Solana Connect

v3.0.0

OpenClaw Solana Connect — Secure toolkit for AI agents to interact with Solana blockchain. Features private key protection, max limits, dry-run mode, and hum...

⭐ 0· 790·0 current·0 all-time

by@seenfinity

OpenClaw Prompt Flow

Install with OpenClaw

Best for remote or guided setup. Copy the exact prompt, then paste it into OpenClaw for seenfinity/solana-connect.

Previewing Install & Setup.

Prompt PreviewInstall & Setup

Install the skill "Solana Connect" (seenfinity/solana-connect) from ClawHub.
Skill page: https://clawhub.ai/seenfinity/solana-connect
Keep the work scoped to this skill only.
After install, inspect the skill metadata and help me finish setup.
Required env vars: SOLANA_RPC_URL, MAX_SOL_PER_TX, MAX_TOKENS_PER_TX, HUMAN_CONFIRMATION_THRESHOLD
Use only the metadata you can verify from ClawHub; do not invent missing requirements.
Ask before making any broader environment changes.

Command Line

CLI Commands

Use the direct CLI path if you want to install manually and keep every step visible.

OpenClaw CLI

Canonical install target

openclaw skills install seenfinity/solana-connect

ClawHub CLI

Package manager switcher

npx clawhub@latest install solana-connect

Security Scan

VirusTotal

Benign

View report →

OpenClaw

Suspicious

medium confidence

✓

Purpose & Capability

Name/description (Solana interaction) align with included code and declared npm deps (@solana/web3.js, tweetnacl, bs58). Required env vars (RPC URL and limits) are relevant to the stated purpose.

Instruction Scope

SKILL.md and README instruct normal usage (generateWallet, sendSol) but contain ambiguous/mismatched examples. The test suite and some examples call sendSol with the wallet address where a private key is expected, indicating incorrect guidance. The docs advise using environment variables for private keys but do not declare any PRIVATE_KEY env var; the runtime code expects a privateKey parameter to be passed into sendSol/connectWallet. These inconsistencies could cause accidental exposure or misuse of private keys or runtime errors.

✓

Install Mechanism

No risky download/install URLs. Dependencies are standard npm packages declared in package.json and package-lock.json (official packages like @solana/web3.js, tweetnacl, bs58). SKILL.md also lists the same npm installs. Package sources appear normal.

ℹ

Credentials

Requested env vars (SOLANA_RPC_URL, MAX_SOL_PER_TX, MAX_TOKENS_PER_TX, HUMAN_CONFIRMATION_THRESHOLD) are appropriate and proportionate. However, documentation recommends storing private keys in env vars but the metadata does not declare any private-key env variable as required; the code expects private keys as function parameters. This mismatch is an operational gap that could lead integrators to store secrets insecurely or to supply keys incorrectly at runtime.

✓

Persistence & Privilege

No always:true, no system-wide config writes, and no unusual persistence or privilege escalation. The skill is instruction-only with local JS files; it does not request elevated platform privileges.

What to consider before installing

This package appears to implement Solana tooling but has several coherence and correctness issues you should address before use: - Key handling mismatch: generateWallet() returns only a public address, but sendSol() requires a base58 private key. The test suite incorrectly passes an address where a private key is expected — expect runtime failures if you follow tests verbatim. - Secret management ambiguity: README/ SKILL.md recommend using environment variables for private keys but the skill metadata does not declare a private-key env var; the code expects private keys as parameters. Decide on a secure secret flow (platform secret store, not plaintext env vars) and update docs and metadata. - Human confirmation & mainnet safety: the code enforces dry-run and thresholds, but warnings about mainnet are printed only; double-check enforcement logic before sending real funds (and never run on mainnet with real keys until audited). - Minor correctness issues: simulation code tries to reference transaction.signature (which may be undefined), and keypair/seed handling (fromSeed slicing) is brittle and may not match common wallet secret formats. These are bugs that could cause failed or malformed transactions. Recommendations: 1) Do not supply real private keys to this skill until the above are fixed and you understand how the key material is used. 2) Require the maintainer to fix the test/example usage and clarify how keys should be passed securely (prefer platform secret storage or explicit private-key env var declared in metadata). 3) Audit the signing and serialization logic (tweetnacl usage, signature attachment, simulation fields) before any mainnet use. 4) If you lack the ability to review/fix the code, treat this as untrusted and run only in isolated test environments (no real funds).

Like a lobster shell, security has layers — review code before you run it.

Runtime requirements

EnvSOLANA_RPC_URL, MAX_SOL_PER_TX, MAX_TOKENS_PER_TX, HUMAN_CONFIRMATION_THRESHOLD

latestvk97eck183bpjr7a5wx85af3jt1818hb5

790downloads

0stars

12versions

Updated 2mo ago

v3.0.0

MIT-0

🔗 OpenClaw Solana Connect v3.0

Secure toolkit for AI agents to interact with Solana blockchain

🛡️ Security Features

Private Key Protection - Keys never exposed to agent
Max Limits - Configurable transaction limits
Dry-Run Mode - Simulate before sending (default)
Human Confirmation - Required for large transactions
Testnet Default - Safe by default

What Works

Function	Status	Description
`generateWallet()`	✅ Works	Generate wallet addresses
`connectWallet()`	✅ Works	Validate wallet addresses
`getBalance()`	✅ Works	Read SOL/token balances
`getTransactions()`	✅ Works	Read transaction history
`getTokenAccounts()`	✅ Works	Read token holdings
`sendSol()`	✅ Works	Send SOL (with security)

Installation

clawhub install solana-connect

Environment Variables

SOLANA_RPC_URL - RPC endpoint (default: testnet)
MAX_SOL_PER_TX - Max SOL per transaction (default: 10)
MAX_TOKENS_PER_TX - Max tokens per transaction (default: 10000)
HUMAN_CONFIRMATION_THRESHOLD - SOL amount requiring human confirmation (default: 1)

Usage

const { generateWallet, getBalance, sendSol, getConfig } = require('./scripts/solana.js');

// Generate wallet (address only - private key protected)
const wallet = generateWallet();
console.log('Address:', wallet.address);

// Check balance
const balance = await getBalance(wallet.address);

// Send SOL (DRY-RUN by default - simulation only)
const result = await sendSol(privateKey, toAddress, 0.5, { dryRun: true });
console.log('Simulation:', result);

// Send real transaction
const tx = await sendSol(privateKey, toAddress, 0.5, { dryRun: false, skipConfirmation: true });
console.log('Signature:', tx.signature);

Security Options

// Dry-run (simulation) - safe, doesn't send
await sendSol(key, to, amount, { dryRun: true });

// Real transaction - requires explicit flag
await sendSol(key, to, amount, { dryRun: false });

// Skip human confirmation (for automated agents)
await sendSol(key, to, amount, { dryRun: false, skipConfirmation: true });

Security: Never hardcode private keys. Use environment variables.

Comments

Loading comments...