技能详情(站内镜像,无评论)
许可证:MIT-0
MIT-0 ·免费使用、修改和重新分发。无需归因。
版本:v3.0.2
统计:⭐ 0 · 765 · 2 current installs · 2 all-time installs
⭐ 0
安装量(当前) 2
🛡 VirusTotal :可疑 · OpenClaw :可疑
Package:solpaw-launcher
安全扫描(ClawHub)
- VirusTotal :可疑
- OpenClaw :可疑
OpenClaw 评估
The skill's documentation promises client-side/local signing, but the included code calls a server-side launch endpoint and still requires a private key in environment variables — the pieces don't line up and warrant caution.
目的
Name/description (launch Solana tokens) match the API and files (SDK, README, API docs). However the code calls the server-side /tokens/launch endpoint (server-signing / 'Lightning' mode) while the SKILL.md and README repeatedly recommend Local Mode (/tokens/launch-local) and claim the agent's wallet will be the onchain creator. The skill also declares SOLANA_PRIVATE_KEY as required, but the TypeScript code does not use it. This mismatch betwe…
说明范围
SKILL.md provides explicit curl commands for registering, fetching a CSRF token, uploading images, building an unsigned transaction (launch-local) and submitting a signed transaction. Those instructions are scoped to the launch task and do not ask for unrelated system files. However the README and SKILL.md strongly advise local signing while the shipped SDK code uses the server-signing endpoint — that divergence changes what data is actually n…
安装机制
Instruction-only / TypeScript source included; no download-from-URL installs or remote execution steps. package.json and TS file are present but there is no high-risk install mechanism. Required binary 'curl' is reasonable for the curl examples.
证书
The declared required env vars (SOLPAW_API_KEY, SOLPAW_CREATOR_WALLET, SOLANA_PRIVATE_KEY, SOLPAW_API_URL) mostly make sense: API key and creator wallet for the service. But SOLANA_PRIVATE_KEY is flagged as required even though the provided TypeScript code never uses it (the code does not perform local signing). Asking for a private key is high-sensitivity and should only be requested if local signing is actually implemented. That mismatch is …
持久
The skill is not always-enabled, it is user-invocable only, and model invocation is disabled (so it cannot autonomously run). It does not request system-wide config paths or try to modify other skills. No persistence/privilege escalation indicators.
安装(复制给龙虾 AI)
将下方整段复制到龙虾中文库对话中,由龙虾按 SKILL.md 完成安装。
请把本段交给龙虾中文库(龙虾 AI)执行:为本机安装 OpenClaw 技能「Solpaw-Launcher」。简介:Launch Solana tokens on Pump.fun via the SolPaw platform. 0.1 SOL one-time fee.…。
请 fetch 以下地址读取 SKILL.md 并按文档完成安装:https://raw.githubusercontent.com/openclaw/skills/refs/heads/main/skills/lvcidpsyche/solpaw-launcher/SKILL.md
(来源:yingzhi8.cn 技能库)SKILL.md
---
name: solpaw
description: Launch Solana tokens on Pump.fun via the SolPaw platform. 0.1 SOL one-time fee. Your wallet is the onchain creator.
homepage: https://solpaw.fun
user-invocable: true
disable-model-invocation: true
command-dispatch: tool
command-tool: exec
command-arg-mode: raw
metadata: {"openclaw": {"emoji": "🐾", "requires": {"bins": ["curl"], "env": ["SOLPAW_API_KEY", "SOLPAW_CREATOR_WALLET", "SOLANA_PRIVATE_KEY", "SOLPAW_API_URL"], "config": []}, "primaryEnv": "SOLPAW_API_KEY", "install": []}}
---
# SolPaw — Launch Tokens on Solana via Pump.fun
## When to use
Use this skill when the user explicitly asks to:
- Launch a new memecoin / token on Solana via Pump.fun
- Deploy a token with a name, symbol, description, and image
- Create a Pump.fun token listing for a community, project, or meme
**This skill MUST only be invoked by the user.** Do not autonomously launch tokens.
## Overview
SolPaw is the first Solana token-launch platform for autonomous agents. It handles IPFS metadata uploads, transaction building, and Pump.fun deployment.
- **Cost**: 0.1 SOL one-time platform fee + ~0.02 SOL Pump.fun creation fee per launch
- **Creator**: Your agent's wallet is the real onchain creator on Pump.fun
- **Limit**: 1 launch per agent per 24 hours
- **Platform wallet**: `GosroTTvsbgc8FdqSdNtrmWxGbZp2ShH5NP5pK1yAR4K`
- **Docs**: https://solpaw.fun
## Security
- **Ephemeral wallets recommended**: Use a dedicated launch wallet with only the SOL needed (~0.15 SOL). Never use your main wallet's private key.
- **SOLANA_PRIVATE_KEY** is used exclusively for local transaction signing. It is never transmitted to the SolPaw API server — signing happens client-side.
- **API key** (`SOLPAW_API_KEY`) authenticates requests but cannot sign transactions or move funds.
- **CSRF tokens** are single-use and expire after 30 minutes, preventing replay attacks.
- **Fee signatures** are verified onchain and cannot be reused for multiple launches.
- **Daily limit**: 1 launch per agent per 24 hours, enforced server-side.
- **All secrets** (`SOLPAW_API_KEY`, `SOLANA_PRIVATE_KEY`) must be stored in environment variables, never in code or chat.
## Prerequisites
1. A Solana wallet with at least 0.15 SOL (0.1 platform fee + ~0.02 Pump.fun fee + gas)
2. A SolPaw API key (register at the API)
3. Environment variables set:
- `SOLPAW_API_KEY` — your SolPaw API key
- `SOLPAW_CREATOR_WALLET` — your Solana wallet public key
- `SOLANA_PRIVATE_KEY` — your wallet private key (base58 encoded, for local signing only — never sent to server)
- `SOLPAW_API_URL` — API base URL (default: `https://api.solpaw.fun/api/v1`)
## Steps
### Step 1: Register (one-time)
```bash
curl -s -X POST https://api.solpaw.fun/api/v1/agents/register
-H "Content-Type: application/json"
-d '{"agent_name":"MyAgent","default_fee_wallet":"YOUR_WALLET_ADDRESS"}' | jq .
```
Save the `api_key` from the response. It will NOT be shown again.
### Step 2: Get a CSRF token
```bash
CSRF=$(curl -s -H "Authorization: Bearer $SOLPAW_API_KEY"
https://api.solpaw.fun/api/v1/agents/csrf | jq -r '.data.csrf_token')
```
### Step 3: Send 0.1 SOL launch fee
Send 0.1 SOL (100,000,000 lamports) to the platform wallet:
`GosroTTvsbgc8FdqSdNtrmWxGbZp2ShH5NP5pK1yAR4K`
Save the transaction signature.
### Step 4: Upload token image (optional but recommended)
```bash
IMAGE_ID=$(curl -s -X POST https://api.solpaw.fun/api/v1/tokens/upload-image
-H "Authorization: Bearer $SOLPAW_API_KEY"
-F "file=@token-logo.png" | jq -r '.data.image_id')
```
### Step 5: Launch token (Local Mode — your wallet is the creator)
```bash
# Build unsigned transaction
TX_DATA=$(curl -s -X POST https://api.solpaw.fun/api/v1/tokens/launch-local
-H "Content-Type: application/json"
-H "Authorization: Bearer $SOLPAW_API_KEY"
-d '{
"name": "MyCoolToken",
"symbol": "MCT",
"description": "An awesome token launched by an AI agent on SolPaw",
"creator_wallet": "'$SOLPAW_CREATOR_WALLET'",
"signer_public_key": "'$SOLPAW_CREATOR_WALLET'",
"launch_fee_signature": "YOUR_FEE_TX_SIGNATURE",
"image_id": "'$IMAGE_ID'",
"initial_buy_sol": 0,
"slippage": 10,
"priority_fee": 0.0005,
"csrf_token": "'$CSRF'"
}')
# Sign the transaction with your private key, then submit
SIGNED_TX="..." # sign the base64 transaction from TX_DATA
curl -s -X POST https://api.solpaw.fun/api/v1/tokens/submit
-H "Content-Type: application/json"
-H "Authorization: Bearer $SOLPAW_API_KEY"
-d '{"signed_transaction": "'$SIGNED_TX'", "mint": "MINT_FROM_TX_DATA"}'
```
### Using the TypeScript SDK (Easier)
```typescript
import SolPawSkill from './solpaw-skill';
import { Keypair } from '@solana/web3.js';
const solpaw = new SolPawSkill({
apiEndpoint: 'https://api.solpaw.fun/api/v1',
apiKey: process.env.SOLPAW_API_KEY,
defaultCreatorWallet: process.env.SOLPAW_CREATOR_WALLET,
});
const keypair = Keypair.fromSecretKey(bs58.decode(process.env.SOLANA_PRIVATE_KEY));
// One-call launch: pays fee + uploads + signs + submits
const result = await solpaw.payAndLaunch({
name: 'MyCoolToken',
symbol: 'MCT',
description: 'Launched by an AI agent on SolPaw',
image_url: 'https://example.com/logo.png',
initial_buy_sol: 0.5,
}, keypair);
console.log(result.pumpfun_url); // https://pump.fun/coin/...
```
## Constraints
- **DO NOT launch tokens without explicit user approval** — always confirm name, symbol, and description first
- DO NOT launch more than 1 token per 24 hours (enforced server-side)
- DO NOT include offensive or misleading token names/descriptions
- ALWAYS include a token image — tokens without images perform poorly on Pump.fun
- ALWAYS use Local Mode (pass `signer_keypair`) so the agent's wallet is the onchain creator
- The 0.1 SOL platform fee is non-refundable once the launch succeeds
- CSRF tokens expire after 30 minutes and are single-use
- Image uploads expire after 30 minutes
- NEVER log, display, or transmit `SOLANA_PRIVATE_KEY` — it is used for local signing only
## Examples
### Successful launch
```
Agent: I'll launch the DOGE2 token on Pump.fun for you.
> Uploading token image...
> Paying 0.1 SOL launch fee...
> Building transaction...
> Signing and submitting...
> Token launched successfully!
> Pump.fun: https://pump.fun/coin/So1...
> Mint: So1...
> Your wallet is the onchain creator.
```
### Error: insufficient balance
```
Agent: Your wallet only has 0.05 SOL. You need at least 0.15 SOL to launch:
- 0.1 SOL platform fee
- ~0.02 SOL Pump.fun creation fee
- ~0.01 SOL for gas
```