Solana Trade

The name/description (Solana dApp, wallet flows, programs, testing, security) match the SKILL.md content. There are no unrelated required binaries, environment variables, or config paths requested — everything the skill describes is appropriate for a Solana development playbook.

The SKILL.md stays on-topic (UI, SDK, programs, testing, security) and explicitly instructs being explicit about cluster/RPC endpoints, fee payer, signers, and testing strategies. That is expected. One minor note: the file references several progressive-disclosure docs (frontend-framework-kit.md, security.md, etc.) that are not present in the package; this may simply mean the skill expects those docs to be provided elsewhere or are placeholders. Also, the instructions cover signing and key-handling practices — while appropriate for the domain, these inherently relate to private keys; the skill itself does not request or store credentials, but following its guidance could involve handling sensitive keys, so users should avoid pasting private keys into chat.

This is instruction-only with no install spec and no code files — lowest-risk installation footprint. The skill does reference npm packages and toolnames as recommended dependencies, which is normal for a playbook, but it does not automatically fetch or run them.

The skill declares no required env vars, credentials, or config paths. The content sensibly discusses fee payers, RPC endpoints, and signing (which in practice require keys), but the skill does not request those secrets itself. This is proportionate given its purpose; however, users should be cautious when asked (by the agent or during development) to provide keys or secrets.

always is false and the skill is user-invocable. It does not request persistent installation, nor does it attempt to modify other skills or system-wide agent settings. Autonomous invocation is allowed by platform default but the skill does not claim additional privileges.