← 返回 Skills 市场
Solana Copy Trader
作者
YouthAIAgent
· GitHub ↗
· v1.0.0
709
总下载
0
收藏
1
当前安装
1
版本数
在 OpenClaw 中安装
/install solana-copy-trader
功能描述
Solana whale copy trading bot. Track any wallet, copy trades in real-time via Jupiter + Pump.fun APIs, with paper trading simulation and live execution. Use...
安全使用建议
This package is an actual Solana trading bot and will contact multiple external services (Helius RPC, Jupiter, pump.fun, solanatracker, Coingecko, Telegram). The main red flags are: (1) the registry metadata claims no required env vars while both SKILL.md and the code require PRIVATE_KEY, HELIUS_API_KEY, BOT_TOKEN, CHAT_ID and RPC_URL — that mismatch is suspicious and should be fixed before trusting the package; (2) SKILL.md references a different directory (.env.example, solana-bot) than the manifest (files under scripts/), which suggests the published metadata or instructions were not updated — expect friction and possible runtime errors. Before installing or providing secrets: - Do NOT put your main wallet private key into .env. Use a small, dedicated wallet for testing or hardware/readonly setups. - Run the code in an isolated environment (container/VM) and inspect node_modules before running. - Start in watch or paper modes only (no PRIVATE_KEY or set paper:true). - Verify the Telegram bot and chat IDs are correct and optional. - Ask the publisher to correct registry metadata (declare required env vars and primary credential), include .env.example in the package root, and fix path inconsistencies. If the author can provide a trustworthy source URL, homepage, or VCS repo and update the metadata, re-evaluate; until then treat the package as suspicious.
功能分析
Type: OpenClaw Skill
Name: solana-copy-trader
Version: 1.0.0
The skill bundle is classified as suspicious due to its core functionality involving automated cryptocurrency trading with real funds, which inherently carries high financial risk. While the code includes safeguards like defaulting to paper trading and explicit warnings to use a burner wallet for live execution, it requires the user to provide a Solana private key for real transactions. This capability, though necessary for its stated purpose, represents a significant risk of financial loss if misused or if vulnerabilities exist in the bot's trading logic. There is no evidence of intentional malicious behavior such as unauthorized data exfiltration, persistence mechanisms, or prompt injection attempts against the AI agent.
能力评估
Purpose & Capability
The code and SKILL.md implement a Solana copy-trader/sniper/arbitrage bot (Helius, Jupiter, pump.fun, Telegram alerts). Those capabilities match the stated purpose. However the registry metadata claims no required env vars/credentials while the SKILL.md and code clearly require PRIVATE_KEY, HELIUS_API_KEY, BOT_TOKEN, CHAT_ID and RPC_URL — this mismatch is unexpected and reduces trust.
Instruction Scope
Runtime instructions and code expect you to provide a .env with PRIVATE_KEY (optional for watch-only but required for live execution), Helius API key, Telegram bot token and chat id, and RPC URLs. The bot connects to multiple external services (Helius RPC, Jupiter quote/swap APIs, Coingecko, solanatracker, pump.fun endpoints, Telegram). That is appropriate for a trading bot, but SKILL.md references a 'solana-bot' directory and a .env.example which are not present in the manifest (files live under scripts/). The instructions also offer a simple switch to turn 'paper' to 'live' — if a private key is added and paper=false the code will sign and send real transactions. Because the agent can be invoked autonomously, this increases the risk of unintended real fund movement if misconfigured.
Install Mechanism
There is no platform install spec; the package expects you to run npm install (package.json present). Dependencies are standard for this domain (@solana/web3.js, @jup-ag/api, axios, dotenv, bs58). This is a moderate-risk install model (pulling from npm) but uses known packages and no external arbitrary downloads. Developers should still audit package.json and node_modules before running with secrets.
Credentials
The environment variables the code uses (PRIVATE_KEY, HELIUS_API_KEY, BOT_TOKEN, CHAT_ID, RPC_URL, optional JITO_TIP, MAX_TRADE_SOL, MIN_PROFIT_PCT) are all proportionate for a trading bot. The problem is that the registry metadata lists 'Required env vars: none' and 'Primary credential: none', which is false given the code and SKILL.md. That omission is a significant incoherence: the skill will prompt you to add highly sensitive values (private key) but the registry doesn't declare them.
Persistence & Privilege
always:false (normal). The skill can execute trades when a private key is provided; agent autonomous invocation is allowed by default. This combination is powerful but expected for a trading bot. Users should be careful: granting a skill a private key allows it to sign/send transactions — ensure you only provide a disposable/trading-only wallet and review code before enabling live mode.
如何使用
- 确保已安装 OpenClaw(本地或 Docker 部署)
- 在对话框中输入安装命令:
/install solana-copy-trader - 安装完成后,直接呼叫该 Skill 的名称或使用
/solana-copy-trader触发 - 根据 Skill 的参数说明提供必要输入,即可获得结构化输出
版本历史
v1.0.0
Initial release — Solana whale copy trader with Jupiter + Pump.fun routing, paper trading simulation, Helius WebSocket tracking.
元数据
常见问题
Solana Copy Trader 是什么?
Solana whale copy trading bot. Track any wallet, copy trades in real-time via Jupiter + Pump.fun APIs, with paper trading simulation and live execution. Use... 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件,目前累计下载 709 次。
如何安装 Solana Copy Trader?
在 OpenClaw 或 Claude Code 对话框中运行命令「/install solana-copy-trader」即可一键安装,无需额外配置。
Solana Copy Trader 是免费的吗?
是的,Solana Copy Trader 完全免费(开源免费),可自由下载、安装和使用。
Solana Copy Trader 支持哪些平台?
Solana Copy Trader 跨平台运行,可在任意部署了 OpenClaw / Claude Code 的环境中使用(cross-platform)。
谁开发了 Solana Copy Trader?
由 YouthAIAgent(@youthaiagent)开发并维护,当前版本 v1.0.0。
推荐 Skills