ClawHub

solana-rent-free-dev

v1.0.6

Build Solana applications 200x cheaper for stablecoin payments, agent payments, DeFi, airdrops, token distribution, and ZK applications using Light Protocol'...

0· 438·0 current·0 all-time
by@tilo-14
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
Name/description align with declared requirements: node, solana, anchor, cargo, and the Light CLI are reasonable for building Solana programs and using Light Protocol. No unrelated credentials or services are requested.
Instruction Scope
The SKILL.md focuses on developer workflows and explicitly says to AskUserQuestion and not assume secrets. However allowed tools include Read, Glob, Grep and spawning subagents which can access local files and repository contents; the skill's instructions rely on the agent running CLI tools and loading examples. This is reasonable for a development/reference skill but pay attention to any runtime steps that the agent executes which might read keypair files or other local secrets unless you confirm first.
Install Mechanism
Instruction-only skill with no install spec or embedded code. The README suggests installing example content via `npx skills add Lightprotocol/skills` (a public GitHub-based install) — verify the repository before running npx, but there is no hidden download URL or archive extraction in the skill itself.
Credentials
No environment variables or credentials are requested. Required binaries are proportionate to the stated purpose. Reminder: the Solana CLI and local toolchain may, if invoked, access wallet keypair files or RPC endpoints configured on the host; the SKILL.md states those are user-provided, which is appropriate.
Persistence & Privilege
always:false and no install-time persistence is requested. The skill does not attempt to modify other skills or system-wide agent settings.
Assessment
This skill appears coherent for Solana development, but take these precautions before installing or running it: 1) Verify the GitHub repository (Lightprotocol/skills) referenced by the npx command before executing it. 2) Do not supply production wallet private keys or RPC secrets to the agent — use test keys or prompt approvals for any wallet operations. 3) When the agent asks to run CLI commands (solana, anchor, cargo, light), review the exact commands first because those tools may read local keypair files or config. 4) Be cautious with allowing the agent to use Read/Grep/Glob or spawn subagents — grant file access only when you understand which files will be read. 5) If you need higher assurance, manually clone and inspect the example repo before running automated steps.

Like a lobster shell, security has layers — review code before you run it.

latestvk977n12q6fjy6k429fvmnqter581vv96

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Runtime requirements

Binsnode, solana, anchor, cargo, light

Comments