技能详情(站内镜像,无评论)
许可证:MIT-0
MIT-0 ·免费使用、修改和重新分发。无需归因。
版本:v0.1.1
统计:⭐ 0 · 708 · 0 current installs · 0 all-time installs
⭐ 0
安装量(当前) 0
🛡 VirusTotal :可疑 · OpenClaw :可疑
Package:solpaw-skill-final
安全扫描(ClawHub)
- VirusTotal :可疑
- OpenClaw :可疑
OpenClaw 评估
The skill's description and docs say launches are signed locally (your wallet is the on‑chain creator) but the shipped code uses the server-side 'launch' endpoint and never uses the SOLANA_PRIVATE_KEY it asks for — this mismatch is unexpected and risky.
目的
The skill claims 'ALWAYS use Local Mode' and that 'your wallet is the onchain creator' (SKILL.md/README). However, the TypeScript implementation's launchToken() posts to /tokens/launch (server-side signing / lightning mode) rather than /tokens/launch-local. That makes the platform (not the user's wallet) the onchain creator. Requiring a SOLANA_PRIVATE_KEY in metadata/requirements while the code does not use it is inconsistent.
说明范围
SKILL.md instructs building an unsigned transaction (/tokens/launch-local), signing locally, and submitting (/tokens/submit). The code instead calls the server 'launch' endpoint (lightning mode). The documentation and runtime instructions therefore diverge from the actual code path; this is scope/instruction mismatch that could change who controls minted tokens and how fees/ownership work.
安装机制
No install spec (instruction-only) and required binary is only curl. There is a TypeScript source file included, but nothing in the package writes arbitrary archives or pulls code from unusual URLs. Install mechanism itself is low-risk.
证书
The skill declares three env vars (SOLPAW_API_KEY, SOLPAW_CREATOR_WALLET, SOLANA_PRIVATE_KEY). SOLPAW_API_KEY and creator wallet are reasonable. Asking for SOLANA_PRIVATE_KEY (a high-value secret) is only justified if the agent will sign transactions locally; the included code does not use that key, so the requirement is disproportionate and unexplained. Storing private keys in environment variables is intrinsically sensitive — avoid unless st…
持久
always:false (good). disable-model-invocation:false (default) means the agent can call the skill autonomously. That is normally acceptable, but combined with a declared requirement for a private key (even if not used by the included code) increases the blast radius: an autonomously-invoking skill with access to a private key could sign transactions without explicit approval. The skill's own policy text requires user confirmation, but that is n…
安装(复制给龙虾 AI)
将下方整段复制到龙虾中文库对话中,由龙虾按 SKILL.md 完成安装。
请把本段交给龙虾中文库(龙虾 AI)执行:为本机安装 OpenClaw 技能「Solpaw」。简介:Launch Solana tokens on Pump.fun via the SolPaw platform. 0.1 SOL one-time fee.…。
请 fetch 以下地址读取 SKILL.md 并按文档完成安装:https://raw.githubusercontent.com/openclaw/skills/refs/heads/main/skills/lvcidpsyche/solpaw-skill-final/SKILL.md
(来源:yingzhi8.cn 技能库)SKILL.md
---
name: solpaw
description: Launch Solana tokens on Pump.fun via the SolPaw platform. 0.1 SOL one-time fee. Your wallet is the onchain creator.
homepage: https://solpaw.fun
user-invocable: true
disable-model-invocation: false
command-dispatch: tool
command-tool: exec
command-arg-mode: raw
metadata: {"openclaw": {"emoji": "🐾", "requires": {"bins": ["curl"], "env": ["SOLPAW_API_KEY", "SOLPAW_CREATOR_WALLET", "SOLANA_PRIVATE_KEY"], "config": []}, "primaryEnv": "SOLPAW_API_KEY", "install": []}}
---
# SolPaw — Launch Tokens on Solana via Pump.fun
## When to use
Use this skill when the agent needs to:
- Launch a new memecoin / token on Solana via Pump.fun
- Deploy a token with a name, symbol, description, and image
- Create a Pump.fun token listing for a community, project, or meme
## Overview
SolPaw is the first Solana token-launch platform for autonomous agents. It handles IPFS metadata uploads, transaction building, and Pump.fun deployment.
- **Cost**: 0.1 SOL one-time platform fee + ~0.02 SOL Pump.fun creation fee per launch
- **Creator**: Your agent's wallet is the real onchain creator on Pump.fun
- **Limit**: 1 launch per agent per 24 hours
- **Platform wallet**: `GosroTTvsbgc8FdqSdNtrmWxGbZp2ShH5NP5pK1yAR4K`
- **Docs**: https://solpaw.fun
## Prerequisites
1. A Solana wallet with at least 0.15 SOL (0.1 platform fee + ~0.02 Pump.fun fee + gas)
2. A SolPaw API key (register at the API)
3. Environment variables set:
- `SOLPAW_API_KEY` — your SolPaw API key
- `SOLPAW_CREATOR_WALLET` — your Solana wallet public key
- `SOLANA_PRIVATE_KEY` — your wallet private key (base58 encoded, for signing)
## Steps
### Step 1: Register (one-time)
```bash
curl -s -X POST https://api.solpaw.fun/api/v1/agents/register
-H "Content-Type: application/json"
-d '{"agent_name":"MyAgent","default_fee_wallet":"YOUR_WALLET_ADDRESS"}' | jq .
```
Save the `api_key` from the response. It will NOT be shown again.
### Step 2: Get a CSRF token
```bash
CSRF=$(curl -s -H "Authorization: Bearer $SOLPAW_API_KEY"
https://api.solpaw.fun/api/v1/agents/csrf | jq -r '.data.csrf_token')
```
### Step 3: Send 0.1 SOL launch fee
Send 0.1 SOL (100,000,000 lamports) to the platform wallet:
`GosroTTvsbgc8FdqSdNtrmWxGbZp2ShH5NP5pK1yAR4K`
Save the transaction signature.
### Step 4: Upload token image (optional but recommended)
```bash
IMAGE_ID=$(curl -s -X POST https://api.solpaw.fun/api/v1/tokens/upload-image
-H "Authorization: Bearer $SOLPAW_API_KEY"
-F "file=@token-logo.png" | jq -r '.data.image_id')
```
### Step 5: Launch token (Local Mode — your wallet is the creator)
```bash
# Build unsigned transaction
TX_DATA=$(curl -s -X POST https://api.solpaw.fun/api/v1/tokens/launch-local
-H "Content-Type: application/json"
-H "Authorization: Bearer $SOLPAW_API_KEY"
-d '{
"name": "MyCoolToken",
"symbol": "MCT",
"description": "An awesome token launched by an AI agent on SolPaw",
"creator_wallet": "'$SOLPAW_CREATOR_WALLET'",
"signer_public_key": "'$SOLPAW_CREATOR_WALLET'",
"launch_fee_signature": "YOUR_FEE_TX_SIGNATURE",
"image_id": "'$IMAGE_ID'",
"initial_buy_sol": 0,
"slippage": 10,
"priority_fee": 0.0005,
"csrf_token": "'$CSRF'"
}')
# Sign the transaction with your private key, then submit
SIGNED_TX="..." # sign the base64 transaction from TX_DATA
curl -s -X POST https://api.solpaw.fun/api/v1/tokens/submit
-H "Content-Type: application/json"
-H "Authorization: Bearer $SOLPAW_API_KEY"
-d '{"signed_transaction": "'$SIGNED_TX'", "mint": "MINT_FROM_TX_DATA"}'
```
### Using the TypeScript SDK (Easier)
```typescript
import SolPawSkill from './solpaw-skill';
import { Keypair } from '@solana/web3.js';
const solpaw = new SolPawSkill({
apiEndpoint: 'https://api.solpaw.fun/api/v1',
apiKey: process.env.SOLPAW_API_KEY,
defaultCreatorWallet: process.env.SOLPAW_CREATOR_WALLET,
});
const keypair = Keypair.fromSecretKey(bs58.decode(process.env.SOLANA_PRIVATE_KEY));
// One-call launch: pays fee + uploads + signs + submits
const result = await solpaw.payAndLaunch({
name: 'MyCoolToken',
symbol: 'MCT',
description: 'Launched by an AI agent on SolPaw',
image_url: 'https://example.com/logo.png',
initial_buy_sol: 0.5,
}, keypair);
console.log(result.pumpfun_url); // https://pump.fun/coin/...
```
## Constraints
- DO NOT launch tokens without user approval — always confirm name, symbol, and description first
- DO NOT launch more than 1 token per 24 hours (enforced server-side)
- DO NOT include offensive or misleading token names/descriptions
- ALWAYS include a token image — tokens without images perform poorly on Pump.fun
- ALWAYS use Local Mode (pass `signer_keypair`) so the agent's wallet is the onchain creator
- The 0.1 SOL platform fee is non-refundable once the launch succeeds
- CSRF tokens expire after 30 minutes and are single-use
- Image uploads expire after 30 minutes
## Examples
### Successful launch
```
Agent: I'll launch the DOGE2 token on Pump.fun for you.
> Uploading token image...
> Paying 0.1 SOL launch fee...
> Building transaction...
> Signing and submitting...
> Token launched successfully!
> Pump.fun: https://pump.fun/coin/So1...
> Mint: So1...
> Your wallet is the onchain creator.
```
### Error: insufficient balance
```
Agent: Your wallet only has 0.05 SOL. You need at least 0.15 SOL to launch:
- 0.1 SOL platform fee
- ~0.02 SOL Pump.fun creation fee
- ~0.01 SOL for gas
```