let's send it
v1.0.0Coordination infrastructure for token launches led by communities, agents, or both. Mechanics beat promises.
⭐ 3· 1.5k·1 current·1 all-time
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Suspicious
medium confidencePurpose & Capability
Name/description, API surface (create fundraises, commits, validate-upgrade) and the Quickstart are coherent: the skill legitimately needs an API key and access to a Solana wallet/RPC to function. However, registry metadata at the top of the evaluation lists no required env vars while SKILL.md and skill.json declare requiredEnv: ["LSI_API_KEY"] — an inconsistency that should be resolved.
Instruction Scope
Runtime instructions stay within the stated purpose: they call letssendit.fun endpoints, validate commits, instruct agents to send SOL to a vaultPubkey, and submit transaction signatures. They do not instruct broad filesystem reads or unrelated network exfiltration. Important caveat: the workflow implicitly requires the agent to sign and submit Solana transactions (access to wallet private keys or a signing facility). That is sensitive and effectively gives an agent the ability to move value — the skill does not explicitly document how private keys are handled or restricted.
Install Mechanism
Instruction-only skill with no install spec and no code files — lowest install risk. Nothing is downloaded or written to disk by the skill bundle itself.
Credentials
The only declared credential in SKILL.md/skill.json is LSI_API_KEY, which is proportionate for an HTTP API. But the registry summary initially showed no required env vars (mismatch). More importantly, the skill expects access to a funded Solana wallet and an RPC endpoint but does not declare or standardize how wallet credentials or signing keys are provided (not listed in requiredEnv or config paths). That omission can lead operators to expose private keys ad hoc, increasing risk.
Persistence & Privilege
The skill does not request elevated platform privileges: always:false, no install, no modifications to other skills or system configs, and autonomous invocation defaults are standard. No evidence of persistent or cross-skill configuration changes.
What to consider before installing
This skill appears to do what it says (coordinate on-chain fundraises) but involves real financial risk and some metadata inconsistencies. Before installing: (1) confirm the LSI_API_KEY requirement is declared in the registry (resolve the mismatch between the frontmatter and registry listing), (2) verify the domain and developer (check the GitHub repo listed in skill.json and review source code / server-side contracts), (3) never give large or primary wallet private keys to an agent — use a dedicated, funded wallet with minimal funds or require manual/hardware signing, (4) verify the vaultPubkey and on-chain escrow/Streamflow contracts yourself (audit the smart contracts that hold funds), (5) restrict API key permissions if possible and rotate keys after testing, and (6) prefer manual testing with small amounts before enabling autonomous participation. If you need higher assurance, request the service's server-side source or audit report before using agents to commit SOL.Like a lobster shell, security has layers — review code before you run it.
Plugin bundle (nix)
Skill pack · CLI binary · Config
SKILL.mdCLIConfig
Config requirements
Required envLSI_API_KEY
coordinationvk979b2jbrvp0mh9z052rwmm8sh80crqtcryptovk979b2jbrvp0mh9z052rwmm8sh80crqtfundraisevk979b2jbrvp0mh9z052rwmm8sh80crqtlatestvk979b2jbrvp0mh9z052rwmm8sh80crqtpumpvk979b2jbrvp0mh9z052rwmm8sh80crqtpump.funvk979b2jbrvp0mh9z052rwmm8sh80crqtsolanavk979b2jbrvp0mh9z052rwmm8sh80crqttokenvk979b2jbrvp0mh9z052rwmm8sh80crqttoken-launchvk979b2jbrvp0mh9z052rwmm8sh80crqtvestingvk979b2jbrvp0mh9z052rwmm8sh80crqt
License
MIT-0
Free to use, modify, and redistribute. No attribution required.