← 返回 Skills 市场

Reliable Pumpfun Price Feed

Name: Reliable Pumpfun Price Feed
Author: divyn

作者 Divyasshree · GitHub ↗ · v1.0.4 · MIT-0

cross-platform ✓ 安全检测通过

324

总下载

当前安装

版本数

在 OpenClaw 中安装

/install pumpfun-usd-price-stream

功能描述

Real-time streaming PumpFun token feed on Solana with live USD pricing for every token. Subscribe to a live stream of PumpFun tokens over WebSocket: USD pric...

安全使用建议

This skill appears coherent and does what it claims, but take these precautions before installing or running it: - Verify publisher/source: the registry metadata did not clearly surface BITQUERY_API_KEY; confirm the publisher or use a skill from a verified source. - Treat the API key as sensitive: Bitquery requires the key in the WebSocket URL, which can leak via logs, proxy logs, or shell/IDE history. Never print the full URL; store the key only in an environment variable and avoid emitting it to stdout/stderr. - Sandbox first: run the script in an isolated environment (virtualenv, container, dedicated VM) to limit blast radius and confirm behavior. - Limit and rotate keys: create a key with minimum scope if possible and rotate it if you suspect exposure. - Inspect dependencies: install gql[websockets] from PyPI in a controlled environment and review package provenance if you require higher assurance. - Logging and history: ensure HISTFILE is disabled or cleared if you run the command with URL-like strings and check system / proxy logs if concerned about leakage. If you cannot verify the publisher or cannot ensure the key will remain private (or if you cannot run in a sandbox), do not install or run this skill until those conditions are met.

功能分析

Type: OpenClaw Skill Name: pumpfun-usd-price-stream Version: 1.0.4 The skill provides a legitimate real-time stream of PumpFun token data from Bitquery via WebSockets. The Python script `scripts/stream_pumpfun.py` and the instructions in `SKILL.md` are well-documented and align with the stated purpose. Notably, the documentation includes a proactive security warning regarding the Bitquery API's requirement to pass the API key in the WebSocket URL, advising users on how to prevent credential leakage in logs. No malicious behaviors, such as data exfiltration or unauthorized execution, were found.

能力评估

ℹ Purpose & Capability

Name/description, SKILL.md, and the included Python script all align: this is a Bitquery WebSocket subscription that streams Solana tokens whose address contains 'pump' with USD pricing and derived metrics. The declared required environment variable (BITQUERY_API_KEY) is appropriate. Minor inconsistency: the registry metadata shown earlier displayed 'Required env vars: [object Object]' (a malformed entry) while SKILL.md and the script clearly require BITQUERY_API_KEY — request the registry metadata be corrected so installers surface the secret requirement.

ℹ Instruction Scope

SKILL.md and the script instruct only to connect to the Bitquery streaming endpoint, format ticks, and print them. The script constructs a WebSocket URL with the API token as a query parameter (Bitquery requires token-in-URL). The author explicitly warns not to print/log the full URL and recommends sandboxing. This is within scope, but the token-in-URL pattern creates an obvious accidental-leak risk (logs, proxies, shell history) which the skill acknowledges — follow the checklist.

✓ Install Mechanism

No install spec that fetches arbitrary code; dependency is a single Python package (gql[websockets]) declared in requirements.txt. Installation via pip is standard and proportionate to the task. No downloads from unknown URLs or archive extraction are present.

ℹ Credentials

Only BITQUERY_API_KEY is required, which is proportional for a Bitquery integration. The SKILL.md documents the token requirement and the fact the token must be passed in the URL. Verify the registry metadata is updated to list this env var so installers are aware. Consider provisioning a key scoped with the least privilege possible and prepared for rotation.

✓ Persistence & Privilege

Skill is user-invocable, not always:true, and does not request system-wide persistence or modify other skills. It does not request elevated privileges or persistent presence beyond normal execution.

如何使用

确保已安装 OpenClaw（本地或 Docker 部署）
在对话框中输入安装命令：/install pumpfun-usd-price-stream
安装完成后，直接呼叫该 Skill 的名称或使用 /pumpfun-usd-price-stream 触发
根据 Skill 的参数说明提供必要输入，即可获得结构化输出

版本历史

v1.0.4

## pumpfun-usd-price-stream v1.0.4 - Added explicit environment variable requirement (`BITQUERY_API_KEY`) to skill metadata (`requires` section). - Clarified that Bitquery API key must be passed in the WebSocket URL (not headers); emphasized security risks. - Added a detailed security checklist for safe usage, including reminders to avoid logging or exposing the API key. - Improved documentation on credential handling and reasons for not printing/logging the WebSocket URL. - No code changes; documentation and metadata update only.

v1.0.3

**1.0.3 adds security and install recommendations for all users.** - Added a new section outlining key considerations before installing the skill, including API key handling and external source verification. - Warns that the `BITQUERY_API_KEY` secret may not be declared in registry metadata and should be checked by installers. - Recommends running the script in a sandbox and avoiding API key exposure via logs or URL sharing. - No changes to code or existing behavior; documentation improvements only.

v1.0.2

- Clarified that the Bitquery API key must be passed only in the WebSocket URL (not supported in headers). - Added explicit warning about API key security risk when used in the URL, recommending caution to avoid exposure in logs or history. - No changes to functionality or code; documentation update only.

v1.0.1

pumpfun-usd-price-stream v1.0.1 - Added a "Prerequisites" section specifying the environment variable and Python dependency requirements. - Clarified that the Bitquery API key should be treated as a secret and not logged or exposed. - Minor documentation reformatting to improve clarity for setup and usage. - No changes to code or functionality.

v1.0.0

Initial release of real-time PumpFun token feed with live USD pricing. - Streams all active PumpFun tokens on Solana with full USD-denominated market data (OHLC, volume, moving averages, tick % change) in real time. - Powered by Bitquery GraphQL API over WebSocket; no polling required. - Includes built-in filtering for Solana tokens with "pump" in the address to target PumpFun tokens. - Designed for trader workflows: entry/exit signals, momentum detection, scalping, volume/whale alerts, new token monitoring, and more. - All price and volume fields are natively quoted in USD for direct use in alerts and dashboards. - Easy setup with clear usage steps for API key, dependencies, and running the stream.

元数据

Slug pumpfun-usd-price-stream

版本 1.0.4

许可证 MIT-0

累计安装 0

当前安装数 0

历史版本数 5

常见问题

Reliable Pumpfun Price Feed 是什么？

Real-time streaming PumpFun token feed on Solana with live USD pricing for every token. Subscribe to a live stream of PumpFun tokens over WebSocket: USD pric... 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件，目前累计下载 324 次。

如何安装 Reliable Pumpfun Price Feed？

在 OpenClaw 或 Claude Code 对话框中运行命令「/install pumpfun-usd-price-stream」即可一键安装，无需额外配置。

Reliable Pumpfun Price Feed 是免费的吗？

是的，Reliable Pumpfun Price Feed 完全免费，采用 MIT-0 许可证，可自由下载、安装和使用。

Reliable Pumpfun Price Feed 支持哪些平台？

Reliable Pumpfun Price Feed 跨平台运行，可在任意部署了 OpenClaw / Claude Code 的环境中使用（cross-platform）。

谁开发了 Reliable Pumpfun Price Feed？

由 Divyasshree（@divyn）开发并维护，当前版本 v1.0.4。