← 返回 Skills 市场
XRPL Token Sniping
作者
HarleysCodes
· GitHub ↗
· v1.0.0
654
总下载
0
收藏
0
当前安装
1
版本数
在 OpenClaw 中安装
/install xrpl-token-snipe
功能描述
Monitor XRPL for new token launches, verify issuer flags for safety, and execute fast token buys while managing XRP reserves to minimize risk.
安全使用建议
This skill is coherent in intent (monitor XRPL and buy new tokens) but contains unclear and inconsistent instructions that raise safety concerns. Before using it you should: (1) verify the identity and reputation of the endpoints (xlrps-1.xrpl.link, xrplcluster.com) — do not use unknown hosts for private-key operations; (2) require the author to explicitly state dependencies and an install procedure (e.g., npm install xrpl) and provide secure key-handling instructions (use a vault, never paste private keys into chat or plain files); (3) ask the author to fix inconsistent flag logic and XRPL terminology and to explain how transaction signing and submitting is done securely; (4) test any code in a sandbox or on testnet with a throwaway wallet and minimal funds first; and (5) prefer skills that publish source, a homepage, and a verifiable owner identity. If you cannot confirm endpoints and private-key handling, do not run it with real funds.
功能分析
Type: OpenClaw Skill
Name: xrpl-token-snipe
Version: 1.0.0
The skill is classified as suspicious due to its inherent high-risk nature, requiring direct access to a user's cryptocurrency wallet for submitting transactions on the XRPL network. While the `SKILL.md` provides safety instructions and connects to legitimate XRPL endpoints, it clearly demonstrates the prompt injection attack surface by issuing direct commands and decision-making guidance to the AI agent (e.g., 'SKIP if:', 'MUST VERIFY:'). This capability, even if used for benign purposes in this instance, represents a significant vulnerability that could be exploited if the skill were modified or if malicious instructions were injected.
能力评估
Purpose & Capability
The skill claims to detect new XRPL tokens and buy them, and the SKILL.md contains code examples that implement subscribing to transactions and submitting Payment transactions. That overall purpose matches the content. However, the skill does not declare required dependencies (it uses require('xrpl') in examples) or any credential/environment requirements despite needing a wallet/private key to submit transactions, which is a proportionality mismatch.
Instruction Scope
Instructions tell an agent to subscribe to a WebSocket, parse transactions, and execute immediate buys (front-running). The guidance references a 'wallet' and submitting transactions but gives no secure method for supplying or protecting private keys. Some guidance is inconsistent or inaccurate for XRPL (e.g., mixing 'contract ownership renounced' language, inconsistent guidance about lsfRequireAuth vs. skip logic). The endpoints in examples differ (xlrps-1.xrpl.link vs xrplcluster.com), which is ambiguous and could cause the agent to contact unexpected servers.
Install Mechanism
This is instruction-only (no install spec), which reduces direct install risk. But the examples assume the 'xrpl' Node library and WebSocket connectivity; the skill does not document installing that dependency. Also the skill directs traffic to third-party endpoints (unknown domains), which is a network-supply risk even without an install step.
Credentials
No environment variables or primary credential are declared, yet the runtime examples require a wallet (private key) to sign/submit transactions. There is no guidance on where that key comes from or how it should be stored, which is a security hygiene problem: submitting transactions requires sensitive credentials but the skill doesn't declare or protect them. The skill also references external endpoints of unclear trustworthiness.
Persistence & Privilege
always is false and there is no install or code that requests persistent elevated privileges or modifies other skills/config. The skill does not request persistent presence or platform-wide changes.
如何使用
- 确保已安装 OpenClaw(本地或 Docker 部署)
- 在对话框中输入安装命令:
/install xrpl-token-snipe - 安装完成后,直接呼叫该 Skill 的名称或使用
/xrpl-token-snipe触发 - 根据 Skill 的参数说明提供必要输入,即可获得结构化输出
版本历史
v1.0.0
Initial release of xrpl-token-snipe as "firstledger-snipe".
- Detects new token issuances on XRPL via WebSocket subscription.
- Monitors mempool for fresh token offers.
- Enables fast, automated front-running of token buys.
- Provides guidelines for auditing token issuer flags for safety.
- Advises on XRP reserve management and risk.
元数据
常见问题
XRPL Token Sniping 是什么?
Monitor XRPL for new token launches, verify issuer flags for safety, and execute fast token buys while managing XRP reserves to minimize risk. 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件,目前累计下载 654 次。
如何安装 XRPL Token Sniping?
在 OpenClaw 或 Claude Code 对话框中运行命令「/install xrpl-token-snipe」即可一键安装,无需额外配置。
XRPL Token Sniping 是免费的吗?
是的,XRPL Token Sniping 完全免费(开源免费),可自由下载、安装和使用。
XRPL Token Sniping 支持哪些平台?
XRPL Token Sniping 跨平台运行,可在任意部署了 OpenClaw / Claude Code 的环境中使用(cross-platform)。
谁开发了 XRPL Token Sniping?
由 HarleysCodes(@harleyscodes)开发并维护,当前版本 v1.0.0。
推荐 Skills