Solana agent skills, compared: the portal, the marketplace, the mono-skill, and VulnHunter
Four surfaces now claim the 'Solana skills' name: solana.com/skills (the official directory), solanaskills.com (SendAI's 47-skill marketplace), the Foundation's solana-dev-skill (one deep mono-skill for the whole dev workflow), and individual skills like VulnHunter. What each one is, how they relate, and which to install when.
devrels.xyz/a/141short linkAgent skills went from novelty to infrastructure fast enough that "Solana skills" now means four different things depending on which link you clicked. One is an official directory. One is a community marketplace. One is a single deep skill maintained by the Foundation. And one is an individual skill that's really a security methodology in a trench coat. They're easy to confuse and pointless to compare as rivals — they're layers of the same stack. Here's what each one actually is.
solana.com/skills — the trust layer
The official directory. It lists the Foundation's own skill set (nine categories: reference, tooling, tokens, frontend, payments, security, testing, programs, infrastructure) alongside 40+ community skills — Jupiter, Raydium, Orca, Kamino, Drift, Metaplex, Helius, Pyth, Switchboard, VulnHunter, Surfpool and friends.
The detail that matters most is easy to miss: community skill links are pinned to specific commit hashes. A skill is instructions you install into your agent — a prompt-injection surface with a package manager. A floating main branch reference means whoever controls the repo controls what your agent believes tomorrow. Pinned hashes mean the thing the Foundation reviewed is the thing you install. That, plus the explicit DYOR disclaimer on community entries, makes solana.com/skills the closest thing the ecosystem has to a curation/trust layer — use it as your index even when the skill itself lives elsewhere.
solanaskills.com — the breadth layer
SendAI's directory frontend for the sendaifun/skills marketplace — currently 47 skills spanning DeFi (the Jupiter suite alone is ~11 skills), infrastructure (Helius, QuickNode, Squads, MagicBlock, Light Protocol), oracles, data, cross-chain, and NFTs. We covered the marketplace in depth in our Solana Skills directory piece — the short version: these are per-protocol context packs. Your agent doesn't need the Kamino skill until the day it needs to integrate Kamino, and then it really does.
# whole marketplace
npx skills add sendaifun/skills
# or one skill
npx skills add sendaifun/skills --skill vulnhunterThe trade-off against the official portal is the usual marketplace one: breadth and speed over review depth. SendAI moves faster and covers more protocols; the Foundation curates harder. Use both accordingly.
solana-foundation/solana-dev-skill — the depth layer
solana-dev-skill (525★, MIT) is a different animal: not a directory but a single mono-skill that teaches an agent the entire modern Solana development workflow, stated boldly as "January 2026 best practices." One SKILL.md routes into fourteen reference files:
- Client: framework-kit UI patterns (
@solana/client+@solana/react-hooks), @solana/kit v5, and the web3.js compat boundary - Programs: Anchor by default, Pinocchio when CUs matter
- Testing: LiteSVM/Mollusk for unit, Surfpool for integration — including a cheatcodes reference
- Codegen: Codama-first IDL and client generation
- The unglamorous gold: a version-compatibility matrix (Anchor/Solana/Rust/GLIBC), an error-message → solution mapping, security patterns, and Token-2022 confidential transfers
That compatibility matrix and error-mapping pair is arguably the highest-value content in the whole ecosystem — it's the stuff LLMs reliably hallucinate (version pins, GLIBC errors, toolchain mismatches) captured as ground truth. This is also the skill that's opinionated: it tells your agent what the blessed stack is, which is exactly what you want from the Foundation and exactly what a protocol-specific marketplace skill can't do.
VulnHunter — what a good skill looks like inside
Zoom into one community skill to see what the format is capable of. VulnHunter (in the SendAI marketplace, listed on solana.com/skills under tooling) is a security-audit skill combining two Trail of Bits-inspired methodologies: sharp-edges detection — hunting dangerous defaults, error-prone APIs, crypto footguns, permissive configs — and variant analysis — taking one known vulnerability and pattern-matching for its siblings across a codebase.
Two things make it worth studying. First, it's methodology, not API documentation — it changes how the agent hunts, not what endpoints it knows. Skills that encode judgment transfer across projects; skills that encode endpoints go stale with the next API version. Second, it ships the full anatomy — SKILL.md plus docs, examples, resources, and templates directories — the shape the docs-as-a-tool pattern converges on when done properly. If you're writing your own skill, copy this structure before you copy anyone's prose.
The comparison, flattened
- solana.com/skills — official directory · Foundation-curated · pinned commit hashes · your discovery and trust index
- solanaskills.com (sendaifun/skills) — community marketplace · 47 protocol skills · fastest coverage · install per integration
- solana-dev-skill — one official mono-skill · whole dev workflow, opinionated · 525★ · install on day one of any Solana project
- VulnHunter — one community skill · security methodology (sharp edges + variant analysis) · install before a review, and study its structure before writing your own
The practical setup for a Solana team in 2026: solana-dev-skill always; the specific marketplace skills for the protocols you actually integrate; VulnHunter when code review or an audit is coming; and solana.com/skills as the index you trust for what's worth installing — at which commit.
The honest read
Skills are the highest-leverage, lowest-effort way to make an agent competent on Solana — and they're also unaudited instructions you paste into the thing that writes your code. The ecosystem's answer so far (Foundation curation, pinned hashes, DYOR labels) is directionally right and procedurally thin: there's no signing, no diff review on update, no revocation story. The 47-skill marketplace pushed to main two months ago; freshness varies per skill. None of this is a reason to abstain — it's a reason to treat skill installs like dependency adds: pin, read the diff, and prefer methodology-shaped skills that age well over endpoint-shaped skills that don't.
Resources
- solana.com/skills — the official directory
- solanaskills.com · github.com/sendaifun/skills — SendAI's marketplace
- github.com/solana-foundation/solana-dev-skill — the Foundation mono-skill
- VulnHunter — security skill (sharp edges + variant analysis)
- Our related coverage: the Solana Skills directory · solana.new · ProofNetwork's docs-as-a-tool MCP · the agent-registry gap
Keep reading
The hard part of agent integrations isn't discovery — it's auth. integrations.sh bets on that: a map of every service surface an agent can reach, each with a grounded credential guide and honest detected/discovered provenance, all served as one machine-readable api.json. Solana has the most mature agent tooling in crypto and yet appears nowhere in it. Here's the model, the verified gap, and what a Solana service should publish.
Block's engineering team identified that AI shifted the bottleneck from building to deploying safely. 1,000+ internal apps, 80% non-engineer users, security-org endorsed. The same gap exists in every Solana team shipping internal tooling — treasury dashboards, validator monitors, DAO analytics. Here's the pattern.
Give an AI agent a wallet and you've given it your private key. OWS — MoonPay's open standard — keeps keys local in ~/.ows, gates every signature through a policy engine, and exposes a CLI, SDKs, and an MCP server. One seed, nine chains including Solana. The model.
Get new articles in your inbox
Technical deep-dives on Solana tooling, infrastructure, and ecosystem. No noise.
