← 返回 Skills 市场
Solana Easy Swap
作者
in-liberty420
· GitHub ↗
· v1.0.1
769
总下载
0
收藏
0
当前安装
2
版本数
在 OpenClaw 中安装
/install solana-easy-swap
功能描述
Swap any Solana token from chat. Say 'swap 1 SOL for USDC' and it handles everything — quoting, signing, sending, confirming. No API keys, no wallet extensions, no setup beyond a keypair. Powered by Jupiter. Use when a user wants to swap, trade, exchange, buy, or sell Solana SPL tokens, SOL, USDC, memecoins, or any token pair on Solana.
安全使用建议
This skill is internally consistent and appears to be what it claims: it will read the keypair file you point it to, query Jupiter, build and sign transactions, and submit them to your chosen Solana RPC. That is expected behavior for an on-device swap tool, but be aware of the security implications: granting SOLANA_KEYPAIR_PATH means the skill (when run) can sign/spend from that wallet. Only use a keypair you trust the skill to access (consider a dedicated low-balance wallet for testing). Review the script (scripts/swap.mjs) yourself before installing, keep npm installs isolated (use a container or VM if unsure), and ensure the agent prompts you and never executes swaps without your explicit confirmation. If you need higher assurance, use a hardware wallet or a workflow that never exposes private key material to third-party code.
功能分析
Type: OpenClaw Skill
Name: solana-easy-swap
Version: 1.0.1
This skill is designed to facilitate Solana token swaps and appears benign. It transparently declares its need to access the user's Solana keypair via `SOLANA_KEYPAIR_PATH` for signing transactions, and explicitly states it does not create, import, or manage keys. The `SKILL.md` and `examples/agent-prompt.md` files contain strong instructions for the AI agent to always seek explicit user confirmation before executing swaps, warn about high price impact, and never auto-retry failed on-chain transactions, indicating a focus on user safety and preventing prompt injection. The `scripts/swap.mjs` code uses standard Solana libraries, validates all user inputs (e.g., mint addresses, amounts), and stores temporary transaction data in a UUID-named file within a `.cache` directory, preventing path traversal or sensitive data exposure. No evidence of data exfiltration, unauthorized persistence, or other malicious intent was found.
能力评估
Purpose & Capability
Name/description (swap SPL tokens using a local keypair and Jupiter) align with the actual requirements: node binary, a SOLANA_KEYPAIR_PATH pointing to a local keypair, and a script that calls Jupiter and the Solana RPC. There are no unrelated credentials, unknown third-party hosts, or unrelated binaries requested.
Instruction Scope
SKILL.md instructs the agent to read the keypair (declared env var), call prepare/execute/status/receipt via the provided CLI, show the prepare summary and obtain user confirmation before executing. The runtime instructions and the included script operate only on swap-related data, call Jupiter endpoints and the Solana RPC, and store prepared-swap metadata under a local .cache path. The instructions do not ask the agent to read unrelated files or exfiltrate secrets.
Install Mechanism
There is no remote arbitrary-download installer. The metadata recommends running npm install in the skill directory; the package.json and package-lock reference standard npm packages (e.g., @solana/web3.js, bs58). No URL shorteners, personal servers, or extracted archives are used in the install spec.
Credentials
Only SOLANA_KEYPAIR_PATH is required (plus optional RPC and slippage envs). That is proportional: signing transactions requires access to a private key. No unrelated secrets or multiple service credentials are requested. Note: access to the keypair grants the ability to sign and spend funds from that account — this is expected but high-risk in practice.
Persistence & Privilege
The skill is not force-installed (always: false) and does not request system-wide privileges. It writes prepared-swap JSON files into a local .cache directory within the skill path and does not modify other skills or global agent settings. Agent autonomous invocation is allowed by default but is not unusual; the skill's own guidelines require explicit user confirmation before sending transactions.
如何使用
- 确保已安装 OpenClaw(本地或 Docker 部署)
- 在对话框中输入安装命令:
/install solana-easy-swap - 安装完成后,直接呼叫该 Skill 的名称或使用
/solana-easy-swap触发 - 根据 Skill 的参数说明提供必要输入,即可获得结构化输出
版本历史
v1.0.1
Fix scanner concerns: add npm install spec in metadata, move prepared swap storage from /tmp to skill-local .cache/, strengthen keypair trust documentation
v1.0.0
Initial release of Solana Easy Swap — swap any Solana token directly from chat.
- Swap SOL, USDC, memecoins, and any SPL tokens using simple commands (e.g., "swap 1 SOL for USDC").
- Handles quoting, user confirmation, transaction signing, sending, and status tracking.
- No API keys or wallet extensions required; just provide a keypair.
- Powered by Jupiter for routing and pricing.
- Comprehensive error handling with clear retry guidance.
- Output includes transaction summaries for user confirmation and Solscan links for receipts.
元数据
常见问题
Solana Easy Swap 是什么?
Swap any Solana token from chat. Say 'swap 1 SOL for USDC' and it handles everything — quoting, signing, sending, confirming. No API keys, no wallet extensions, no setup beyond a keypair. Powered by Jupiter. Use when a user wants to swap, trade, exchange, buy, or sell Solana SPL tokens, SOL, USDC, memecoins, or any token pair on Solana. 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件,目前累计下载 769 次。
如何安装 Solana Easy Swap?
在 OpenClaw 或 Claude Code 对话框中运行命令「/install solana-easy-swap」即可一键安装,无需额外配置。
Solana Easy Swap 是免费的吗?
是的,Solana Easy Swap 完全免费(开源免费),可自由下载、安装和使用。
Solana Easy Swap 支持哪些平台?
Solana Easy Swap 跨平台运行,可在任意部署了 OpenClaw / Claude Code 的环境中使用(cross-platform)。
谁开发了 Solana Easy Swap?
由 in-liberty420(@in-liberty420)开发并维护,当前版本 v1.0.1。
推荐 Skills