← 返回 Skills 市场
435
总下载
0
收藏
0
当前安装
1
版本数
在 OpenClaw 中安装
/install pump-mcp-server
功能描述
Model Context Protocol server exposing 7 tools, 3 resource types, and 3 prompts for AI agent consumption — Solana wallet operations, vanity address generatio...
安全使用建议
This skill describes a Solana MCP server and claims concrete JS libraries and secure handling of secret keys, but provides only a prose spec (no code, no dependency list, no install instructions). Before installing or relying on it: 1) Ask the publisher for the actual source code or a vetted install package (show Node/npm dependencies, package.json, and build/install steps). 2) Verify how secret keys are stored, zeroized, and that no logs or external network calls can leak key material. 3) Do not use with real funds or production keys until the implementation is auditable and dependencies are explicit. If you can't inspect code, treat this as untrusted for signing operations.
功能分析
Type: OpenClaw Skill
Name: pump-mcp-server
Version: 0.1.0
The skill is classified as suspicious due to its inherent handling of highly sensitive cryptographic operations, including Solana keypair generation, message signing, and keypair restoration from secret bytes, as described in `SKILL.md`. While the documentation outlines good security practices like zeroization and preventing secret key exposure, the nature of these capabilities presents a significant attack surface for potential vulnerabilities in the underlying implementation or misuse via prompt injection against the AI agent, despite no explicit malicious instructions in the provided markdown.
能力评估
Purpose & Capability
The stated purpose (MCP server for Solana wallet operations) is coherent with the listed tools/resources/prompts. However the SKILL.md explicitly claims implementation details (use of @solana/web3.js, Zod schemas, JS class snippets) but the package provides no code files, no install spec, and no declared runtime (Node/npm) or dependency list. That is a meaningful mismatch: a consumer would reasonably expect declared dependencies or shipped code for these claims.
Instruction Scope
The instructions stay within the advertised scope — they describe keypair generation, signing, validation, and session management and do not instruct reading unrelated files or env vars. They also explicitly recommend zeroizing secrets and not logging secret bytes. However, these are prescriptive best-practices in prose only; there are no concrete runtime checks or enforcement steps, so the security guarantees are claimed but unverifiable from the provided materials.
Install Mechanism
This is an instruction-only skill with no install spec. That alone is low risk, but the SKILL.md's reliance on @solana/web3.js and Zod implies Node runtime dependencies that are not declared. The lack of an explicit, trustworthy install mechanism or packaged code means an agent or integrator may have to fetch/run code ad hoc — increasing risk and making the implementation details unverifiable.
Credentials
The skill requests no environment variables or system config, which is proportionate. Nevertheless, it deals with highly sensitive material (Solana secret keys kept in session memory). The SKILL.md's statement that secret key bytes are never logged and are zeroized is good practice, but without code or runtime guarantees this is an unverified claim; treat any skill that handles private keys as high-risk unless you can inspect the implementation.
Persistence & Privilege
The skill does not request always:true, does not claim system-wide persistence, and makes no changes to other skills' configs. Session state is described as ephemeral (one in-memory keypair), which is reasonable for the purpose.
如何使用
- 确保已安装 OpenClaw(本地或 Docker 部署)
- 在对话框中输入安装命令:
/install pump-mcp-server - 安装完成后,直接呼叫该 Skill 的名称或使用
/pump-mcp-server触发 - 根据 Skill 的参数说明提供必要输入,即可获得结构化输出
版本历史
v0.1.0
Initial release of Pump MCP Server providing Solana wallet tooling over Model Context Protocol.
- Exposes 7 wallet-related tools: keypair and vanity generation, signature operations, address validation, and keypair restoration.
- Offers 3 resource types for session keypair info, keypair lookup, and address validation details.
- Includes 3 prompts to guide wallet creation, vanity address setup, and security review.
- All operations occur over stdio transport with strict session keypair state management.
- Designed for secure, ephemeral usage — with input validation and no exposure of secret keys.
元数据
常见问题
Pump MCP Server 是什么?
Model Context Protocol server exposing 7 tools, 3 resource types, and 3 prompts for AI agent consumption — Solana wallet operations, vanity address generatio... 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件,目前累计下载 435 次。
如何安装 Pump MCP Server?
在 OpenClaw 或 Claude Code 对话框中运行命令「/install pump-mcp-server」即可一键安装,无需额外配置。
Pump MCP Server 是免费的吗?
是的,Pump MCP Server 完全免费(开源免费),可自由下载、安装和使用。
Pump MCP Server 支持哪些平台?
Pump MCP Server 跨平台运行,可在任意部署了 OpenClaw / Claude Code 的环境中使用(cross-platform)。
谁开发了 Pump MCP Server?
由 speraxos(@speraxos)开发并维护,当前版本 v0.1.0。
推荐 Skills