一键导入
onchain-skill-resolver
Fetch, verify, and install agent skills stored entirely on the Solana blockchain, given only a Metaplex Core asset address.
用 Codex 或 Claude 帮你安装 复制这段 Prompt,粘贴到 Codex、Claude 或其他助手里,让它检查 Skill 页面并帮你完成安装。
菜单
Fetch, verify, and install agent skills stored entirely on the Solana blockchain, given only a Metaplex Core asset address.
用 Codex 或 Claude 帮你安装 复制这段 Prompt,粘贴到 Codex、Claude 或其他助手里,让它检查 Skill 页面并帮你完成安装。
基于 SOC 职业分类
| name | onchain-skill-resolver |
| description | Fetch, verify, and install agent skills stored entirely on the Solana blockchain, given only a Metaplex Core asset address. |
| version | 0.1.0 |
| license | MIT |
This skill teaches an agent how to retrieve another agent skill whose source code lives entirely in Solana account state, addressed by a single Metaplex Core asset address. No GitHub, no Arweave, no IPFS, no indexer — one RPC call returns the code.
Use this skill when the user gives you a Solana address and says it is an on-chain skill, package, or repository (e.g. "install the skill at
"), or when a manifest you are reading refers to a dependency by a Solana asset address.An on-chain skill is a Metaplex Core asset with two relevant plugins:
standard: always onchain-skill/0.1version: semver stringcontent_sha256: hex digest of the compressed archive bytesencoding: tar+gzipentrypoint: path inside the archive, normally SKILL.mdlicense: SPDX identifierpermissions: comma-separated capability list; empty means read-onlytar.gz archive of the
skill directory itself.The asset's update authority is the maintainer. If the AppData data authority has been revoked, the skill is immutable: the bytes you fetch today are the bytes everyone fetches forever.
getAccountInfo(assetAddress, { encoding: "base64" }) against any Solana
RPC endpoint for the cluster in question.standard is not onchain-skill/0.1.content_sha256, STOP. Do not decompress, do not install, and report the
mismatch to the user... traversal segments, symlinks, or hardlinks.entrypoint file and present the skill's name, version, license,
declared permissions, file list, and total size to the user.If the asset carries a second AppData partition tagged attestation, it contains
a JSON document binding the minting wallet to an external identity (for example a
sigstore/OIDC identity). Verify the signature chain before displaying the
publisher as verified; otherwise display the raw mint authority address and label
it unverified.
$ gitlana install 7fUAJdStEuGbc3sM84cKRL6yYaaSstyLSU4ve5oovLS7
resolving asset on mainnet-beta...
manifest: onchain-skill/0.1 name=example-skill version=0.1.0 license=MIT
archive: 9,412 bytes sha256 OK
permissions: (none — read-only)
files: SKILL.md, scripts/fetch.mjs
install to ~/.agent/skills/example-skill? [y/N]
| Symptom | Meaning | Action |
|---|---|---|
| Account not found | Wrong cluster or address | Confirm cluster with the user |
| No Attributes plugin | Not an on-chain skill asset | Refuse politely |
| Hash mismatch | Data authority replaced bytes after manifest write, or hostile mint | Refuse loudly |
| Archive has traversal paths | Hostile archive | Refuse loudly |
The whole payload lives in one Solana account, so the maximum skill size is bounded by the 10 MiB account limit and, practically, by rent economics. Keep skills small: a skill is instructions plus at most a few small scripts, not a vendored dependency tree. Rent on the account is what keeps the bytes alive; never close the asset account of a published skill others may depend on.