← 返回 Skills 市场
85
总下载
0
收藏
0
当前安装
1
版本数
在 OpenClaw 中安装
/install safe-flow-solana-skill
功能描述
Use when running SafeFlow against a deployed Solana program. Trigger for tasks such as generating an agent keypair, asking the owner to fund gas and create w...
安全使用建议
Do not install or run this skill until the repository author supplies missing artifacts and clarifications. Specific checks to request or perform before use:
- Verify the repository includes the referenced SDK (sdk/src/agent) and the IDL file (target/idl/safeflow_solana.json). Inspect those files for unexpected network calls or unknown endpoints.
- Confirm system requirements: explicitly require solana-cli (solana-keygen), node, and a pinned ts-node/runtime dependency or provide a package.json; avoid implicit npx pulls if you want reproducible behavior.
- Understand and accept local private key storage: the agent keypair is written to .safeflow/agent-keypair.json (sensitive). Consider using hardware wallets, restricted signing services, or running in an isolated environment.
- Because the script executes arbitrary JS via npx/ts-node, ensure all JS code is audited and comes from a trusted source; if you cannot validate the code, run in a sandboxed environment or decline.
- Ask the author to provide an explicit install spec (or packaged dependencies) and to declare required binaries in the skill metadata. If the skill will fetch runtime packages, request pinned versions and an integrity check.
If you cannot obtain these assurances, classify the skill as untrusted and avoid running it with real funds or on production systems.
功能分析
Type: OpenClaw Skill
Name: safe-flow-solana-skill
Version: 1.0.0
The skill implements a Solana payment agent but contains a significant code injection vulnerability in `scripts/execute_payment.sh`. The script uses `npx ts-node -e` to run a JavaScript snippet where shell variables (such as `--recipient` and `--evidence-id`) are interpolated directly into string literals without any sanitization, which could allow an attacker to execute arbitrary JavaScript. While the logic appears consistent with the stated goal of managing on-chain payments via the SafeFlow protocol (Program ID: `DwYEDn6xRpSbnNA7mkszQgDAUoHGfgdBNSi6pwy4qJKy`), the insecure handling of agent-provided inputs is a high-risk flaw.
能力评估
Purpose & Capability
The name/description (SafeFlow Solana payment skill) aligns with the included scripts: they generate an agent keypair, persist config, query session state, and execute on-chain payments. However, the skill metadata declares no required binaries or env vars even though the scripts call solana-keygen, node, and npx/ts-node and expect local files (sdk/src/agent and target/idl/safeflow_solana.json). The absence of these declared dependencies/files is an incoherence.
Instruction Scope
The runtime instructions/scripts read/write sensitive local state (.safeflow/agent-keypair.json and config.json) and execute an inline TypeScript/JavaScript program via npx ts-node that loads a local SDK module and IDL. The scripts will connect to public Solana RPC endpoints (devnet/mainnet) but do not call any other external endpoints. The instruction set grants the agent the ability to create and use a private key stored on disk and to execute arbitrary JS in the context of the repository — the SKILL.md and manifest do not make it clear where the SDK/IDL come from or whether the JS code is audited.
Install Mechanism
There is no install spec. The scripts rely on npx to run ts-node which will fetch packages from the npm registry at runtime if not present. That implicit network installation is not declared and increases risk. Also required local files (sdk/src/agent, target/idl/...) are referenced but not present in the provided file manifest, meaning the scripts will fail or attempt to fetch missing pieces at runtime.
Credentials
The skill requests no environment variables or external credentials in metadata, which is proportional. However, it creates and stores a Solana private key locally (.safeflow/agent-keypair.json) and will read that secret to sign transactions — this is sensitive and should be expected and handled cautiously. No unexpected credentials (AWS, GCP, etc.) are requested.
Persistence & Privilege
always is false and there are no declarations that the skill will modify other skills or system-wide settings. The skill persists its own config and keypair under .safeflow which is normal for this purpose.
如何使用
- 确保已安装 OpenClaw(本地或 Docker 部署)
- 在对话框中输入安装命令:
/install safe-flow-solana-skill - 安装完成后,直接呼叫该 Skill 的名称或使用
/safe-flow-solana-skill触发 - 根据 Skill 的参数说明提供必要输入,即可获得结构化输出
版本历史
v1.0.0
- Initial release of the SafeFlow Solana Agent Skill.
- Enables AI agents to perform autonomous, rate-limited payments on Solana.
- Provides scripts for keypair generation, owner handoff, payment execution, and config saving.
- Supports on-chain enforcement of rate limit, budget cap, session expiration, and revocation.
- Payment error handling with actionable agent responses for common failure scenarios.
元数据
常见问题
Sfaeflow Solana Skill 是什么?
Use when running SafeFlow against a deployed Solana program. Trigger for tasks such as generating an agent keypair, asking the owner to fund gas and create w... 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件,目前累计下载 85 次。
如何安装 Sfaeflow Solana Skill?
在 OpenClaw 或 Claude Code 对话框中运行命令「/install safe-flow-solana-skill」即可一键安装,无需额外配置。
Sfaeflow Solana Skill 是免费的吗?
是的,Sfaeflow Solana Skill 完全免费,采用 MIT-0 许可证,可自由下载、安装和使用。
Sfaeflow Solana Skill 支持哪些平台?
Sfaeflow Solana Skill 跨平台运行,可在任意部署了 OpenClaw / Claude Code 的环境中使用(cross-platform)。
谁开发了 Sfaeflow Solana Skill?
由 Togo(@fwangzil)开发并维护,当前版本 v1.0.0。
推荐 Skills