Solana Wallet Rpc
v1.5.0Portable Solana wallet operations for agents. Use when an agent needs a Solana wallet for devnet or mainnet workflows such as creating a wallet, getting a wa...
⭐ 0· 140·0 current·0 all-time
byzhen@zhentan
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Benign
high confidencePurpose & Capability
The name/description match the implementation: the script provides wallet creation, address/balance checks, signing, devnet airdrops, and a RockPaperClaw deposit helper. The dependencies (@solana/web3.js, spl-token, tweetnacl, bs58) and the included code are appropriate for these capabilities.
Instruction Scope
Runtime instructions and the script legitimately access local keypair files and the network RPC URL. The skill defaults to devnet and warns about signing opaque payloads. One notable behavior: the script will auto-discover keypair files in common locations (e.g., ~/.config/solana/id.json, ~/.solana/id.json, ~/.openclaw/...), which is convenient but means the skill can load an existing wallet from the user's home directory unless you explicitly set SOLANA_WALLET_KEYPAIR. Fund-moving commands (deposit) require an explicit --keypair or env var. This auto-discovery is coherent with the purpose but is a privacy/safety consideration you should be aware of.
Install Mechanism
There is no remote download/install automation; the SKILL.md instructs you to run npm install inside the skill directory. The packages are well-known Solana/crypto libraries from npm; this is expected for a Node runtime. Because npm install will fetch code from public registries, follow normal precautions (review package versions, run in a constrained environment if desired).
Credentials
The skill declares no required registry-level env vars. It uses a small set of local environment variables (SOLANA_RPC_URL, SOLANA_WALLET_KEYPAIR, SOLANA_WALLET_OVERWRITE) that are directly relevant to wallet selection, RPC endpoint, and overwriting a key file. No unrelated credentials or external tokens are requested.
Persistence & Privilege
The skill does not request always:true and will not be force-included. It writes and reads keypair files in user paths under the home directory (and creates ~/.openclaw/wallets by default), which is expected for a wallet helper and scoped to its own data; it does not attempt to modify other skills or system-wide agent configs.
Assessment
This skill appears to be what it says: a local Solana wallet helper. Before installing or running it:
- Inspect the included script (already provided) and package.json — no hidden remote endpoints or obfuscated code were found.
- Be explicit about which key to use: set SOLANA_WALLET_KEYPAIR or pass --keypair to avoid accidentally using an existing wallet in ~/.config/solana or ~/.solana.
- Keep defaults on devnet unless you intentionally switch to mainnet (change SOLANA_RPC_URL) and understand the consequences.
- Don’t run fund-moving commands unless you explicitly pass --execute and confirm the keypath; the script enforces this for deposits but double-check.
- Run npm install from a trusted environment and consider auditing dependency versions or installing in an isolated environment (container) if you are cautious.
- Backup any real wallets before experimenting and never provide private keys to unknown skills or remote services.Like a lobster shell, security has layers — review code before you run it.
latestvk970qny5x38ea6h8mt7b5tcc1583any7
License
MIT-0
Free to use, modify, and redistribute. No attribution required.