OpenDEX Solana Token API
v1.0.0Retrieve Solana token data, community content, market sentiment, watchlists, and perform token-related actions via OpenDEX API endpoints.
⭐ 0· 291·0 current·0 all-time
byThe Sol Penguin@solpenguin
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Benign
medium confidencePurpose & Capability
The name/description (Solana token data, community content, sentiment, watchlists) match the SKILL.md endpoints and examples. The skill declares no env vars, binaries, or installs — which is appropriate for an instruction-only HTTP API integration.
Instruction Scope
SKILL.md contains only HTTP endpoint descriptions and curl examples (public endpoints and authenticated community endpoints using an API key). It asks clients to register an API key by POSTing a wallet address and to include the key in X-API-Key for /api/v1/ routes. The document does not (in the visible portion) instruct the agent to read local files, private keys, or unrelated system data. However the SKILL.md is truncated (ends at 'Submissions (Signature Require...'), so there may be additional instructions (e.g., signing flows) not visible here — confirm the remainder does not request private keys, prompt the user to paste secrets, or instruct reading local wallet files.
Install Mechanism
There is no install spec and no code files; the skill is instruction-only and will make outbound HTTP requests. This is the lowest-risk install model because nothing is written to disk by the skill package itself.
Credentials
The skill declares no required environment variables or credentials. The API uses an API key model tied to a Solana wallet (created via POST). The lack of required platform credentials is proportionate to the described capability.
Persistence & Privilege
always is false (not force-included). disable-model-invocation is default false, which is normal for skills and expected here. The skill does not request to modify other skill configs or system settings.
Assessment
This skill appears to be a straightforward wrapper around the OpenDex HTTP API. Before installing or invoking it: 1) Review the rest of SKILL.md (the file is truncated here) to confirm it never asks you to paste private keys or to read local wallet files. 2) Prefer obtaining API keys by connecting a wallet through a trusted web wallet flow (e.g., WalletConnect) rather than pasting private keys; never share secret keys or seed phrases. 3) Verify the API host and frontend URLs (opendex-api-dy30.onrender.com and opendex.online) are legitimate and match the official project; consider visiting the frontend to confirm origin. 4) If you will use authenticated endpoints, treat the returned API key as a secret and rotate/revoke it if compromised. 5) If you need higher assurance, ask the skill author for the full SKILL.md and a link to project source or official docs; lack of a homepage/source decreases confidence.Like a lobster shell, security has layers — review code before you run it.
latestvk9789qat2xv9km6tdzkgy1w8b181ybjy
License
MIT-0
Free to use, modify, and redistribute. No attribution required.