solana-stream-light
v1.0.2For data pipelines, aggregators, or indexers, real-time account state streaming on Solana with light account hot/cold lifecycle tracking. Stream Light token...
⭐ 0· 308·0 current·0 all-time
by@tilo-14
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Benign
medium confidencePurpose & Capability
Name/description (Solana real-time streaming, hot/cold lifecycle) matches the contents: Rust code snippets, Laserstream gRPC usage, and examples for token/mint/PDA streaming. Requiring 'cargo' is proportional for building the provided Rust examples. No unexpected binaries or unrelated cloud creds are requested.
Instruction Scope
The SKILL.md instructs the agent to plan, ask clarifying questions, and then execute using agent tools including spawning subagents and using Read/Glob/Grep to search the local repository. That file access is reasonable for a developer-facing indexing skill but is a privacy surface: subagents could read arbitrary files in the working directory unless you restrict them. The skill explicitly advises restricting the working directory; follow that guidance.
Install Mechanism
There is no install spec in the skill bundle (instruction-only), which minimizes risk. SKILL.md does mention an external installation command (npx skills add Lightprotocol/skills) and points to a GitHub repo; if you run that, review the remote repository before executing installs or running its code. Building the Rust examples locally (cargo) will compile code — inspect source before compiling or running.
Credentials
The skill declares no required environment variables (env: []). Example code references HELIUS_API_KEY and RPC URLs as placeholders and the documentation states API keys are user-provided. This is coherent, but be aware that to actually connect to Laserstream/RPC endpoints you typically need provider keys; do not set sensitive credentials unless you trust and have reviewed your environment and any code you build from the referenced repo.
Persistence & Privilege
The skill does not request persistent privileges (always: false) and does not modify other skills' config. It can spawn subagents (normal behavior) but does not assert permanent inclusion or elevated platform privileges.
Assessment
This skill appears coherent for building streaming/indexing pipelines, but take these precautions before installing or running anything: 1) Review the referenced GitHub repository (Lightprotocol/skills) before running any npx install or executing example code. 2) When invoking subagents or allowing file access, restrict their working directory to your project to avoid accidental leakage of unrelated secrets or private files. 3) Building examples with cargo will compile code — inspect source for unexpected behavior before running built binaries. 4) The SKILL.md uses HELIUS_API_KEY as a placeholder: do not paste high‑privilege keys into examples or environment variables unless necessary and you trust the code. 5) If you want higher assurance, ask the publisher for a signed release or packaged artifact rather than running arbitrary install commands.Like a lobster shell, security has layers — review code before you run it.
latestvk970gk70vx4rs361kdrssr4s4x81vmp7
License
MIT-0
Free to use, modify, and redistribute. No attribution required.
Runtime requirements
Binscargo