← 返回 Skills 市场

solana-light-token-client

Name: solana-light-token-client
Author: tilo-14

作者 tilo-14 · GitHub ↗ · v1.0.6

cross-platform ⚠ suspicious

468

总下载

当前安装

版本数

在 OpenClaw 中安装

/install solana-light-token-client

功能描述

For client development with tokens on Solana, Light Token is 200x cheaper than SPL and has minimal changes. Skill includes guides for create mints, associate...

安全使用建议

This skill is a cookbook for building and running Light Token client code and is internally coherent. However, it explicitly reads your Solana private key file (~/.config/solana/id.json) and requires an RPC API_KEY — both are sensitive. Before installing or running: (1) Verify the skill's upstream repository and documentation (metadata lists https://github.com/Lightprotocol/skills and https://www.zkcompression.com). (2) Do not provide your production/mainnet keypair or high-value accounts — use ephemeral/devnet keys or keys stored in a secrets manager. (3) Restrict the agent's filesystem/network permissions if possible; the instructions encourage spawning subagents that can read files (Read/Glob/Grep) — ensure those subagents are scoped. (4) Rotate RPC keys after testing and avoid hardcoding secrets. (5) If you need stronger assurance, request the full upstream source (real repo) and verify code examples against the official Lightprotocol examples repository before giving the skill access to your keys or mainnet RPC.

功能分析

Type: OpenClaw Skill Name: solana-light-token-client Version: 1.0.6 The skill is classified as suspicious due to the direct reading of the user's Solana keypair file (`~/.config/solana/id.json`) in multiple TypeScript code examples (e.g., `references/approve.md`, `references/create-associated-token-account.md`). While this access is explicitly declared in `SKILL.md` as a requirement for devnet/mainnet examples and is common for local development, it represents a high-risk capability. If an AI agent were to execute this code in an unconstrained environment or under a malicious prompt, it could lead to the unauthorized exposure or use of the user's private keys, constituting a significant vulnerability. There is no evidence of intentional malicious behavior by the skill author, such as exfiltration to undeclared endpoints or obfuscation, but the direct access to sensitive local files makes it a risky capability.

能力评估

✓ Purpose & Capability

Name/description (Light Token client cookbook) align with required binaries (node, cargo) and examples in TypeScript and Rust. Requiring an RPC API key and a Solana keypair file (~/.config/solana/id.json) is consistent with creating/signing transactions against devnet/mainnet.

ℹ Instruction Scope

The SKILL.md and reference files include example code that reads your Solana keypair from ~/.config/solana/id.json and uses process.env.API_KEY for RPC access. The workflow also instructs spawning read-only subagents (Read, Glob, Grep) scoped to documentation and example repos — which is reasonable for research but still grants filesystem read capability if allowed. This skill explicitly instructs reading a sensitive private key file to sign transactions; that behavior is expected for the stated purpose but is sensitive and should be limited to test keys or secrets-managed keys.

✓ Install Mechanism

Instruction-only skill with no install spec or downloads. No code is installed on disk by the skill itself, lowering supply-chain risk.

ℹ Credentials

Only API_KEY is required (Helius/Triton RPC key) and the Solana keypair path is requested — both are justified for interacting with networks and signing transactions. These are sensitive credentials; the SKILL.md recommends storing them in a secrets manager for production. No unrelated credentials are requested.

✓ Persistence & Privilege

always:false and no install hooks or modifications to other skills are present. The skill does not request permanent elevated platform privileges.

如何使用

确保已安装 OpenClaw（本地或 Docker 部署）
在对话框中输入安装命令：/install solana-light-token-client
安装完成后，直接呼叫该 Skill 的名称或使用 /solana-light-token-client 触发
根据 Skill 的参数说明提供必要输入，即可获得结构化输出

版本历史

v1.0.6

- Added a table comparing token account creation costs between SPL (~2,000,000 lamports) and Light Token (~11,000 lamports). - No changes to features, APIs, or code; this is a documentation enhancement for user clarity.

v1.0.5

- Updated `openclaw.requires` to use `config` instead of `configs` for Solana keypair path. - No code or functional changes; only metadata adjustment for improved environment variable specification.

v1.0.4

- Updated workflow instructions to clarify the process for spawning read-only subagents when stuck. - Reworded the subagent guidance for clarity and user action ("ask to spawn" instead of directly telling). - No functional or API changes; documentation improvements only.

v1.0.3

- Added configs key to metadata.openclaw.requires to require "~/.config/solana/id.json" for devnet/mainnet usage. - No code or functional changes; documentation and prerequisites now clarify required config files for certain network environments.

v1.0.2

- Added new prerequisite section clarifying the need for `API_KEY` (Helius or Triton RPC key) and local payer keypair for devnet/mainnet. - Updated `env` requirements to specify `API_KEY` for devnet/mainnet usage. - Expanded security disclosures to address API key usage and configuration best practices. - Clarified that localnet does not require external credentials or `API_KEY`. - Minor workflow and security section clarifications for better guidance on setup and agent behavior.

v1.0.1

No functional or documentation changes; version bump only. - Version updated to 1.0.1 without file or content modifications. - No impact on usage, features, or documentation.

v1.0.0

Initial release of light-token-client skill. - Adds guides and cookbook for using Light Token on Solana—covering creation, transfer, burn, approval, wrapping, and more. - Supports both TypeScript (`@lightprotocol/compressed-token`) and Rust (`light_token_client`) SDKs. - Includes detailed references for all core token operations with links to full documentation and example code. - No credentials or secrets required; security best practices clearly documented. - Designed for developers building client applications requiring cost-efficient token operations on Solana.

元数据

Slug solana-light-token-client

版本 1.0.6

许可证 —

累计安装 0

当前安装数 0

历史版本数 7

常见问题

solana-light-token-client 是什么？

For client development with tokens on Solana, Light Token is 200x cheaper than SPL and has minimal changes. Skill includes guides for create mints, associate... 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件，目前累计下载 468 次。

如何安装 solana-light-token-client？

在 OpenClaw 或 Claude Code 对话框中运行命令「/install solana-light-token-client」即可一键安装，无需额外配置。

solana-light-token-client 是免费的吗？

是的，solana-light-token-client 完全免费（开源免费），可自由下载、安装和使用。

solana-light-token-client 支持哪些平台？

solana-light-token-client 跨平台运行，可在任意部署了 OpenClaw / Claude Code 的环境中使用（cross-platform）。

谁开发了 solana-light-token-client？

由 tilo-14（@tilo-14）开发并维护，当前版本 v1.0.6。