1, "wallet_address": "...", "label": "main dev" }],
  "regular": [...],
  "swarm": [...],
  "volume": [...]
}

wallet balance

GET /wallets/{id}/balance

batch balances

POST /wallets/balances
{ "addresses": ["addr1...", "addr2..."] }

positions (all token holdings)

GET /user/positions

search tokens

GET /search?q=pepe&limit=10

launching a token

three steps: reserve mint → upload image → launch.

1. reserve a vanity mint (optional but worth it)

POST /launch/reserve-mint

gives you a ...pump address upfront. the keypair field is the mint keypair (token contract address keypair, not a wallet private key), pass it straight to /launch as reserved_mint_keypair. don't store it beyond that.

{ "success": true, "address": "AbcD...pump", "keypair": "base58..." }

2. upload image + metadata to ipfs

POST /ipfs/upload
Content-Type: multipart/form-data

fields: file, name, symbol, description, twitter, telegram, website

{ "success": true, "metadata_uri": "https://ipfs.io/ipfs/Qm..." }

3. launch

POST /launch

{
  "token_name": "my token",
  "token_ticker": "MTK",
  "metadata_uri": "https://ipfs.io/ipfs/Qm...",
  "dev_wallet_address": "DevWallet...",
  "dev_buy_sol": 0.5,
  "jito_tip": 0.0003,
  "reserved_mint_keypair": "base58_from_step1",
  "regular_wallets": [
    { "wallet_address": "Wallet1...", "amount": 0.1 },
    { "wallet_address": "Wallet2...", "amount": 0.2 }
  ],
  "bundle_groups": [
    {
      "block_target": 1,
      "wallets": [{ "wallet_address": "BundleWallet1...", "amount": 0.05 }]
    }
  ],
  "sniper_wallets": [
    { "wallet_address": "SnipeWallet1...", "amount": 0.1, "block_target": 2 }
  ]
}

{ "success": true, "launch_id": "uuid", "token_mint": "...", "tx_signature": "..." }

check launch status

GET /launch/{launch_id}

launch history

GET /launch/history?limit=20

save a launch config/preset

PUT /launch/configs
{ "name": "my template", "config": { ...launch_params... } }

buy & sell

buy

POST /phases/regular/buy

{
  "wallet_address": "RegularWallet...",
  "token_mint": "TokenMint...",
  "amount_sol": 0.1,
  "slippage_bps": 500
}

sell

POST /phases/regular/sell

{
  "wallet_address": "RegularWallet...",
  "token_mint": "TokenMint...",
  "sell_percentage": 100,
  "slippage_bps": 500
}

swarm

swarm = hit a token from multiple wallets at the same time. useful for coordinated entries.

swarm buy

POST /phases/swarm/buy

{
  "token_mint": "TokenMint...",
  "wallets": [
    { "wallet_address": "SwarmWallet1...", "amount_sol": 0.05 },
    { "wallet_address": "SwarmWallet2...", "amount_sol": 0.1 }
  ],
  "slippage_bps": 500
}

swarm sell

POST /phases/swarm/sell

{
  "token_mint": "TokenMint...",
  "wallets": ["SwarmWallet1...", "SwarmWallet2..."],
  "sell_percentage": 100,
  "slippage_bps": 500
}

consolidate sol back to one wallet

POST /phases/swarm/consolidate
{ "source_wallets": ["..."], "destination_wallet": "MainWallet..." }

recover (emergency drain — sells everything, sweeps sol)

POST /phases/swarm/recover
{ "source_wallets": ["..."], "destination_wallet": "MainWallet..." }

volume bot

start

POST /phases/volume/start

{
  "token_mint": "TokenMint...",
  "wallet_addresses": ["VolumeWallet1...", "VolumeWallet2..."],
  "sol_per_trade": 0.001,
  "duration_minutes": 60,
  "intensity": "medium"
}

intensity: "low" | "medium" | "high"

returns { "success": true, "session_id": "uuid" }

stop

POST /phases/volume/stop
{ "session_id": "uuid" }

wallet ops

transfer sol

POST /wallets/transfer
{ "from_wallet": "...", "to_wallet": "...", "amount_sol": 1.0 }

split sol (1 → many, max 50 targets)

POST /wallets/split
{
  "source_wallet": "...",
  "targets": [
    { "address": "Wallet1...", "amount_sol": 0.1 },
    { "address": "Wallet2...", "amount_sol": 0.2 }
  ]
}

vamp all (drain wallets — sells tokens, closes accounts, sweeps sol)

POST /wallets/vamp-all
{ "source_wallets": ["Wallet1...", "Wallet2..."], "destination_wallet": "MainWallet..." }

clean funds (privacy swap — sol→bnb→sol or sol→eth→sol, ~5 min)

two routes available: bnb (BSC, default) or eth (Arbitrum). source and destination must match 1:1 — use fresh destination wallets.

get a quote first:

POST /wallets/clean-funds/quote
{ "amount_sol": 1.0, "route": "bnb" }

initiate:

POST /wallets/clean-funds
{ "source_wallets": ["Wallet1..."], "destination_wallets": ["FreshWallet1..."], "route": "bnb" }

route: "bnb" (default) | "eth" — xmr is not available.

check status:

GET /wallets/clean-funds/status

sniping at launch

sniping is only available at launch time via sniper_wallets in the /launch payload — see the launch section above. standalone auto-snipe is not available.

market data

token info (price, mcap, volume, holders, bonding curve %)

GET /token/{mint}

ohlcv chart

GET /market/chart/{mint}?limit=500&timeframe=5

timeframe is in minutes.

holders

GET /market/holders/{mint}?limit=20

recent trades

GET /market/trades/{mint}?limit=30

referrals & stats

your stats (points, level, exp, trades, volume)

GET /auth/user-stats

referral stats (tier, l1/l2/l3 counts, earnings, claimable sol)

GET /user/referrals

claim earnings (pays to your payout wallet)

POST /user/referrals/claim

leaderboard

GET /user/leaderboard/points?limit=50
GET /user/leaderboard/referrals?limit=50

fee preferences

GET /fees/preferences
POST /fees/preferences

{
  "fee_mode": "manual",
  "priority_fee_max_sol": 0.001,
  "jito_tip_max_sol": 0.0005
}

fee_mode: "auto" | "manual"

how to use this

launching a token:

reserve mint → upload image to ipfs → POST /launch → poll GET /launch/{id}

coordinated buy:

check balances → POST /phases/swarm/buy → GET /user/positions

recovering funds:

POST /wallets/vamp-all  (sells everything + sweeps sol)
or
POST /wallets/clean-funds  (privacy swap via bnb/eth, ~5 min)

notes

api keys start with pb_ — don't log them, don't put them in prompts
wallet private keys are encrypted server-side, the api never gives them back
reserve-mint returns a mint keypair (the token's contract address keypair, not a wallet key), pass it to /launch as reserved_mint_keypair and discard after use
sol amounts are in sol, not lamports
slippage is in basis points — 500 = 5%
sniping only works at launch time via sniper_wallets in /launch — no standalone auto-snipe
clean funds routes: bnb (BSC) or eth (Arbitrum) — xmr is disabled
the platform fee wallet is protected, you can't accidentally send to it

config

~/.openclaw/openclaw.json:

{
  "skills": {
    "entries": {
      "gank": {
        "enabled": true,
        "apiKey": "pb_your_key_here"
      }
    }
  }
}

or just set GANK_API_KEY in env.

gank.dev · dm @pissdart on x or tg if something's broken

安全使用建议

This skill documents an API that can control wallets, launch tokens, run swarm buys, drain wallets, and perform privacy swaps. Before installing: 1) Verify provenance — the registry metadata here is inconsistent (top-level said no credentials/homepage but skill.json points to gank.dev and a GitHub repo); only proceed if you trust gank.dev and the skill author. 2) Treat GANK_API_KEY as highly sensitive — it can move funds. Use a throwaway/test key with no real funds first. 3) Disable autonomous invocation or restrict the skill to manual/user-invoked use until you confirm behavior. 4) Do not expose the API key in LLM prompts, logs, or stored launch configs; prefer platform secret storage. 5) Audit any agent logs/output for accidental leaks (reserved mint keypair, wallet addresses, tx signatures). 6) Consider legal/ethical risk: coordinated buys, token launches, wallet-draining and 'clean funds' features may violate laws or platform policies in some jurisdictions. If you cannot verify the skill's source and the API provider, do not install it with real funds or privileged credentials.

功能分析

Type: OpenClaw Skill Name: gank-solana-bundler Version: 1.0.2 The skill provides access to high-risk financial operations on the Solana blockchain, including automated token launches, multi-wallet trading (swarm buys, volume bots), and powerful wallet management features like 'vamp-all' (drain wallets) and 'clean funds' (privacy swaps via BNB/ETH). While the API claims to handle private keys securely server-side and the skill explicitly warns against exposing API keys, the inherent capabilities (e.g., draining multiple wallets, obfuscating fund origins via privacy swaps) carry a significant risk of misuse for financial harm or illicit activities if the AI agent is compromised or misdirected. The `examples.md` also shows local file system access (`fs.createReadStream`) for image uploads, which, while legitimate for the stated purpose, represents a general vulnerability point for agents.

能力评估

ℹ Purpose & Capability

The SKILL.md and examples are consistent with a 'gank' trading terminal that uses a GANK_API_KEY to call https://gank.dev/api/v2 endpoints for launches, swarm buys, volume bots, wallet transfers, vamp-all (drain), and privacy swaps. That functionality is coherent with the skill's name and description. However, the registry metadata at the top of the submission claims no required env vars/credentials while the included skill.json and SKILL.md clearly require a GANK_API_KEY — this metadata mismatch is an inconsistency that reduces trust in provenance.

⚠ Instruction Scope

Runtime instructions direct the agent to perform highly sensitive actions: draining wallets (vamp-all), coordinated multi-wallet buys/sells, and 'clean funds' privacy swaps (SOL→BNB/ETH→SOL). These are within the stated purpose but are high-risk: they grant the API key effective control of funds and can be used for laundering or theft. The docs instruct not to store the reserved mint keypair and to avoid exposing the API key in logs/LLM context, but there is nothing preventing an agent from accidentally logging or including sensitive IDs/keys in model prompts or external destinations if not carefully sandboxed.

✓ Install Mechanism

This is an instruction-only skill (no install spec, no code files to execute). That lowers direct filesystem/remote-code risk — the agent will make network calls to the documented API rather than install arbitrary binaries. However, network calls to an external service are still an operational risk when combined with sensitive credentials.

⚠ Credentials

The skill requires a single API secret (GANK_API_KEY) which is proportionate to making authenticated API requests but is extremely sensitive: it appears to grant actions that move and drain funds and perform privacy swaps. The registry metadata provided to you claims no required env vars, but skill.json and SKILL.md require GANK_API_KEY and mark it secret — this inconsistency is suspicious. Examples also reference reading credentials from ~/.openclaw/openclaw.json, which means an agent implementation might pull creds from local config files if configured; that increases the chance of accidental exposure.

✓ Persistence & Privilege

The skill does not request persistent installation, always:false, and there is no code to modify other skills or system-wide settings. The agent would only call external APIs at runtime. Autonomous invocation is allowed by default (normal for skills) — combine this with the high-risk nature of the API key and operations before enabling autonomous runs.

版本历史

v1.0.2

passing checks again

v1.0.1

passing scan check

v1.0.0

- first drop. launch bundled solana tokens, swarm buy, volume bot, wallet ops, positions, market data - clean-funds via sol > bnb/(arb)eth privacy swap (~5 min) - full api docs + copy-paste examples for common flows

元数据

Slug gank-solana-bundler

版本 1.0.2

许可证 —

累计安装 0

当前安装数 0

历史版本数 3

常见问题

solana-bundler-sniper-volume-bot 是什么？

Manage Solana wallets, launch tokens, run coordinated buys, volume bots, and wallet operations via gank.dev trading terminal API. 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件，目前累计下载 610 次。

如何安装 solana-bundler-sniper-volume-bot？

在 OpenClaw 或 Claude Code 对话框中运行命令「/install gank-solana-bundler」即可一键安装，无需额外配置。

solana-bundler-sniper-volume-bot 是免费的吗？

是的，solana-bundler-sniper-volume-bot 完全免费（开源免费），可自由下载、安装和使用。

solana-bundler-sniper-volume-bot 支持哪些平台？

solana-bundler-sniper-volume-bot 跨平台运行，可在任意部署了 OpenClaw / Claude Code 的环境中使用（cross-platform）。

谁开发了 solana-bundler-sniper-volume-bot？

由 pissdart（@pissdart）开发并维护，当前版本 v1.0.2。

solana-bundler-sniper-volume-bot