ClawHub

Solana Dev Skill

v1.0.0

End-to-end Solana development playbook (Jan 2026). Prefer Solana Foundation framework-kit (@solana/client + @solana/react-hooks) for React/Next.js UI. Prefer @solana/kit for all new client/RPC/transaction code. When legacy dependencies require web3.js, isolate it behind @solana/web3-compat (or @solana/web3.js as a true legacy fallback). Covers wallet-standard-first connection (incl. ConnectorKit), Anchor/Pinocchio programs, Codama-based client generation, LiteSVM/Mollusk/Surfpool testing, and security checklists.

3· 2k·2 current·2 all-time
by@h4rkl
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
The name/description (Solana dev playbook) matches the included files and runtime instructions: frontend, SDK, Anchor/Pinocchio programs, testing, codegen, payments, and security checklists. No unrelated binaries, env vars, or credentials are required.
Instruction Scope
The SKILL.md and supporting docs provide developer guidance and example code snippets (file paths, CLI commands, example env var names such as NEXT_PUBLIC_SOLANA_RPC_URL). These are specific to Solana development and do not instruct the agent to read or exfiltrate unrelated system files or secrets. Note: the skill expects the agent to operate on project files (produce diffs/patches) when asked to implement changes — which is coherent for a dev skill.
Install Mechanism
This is an instruction-only skill (no install spec). The docs mention installing typical third-party tooling (cargo install surfpool, npm packages, etc.), which is proportionate for the stated purpose. There are no downloads from unknown URLs or extract/install directives embedded in the skill metadata.
Credentials
No required environment variables, credentials, or config paths are declared or demanded by the skill. Example env var names and RPC endpoints are referenced for legitimate configuration; nothing requests AWS keys, private keys, or unrelated tokens.
Persistence & Privilege
Skill flags are default (always: false, user-invocable: true, autonomous invocation allowed). The skill does not request permanent presence, system-level changes, or modification of other skills' configs.
Assessment
This skill is a developer playbook (pure documentation) and appears internally consistent with its stated goal. Before installing/using: 1) Verify the skill source/author if you need provenance (the registry metadata lists an owner id but no homepage). 2) Treat commands that operate on your repo or ask for diffs as requiring project file access—do not paste private keys or wallet seed phrases into the agent. 3) Follow installs (cargo, npm) only from official registries; inspect any third-party package versions before running. 4) When using Surfpool/Surfnet RPC helpers, run them against local testnets only — avoid pointing dev tooling at mainnet RPC endpoints with real keys. Overall this skill looks coherent and appropriate for Solana development.

Like a lobster shell, security has layers — review code before you run it.

blockchainvk97f5ys389jn18m7a5szsdw59980fd8vdevvk97f5ys389jn18m7a5szsdw59980fd8vlatestvk97f5ys389jn18m7a5szsdw59980fd8vprogrammingvk97f5ys389jn18m7a5szsdw59980fd8vrustvk97f5ys389jn18m7a5szsdw59980fd8vsolanavk97f5ys389jn18m7a5szsdw59980fd8vwalletvk97f5ys389jn18m7a5szsdw59980fd8vweb3vk97f5ys389jn18m7a5szsdw59980fd8v
2kdownloads
3stars
1versions
Updated 1mo ago
v1.0.0
MIT-0
@h4rkl
blockchaindevlatestprogrammingrustsolanawalletweb3
Download

Solana Development Skill (framework-kit-first)

What this Skill is for

Use this Skill when the user asks for:

  • Solana dApp UI work (React / Next.js)
  • Wallet connection + signing flows
  • Transaction building / sending / confirmation UX
  • On-chain program development (Anchor or Pinocchio)
  • Client SDK generation (typed program clients)
  • Local testing (LiteSVM, Mollusk, Surfpool)
  • Security hardening and audit-style reviews

Default stack decisions (opinionated)

  1. UI: framework-kit first
  • Use @solana/client + @solana/react-hooks.
  • Prefer Wallet Standard discovery/connect via the framework-kit client.
  1. SDK: @solana/kit first
  • Prefer Kit types (Address, Signer, transaction message APIs, codecs).
  • Prefer @solana-program/* instruction builders over hand-rolled instruction data.
  1. Legacy compatibility: web3.js only at boundaries
  • If you must integrate a library that expects web3.js objects (PublicKey, Transaction, Connection), use @solana/web3-compat as the boundary adapter.
  • Do not let web3.js types leak across the entire app; contain them to adapter modules.
  1. Programs
  • Default: Anchor (fast iteration, IDL generation, mature tooling).
  • Performance/footprint: Pinocchio when you need CU optimization, minimal binary size, zero dependencies, or fine-grained control over parsing/allocations.
  1. Testing
  • Default: LiteSVM or Mollusk for unit tests (fast feedback, runs in-process).
  • Use Surfpool for integration tests against realistic cluster state (mainnet/devnet) locally.
  • Use solana-test-validator only when you need specific RPC behaviors not emulated by LiteSVM.

Operating procedure (how to execute tasks)

When solving a Solana task:

1. Classify the task layer

  • UI/wallet/hook layer
  • Client SDK/scripts layer
  • Program layer (+ IDL)
  • Testing/CI layer
  • Infra (RPC/indexing/monitoring)

2. Pick the right building blocks

  • UI: framework-kit patterns.
  • Scripts/backends: @solana/kit directly.
  • Legacy library present: introduce a web3-compat adapter boundary.
  • High-performance programs: Pinocchio over Anchor.

3. Implement with Solana-specific correctness

Always be explicit about:

  • cluster + RPC endpoints + websocket endpoints
  • fee payer + recent blockhash
  • compute budget + prioritization (where relevant)
  • expected account owners + signers + writability
  • token program variant (SPL Token vs Token-2022) and any extensions

4. Add tests

  • Unit test: LiteSVM or Mollusk.
  • Integration test: Surfpool.
  • For "wallet UX", add mocked hook/provider tests where appropriate.

5. Deliverables expectations

When you implement changes, provide:

  • exact files changed + diffs (or patch-style output)
  • commands to install/build/test
  • a short "risk notes" section for anything touching signing/fees/CPIs/token transfers

Progressive disclosure (read when needed)

Comments

Loading comments...