x402agent/pump-shell-scripts
.agents/skills/pump-shell-scripts/SKILL.md
Production-quality Bash scripts for Solana vanity generation, keypair verification, batch operations, dependency auditing, and test orchestration — with security-hardened patterns including file permissions, input validation, and cleanup traps.
$ install --global
skillsauthnpx skillsauth add x402agent/solana-clawd pump-shell-scriptsInstall this skill globally with one command. Works with Claude Code, Cursor, and Windsurf.
Security Scan Results
3 of 9 scanners reported clean
Some scanners were skipped, did not run, or reported a non-clean status. Review each row below.
3
Scanners Passed
9
Scanners in report
Clean
TrivyContainer and dependency vulnerability scanner
95%
Clean
SemgrepStatic code analysis for vulnerabilities
95%
Clean
mcp-scan (Snyk)Model Context Protocol security validation
95%
Skipped
Snyk (dep)Open source security scanning
50%
Skipped
Socket.devSupply chain security analysis
50%
Skipped
VirusTotalMulti-engine malware detection
50%
Skipped
CrowdStrikeAdvanced threat intelligence
50%
Skipped
OSV-ScannerOpen Source Vulnerability database check
50%
Skipped
OWASP Dep-Check
50%
Last scanned: Apr 16, 2026, 2:38 AM8.5s1 file scanned
SKILL.md
- name:
- pump-shell-scripts
- description:
- Production-quality Bash scripts for Solana vanity generation, keypair verification, batch operations, dependency auditing, and test orchestration — with security-hardened patterns including file permissions, input validation, and cleanup traps.
- homepage:
- https://github.com/nirholas/pump-fun-sdk
Shell Scripting & CLI Tools — Production Bash Scripts
Production-quality Bash scripts for vanity generation, keypair verification, batch operations, dependency auditing, and test orchestration with security-hardened patterns.
Scripts Overview
| Script | Purpose |
|--------|---------|
| scripts/utils.sh | Shared library (colors, logging, validation, cleanup) |
| scripts/generate-vanity.sh | Vanity address generation via solana-keygen |
| scripts/batch-generate.sh | Parallel batch generation |
| scripts/verify-keypair.sh | 7-point keypair verification |
| scripts/test-rust.sh | 10-step Rust test orchestration |
| tools/audit-dependencies.sh | Dependency security audit |
| tools/check-file-permissions.sh | File permission validation |
| tools/verify-keypair.ts | TypeScript 9-point verifier |
Keypair Verification (7 Points)
verify_keypair() {
# 1. File exists
# 2. Valid JSON array
# 3. Exactly 64 bytes
# 4. File permissions are 0600
# 5. solana-keygen verify passes
# 6. Public key matches filename
# 7. Re-derive public key from secret matches
}
Security Patterns
# Cleanup trap
trap 'cleanup_temp_files' EXIT ERR INT TERM
# File permissions
chmod 600 "$keypair_file"
# Input validation
validate_base58() {
[[ "$1" =~ ^[1-9A-HJ-NP-Za-km-z]+$ ]] || die "Invalid Base58"
}
# No shell injection
# Use "$var" (quoted) everywhere, never $var
Makefile Integration
| Target | Description |
|--------|-------------|
| make test-rust | Run Rust test suite |
| make bench | Run Criterion benchmarks |
| make generate | Generate a vanity address |
| make verify | Verify a keypair file |
| make audit | Audit dependencies |
Patterns to Follow
- Source
scripts/utils.shin all scripts for shared utilities - Use
set -euo pipefailat the top of every script - Quote all variable expansions:
"$var"not$var - Use
trapfor cleanup of temporary files - Validate all user input (Base58, paths, integers)
- Set
chmod 600on any keypair file immediately after creation
Common Pitfalls
solana-keygen verifyexpects the address as the first argument, not the fileshredis not available on all systems — check withcommand -vmktemppatterns differ between macOS and Linuxread -ris essential to prevent backslash interpretation- Always use
[[ ]]over[ ]for conditionals
Related Skills
x402agent/qedgen
development
VerifiedTrustedCommunity
Formally verify programs by writing Lean 4 proofs. Trigger this skill whenever the user wants to formally verify code, generate Lean 4 proofs, prove properties about algorithms or smart contracts, verify invariants, convert program logic into formal specifications, or anything involving Lean 4 and formal verification. Also trigger when the user mentions "qedgen", "lean proof", "formal proof", "verify my code", "prove correctness", "formal verification", or wants mathematical guarantees about their implementation.
15SKILL.mdUpdated Apr 19, 2026
x402agent/skills/swarm-orchestrator
data-ai
VerifiedTrustedCommunity
Orchestrate multi-bot trading swarms on Pump.fun with persona-driven agents
14SKILL.mdUpdated Apr 19, 2026
x402agent/solana-dev
tools
VerifiedTrustedCommunity
End-to-end Solana development playbook (Jan 2026). Prefer Solana Foundation framework-kit (@solana/client + @solana/react-hooks) for React/Next.js UI. Prefer @solana/kit for all new client/RPC/transaction code. When legacy dependencies require web3.js, isolate it behind @solana/web3-compat (or @solana/web3.js as a true legacy fallback). Covers wallet-standard-first connection (incl. ConnectorKit), Anchor/Pinocchio programs, Codama-based client generation, LiteSVM/Mollusk/Surfpool testing, and security checklists.
14SKILL.mdUpdated Apr 19, 2026
x402agent/skills/pumpfun-trading
tools
VerifiedTrustedCommunity
Buy and sell tokens on Pump.fun bonding curves and AMM pools
14SKILL.mdUpdated Apr 19, 2026