ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Solpaw

v0.1.0

Launch Solana tokens on Pump.fun via the SolPaw platform. 0.1 SOL one-time fee. Your wallet is the onchain creator.

2· 900·0 current·0 all-time
by@lvcidpsyche

Install

OpenClaw Prompt Flow

Install with OpenClaw

Best for remote or guided setup. Copy the exact prompt, then paste it into OpenClaw for lvcidpsyche/solpaw-skill.

Previewing Install & Setup.
Prompt PreviewInstall & Setup
Install the skill "Solpaw" (lvcidpsyche/solpaw-skill) from ClawHub.
Skill page: https://clawhub.ai/lvcidpsyche/solpaw-skill
Keep the work scoped to this skill only.
After install, inspect the skill metadata and help me finish setup.
Required env vars: SOLPAW_API_KEY, SOLPAW_CREATOR_WALLET, SOLANA_PRIVATE_KEY
Required binaries: curl
Use only the metadata you can verify from ClawHub; do not invent missing requirements.
Ask before making any broader environment changes.

Command Line

CLI Commands

Use the direct CLI path if you want to install manually and keep every step visible.

OpenClaw CLI

Canonical install target

openclaw skills install lvcidpsyche/solpaw-skill

ClawHub CLI

Package manager switcher

npx clawhub@latest install solpaw-skill
Security Scan
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Suspicious
high confidence
!
Purpose & Capability
Name/description: launch Solana tokens with the agent as onchain creator. Declared requirements include an API key, creator wallet, and a SOLANA_PRIVATE_KEY — reasonable if the skill signs transactions locally. However, the included TypeScript implementation's launchToken() posts to /tokens/launch (server-side signing) rather than /tokens/launch-local (client-side signing). That contradicts the stated purpose that 'your wallet is the onchain creator' and the SKILL.md guidance to 'ALWAYS use Local Mode'.
!
Instruction Scope
SKILL.md describes both the local flow (build unsigned tx, sign locally, submit /tokens/submit or /tokens/launch-local) and a one-call SDK that 'pays fee + uploads + signs + submits'. But the actual solpaw-skill.ts only implements calls that use the server-side /tokens/launch endpoint and never performs local signing. Instructions expect the agent to handle private signing, but the code does not. This mismatch could lead to unexpected server-side signing or token ownership behavior.
Install Mechanism
Instruction-only skill with no download/extract install steps and only requires curl. No risky install URLs or archive extraction detected.
!
Credentials
The skill requires three env vars (SOLPAW_API_KEY, SOLPAW_CREATOR_WALLET, SOLANA_PRIVATE_KEY). API key and creator wallet are expected. Requiring the private key is only justified for local signing; but the shipped code does not use it, so requesting the private key as an environment variable appears disproportionate and unnecessary. Additionally, storing private keys in environment variables has standard security risks that users should consider.
Persistence & Privilege
No always:true, no install script that modifies other skills or system config, and the skill does not request persistent elevated privileges. Default autonomous invocation is enabled (normal).
What to consider before installing
Do not supply your Solana private key to this skill until the ownership/signing behavior is clarified. Specific actions to consider before installing or using: - Verify which API endpoint the code calls: /tokens/launch (server signs, platform becomes creator) vs /tokens/launch-local (client signs, you remain creator). The included TypeScript calls /tokens/launch — that contradicts the documentation's claim that your wallet will be the onchain creator. - Prefer local signing: if you want to remain the onchain creator, require the skill to use /tokens/launch-local or provide a signing-only helper that never sends your private key to the network or server. - Never place long-term private keys in shared environment variables on multi-user machines. Use ephemeral/local signing (hardware wallet, offline signing, or a process that reads a key from a secure keystore) where possible. - Confirm the platform wallet address and test with minimal-risk flows (use a devnet/testnet or a small-value account) before sending real funds. The 0.1 SOL payment is irreversible and could be lost or result in the platform controlling the token if the server signs. - If you plan to use this skill, request the maintainer update the SDK to clearly expose a payAndLaunch/local-signing method (and/or remove SOLANA_PRIVATE_KEY from required envs if unused), or patch the code to use /tokens/launch-local and local signing. If the maintainer cannot justify the private key requirement, treat it as unnecessary and risky.

Like a lobster shell, security has layers — review code before you run it.

Runtime requirements

🐾 Clawdis
Binscurl
EnvSOLPAW_API_KEY, SOLPAW_CREATOR_WALLET, SOLANA_PRIVATE_KEY
Primary envSOLPAW_API_KEY
latestvk979jmgdbhh3ymgemq8p2mcrq180w4xh
900downloads
2stars
1versions
Updated 14h ago
v0.1.0
MIT-0
@lvcidpsyche
latest
Download

SolPaw — Launch Tokens on Solana via Pump.fun

When to use

Use this skill when the agent needs to:

  • Launch a new memecoin / token on Solana via Pump.fun
  • Deploy a token with a name, symbol, description, and image
  • Create a Pump.fun token listing for a community, project, or meme

Overview

SolPaw is the first Solana token-launch platform for autonomous agents. It handles IPFS metadata uploads, transaction building, and Pump.fun deployment.

  • Cost: 0.1 SOL one-time platform fee + ~0.02 SOL Pump.fun creation fee per launch
  • Creator: Your agent's wallet is the real onchain creator on Pump.fun
  • Limit: 1 launch per agent per 24 hours
  • Platform wallet: 6SoPUBp68Eqhvs3fdx6GdKu5EP44ykqsjh359LyY3ZiS
  • Docs: https://solpaw.fun

Prerequisites

  1. A Solana wallet with at least 0.15 SOL (0.1 platform fee + ~0.02 Pump.fun fee + gas)
  2. A SolPaw API key (register at the API)
  3. Environment variables set:
    • SOLPAW_API_KEY — your SolPaw API key
    • SOLPAW_CREATOR_WALLET — your Solana wallet public key
    • SOLANA_PRIVATE_KEY — your wallet private key (base58 encoded, for signing)

Steps

Step 1: Register (one-time)

curl -s -X POST https://api.solpaw.fun/api/v1/agents/register \
  -H "Content-Type: application/json" \
  -d '{"agent_name":"MyAgent","default_fee_wallet":"YOUR_WALLET_ADDRESS"}' | jq .

Save the api_key from the response. It will NOT be shown again.

Step 2: Get a CSRF token

CSRF=$(curl -s -H "Authorization: Bearer $SOLPAW_API_KEY" \
  https://api.solpaw.fun/api/v1/agents/csrf | jq -r '.data.csrf_token')

Step 3: Send 0.1 SOL launch fee

Send 0.1 SOL (100,000,000 lamports) to the platform wallet: 6SoPUBp68Eqhvs3fdx6GdKu5EP44ykqsjh359LyY3ZiS

Save the transaction signature.

Step 4: Upload token image (optional but recommended)

IMAGE_ID=$(curl -s -X POST https://api.solpaw.fun/api/v1/tokens/upload-image \
  -H "Authorization: Bearer $SOLPAW_API_KEY" \
  -F "file=@token-logo.png" | jq -r '.data.image_id')

Step 5: Launch token (Local Mode — your wallet is the creator)

# Build unsigned transaction
TX_DATA=$(curl -s -X POST https://api.solpaw.fun/api/v1/tokens/launch-local \
  -H "Content-Type: application/json" \
  -H "Authorization: Bearer $SOLPAW_API_KEY" \
  -d '{
    "name": "MyCoolToken",
    "symbol": "MCT",
    "description": "An awesome token launched by an AI agent on SolPaw",
    "creator_wallet": "'$SOLPAW_CREATOR_WALLET'",
    "signer_public_key": "'$SOLPAW_CREATOR_WALLET'",
    "launch_fee_signature": "YOUR_FEE_TX_SIGNATURE",
    "image_id": "'$IMAGE_ID'",
    "initial_buy_sol": 0,
    "slippage": 10,
    "priority_fee": 0.0005,
    "csrf_token": "'$CSRF'"
  }')

# Sign the transaction with your private key, then submit
SIGNED_TX="..." # sign the base64 transaction from TX_DATA
curl -s -X POST https://api.solpaw.fun/api/v1/tokens/submit \
  -H "Content-Type: application/json" \
  -H "Authorization: Bearer $SOLPAW_API_KEY" \
  -d '{"signed_transaction": "'$SIGNED_TX'", "mint": "MINT_FROM_TX_DATA"}'

Using the TypeScript SDK (Easier)

import SolPawSkill from './solpaw-skill';
import { Keypair } from '@solana/web3.js';

const solpaw = new SolPawSkill({
  apiEndpoint: 'https://api.solpaw.fun/api/v1',
  apiKey: process.env.SOLPAW_API_KEY,
  defaultCreatorWallet: process.env.SOLPAW_CREATOR_WALLET,
});

const keypair = Keypair.fromSecretKey(bs58.decode(process.env.SOLANA_PRIVATE_KEY));

// One-call launch: pays fee + uploads + signs + submits
const result = await solpaw.payAndLaunch({
  name: 'MyCoolToken',
  symbol: 'MCT',
  description: 'Launched by an AI agent on SolPaw',
  image_url: 'https://example.com/logo.png',
  initial_buy_sol: 0.5,
}, keypair);

console.log(result.pumpfun_url); // https://pump.fun/coin/...

Constraints

  • DO NOT launch tokens without user approval — always confirm name, symbol, and description first
  • DO NOT launch more than 1 token per 24 hours (enforced server-side)
  • DO NOT include offensive or misleading token names/descriptions
  • ALWAYS include a token image — tokens without images perform poorly on Pump.fun
  • ALWAYS use Local Mode (pass signer_keypair) so the agent's wallet is the onchain creator
  • The 0.1 SOL platform fee is non-refundable once the launch succeeds
  • CSRF tokens expire after 30 minutes and are single-use
  • Image uploads expire after 30 minutes

Examples

Successful launch

Agent: I'll launch the DOGE2 token on Pump.fun for you.
> Uploading token image...
> Paying 0.1 SOL launch fee...
> Building transaction...
> Signing and submitting...
> Token launched successfully!
> Pump.fun: https://pump.fun/coin/So1...
> Mint: So1...
> Your wallet is the onchain creator.

Error: insufficient balance

Agent: Your wallet only has 0.05 SOL. You need at least 0.15 SOL to launch:
- 0.1 SOL platform fee
- ~0.02 SOL Pump.fun creation fee
- ~0.01 SOL for gas

Comments

Loading comments...