← 返回 Skills 市场
430
总下载
0
收藏
0
当前安装
3
版本数
在 OpenClaw 中安装
/install solana-payments-wallet-dev
功能描述
For stablecoin payment flows and wallet integrations on Solana 200x cheaper token accounts. Receive, send, balance, history, and client-side signing with Pri...
安全使用建议
This skill is internally consistent for building Solana light-token payment and wallet integrations. Before installing: 1) provide a HELIUS_RPC_URL (it often contains an API key) and treat it as a secret; 2) only supply Privy credentials if you plan to use the Privy signing examples — these are sensitive and are sent to Privy's API (review sign-with-privy.md and verify endpoints); 3) cargo is only required for Rust nullifier examples — you can skip Rust-related steps if you only use the TypeScript examples; 4) the skill may request spawning scoped read-only subagents for research — confirm you’re comfortable with those limited reads; and 5) review the referenced example repositories and Privy integration docs before running any signing or transaction-sending code. If you want lower risk, avoid supplying Privy secrets and avoid spawning subagents that access external documentation automatically.
功能分析
Type: OpenClaw Skill
Name: solana-payments-wallet-dev
Version: 1.0.2
The skill is classified as suspicious due to its explicit handling and transmission of highly sensitive secrets (`PRIVY_APP_SECRET`, `TREASURY_AUTHORIZATION_KEY`) to an external API (Privy) as detailed in `SKILL.md` and `references/sign-with-privy.md`. While the skill transparently warns about this behavior, the code examples in `references/sign-with-privy.md` instruct the agent to load these secrets from `process.env`, which contradicts the `SKILL.md`'s advice to use a secrets manager. This creates a significant vulnerability where an AI agent, if compromised or misdirected by prompt injection, could misuse or exfiltrate these critical credentials, even if the skill's stated purpose is legitimate.
能力评估
Purpose & Capability
Skill name/description (Solana light-token payments and wallet integrations) matches what the SKILL.md and reference files instruct. Requested binaries (node for JS examples, cargo for Rust nullifier examples) and HELIUS_RPC_URL align with the documented examples.
Instruction Scope
Runtime instructions focus on building/structuring tasks, constructing and signing Solana transactions, and optionally using Privy for embedded signing. The skill explicitly asks to spawn read-only subagents for research (Read, Glob, Grep, DeepWiki MCP) but says to scope reads to skill references, example repos, and docs. The Privy flow will transmit secrets to Privy's API (documented and warned about).
Install Mechanism
Instruction-only skill with no install spec or external downloads; lowest install risk. It does reference 'npx skills add Lightprotocol/skills' for installing examples, which is a standard GitHub-based flow documented in SKILL.md.
Credentials
Declared required env is only HELIUS_RPC_URL (needed for RPC calls). Privy-related secrets (PRIVY_APP_ID, PRIVY_APP_SECRET, TREASURY_WALLET_ID, TREASURY_AUTHORIZATION_KEY) are described as needed only for the optional Privy signing flow — they are documented but not listed as globally required; those secrets are sensitive and will be sent to Privy's endpoints when using that flow.
Persistence & Privilege
always:false and default autonomous invocation; the skill does not request persistent or cross-skill configuration access and does not modify other skills. Subagent use is explicit and scoped in the instructions.
如何使用
- 确保已安装 OpenClaw(本地或 Docker 部署)
- 在对话框中输入安装命令:
/install solana-payments-wallet-dev - 安装完成后,直接呼叫该 Skill 的名称或使用
/solana-payments-wallet-dev触发 - 根据 Skill 的参数说明提供必要输入,即可获得结构化输出
版本历史
v1.0.2
- Clarified environment variable requirements: only `HELIUS_RPC_URL` is always required; other secrets are needed only for the Privy signing flow.
- Updated metadata to reflect optional environment variables for Privy use and provided guidance on obtaining them.
- Improved security notes to reference the dedicated Privy signing guide instead of duplicating instructions.
- Simplified and clarified instructions regarding secret management and setup.
v1.0.1
1. Updated security section to clarify that Privy signing examples transmit secrets to an external API and must be reviewed before use.
2. Added warnings to load all secrets from a secrets manager and to avoid placing production secrets in an agent-global environment.
3. Expanded details about the Privy signing flow, emphasizing restrictions on endpoint exposure and log handling.
4. Improved notes on subagent scope, stressing restricted file/environment access for security.
5. Minor text edits for clarity, no changes to workflow, API, or skill functionality.
v1.0.0
- Initial release of the payments-and-wallets skill for Solana.
- Supports stablecoin payment flows and wallet integrations, leveraging 200x cheaper light-token accounts.
- Includes guides and code patterns for sending, receiving, balance checks, transaction history, and client-side signing with Privy and Solana wallet adapters.
- Optional support for nullifiers to prevent duplicate payments.
- Provides detailed security notes and environment variable requirements.
- Extensive documentation and code references linked for payments, wallets, and integration examples.
元数据
常见问题
solana-payments-wallet-dev 是什么?
For stablecoin payment flows and wallet integrations on Solana 200x cheaper token accounts. Receive, send, balance, history, and client-side signing with Pri... 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件,目前累计下载 430 次。
如何安装 solana-payments-wallet-dev?
在 OpenClaw 或 Claude Code 对话框中运行命令「/install solana-payments-wallet-dev」即可一键安装,无需额外配置。
solana-payments-wallet-dev 是免费的吗?
是的,solana-payments-wallet-dev 完全免费(开源免费),可自由下载、安装和使用。
solana-payments-wallet-dev 支持哪些平台?
solana-payments-wallet-dev 跨平台运行,可在任意部署了 OpenClaw / Claude Code 的环境中使用(cross-platform)。
谁开发了 solana-payments-wallet-dev?
由 tilo-14(@tilo-14)开发并维护,当前版本 v1.0.2。
推荐 Skills