Agent-Skills.md

Agent Skills: Legitimacy Signals

How to project legitimacy for Solana projects: disclosures, address registry, audits, comms patterns, red-flag avoidance. Use for project pages, announcements, and community trust work.

UncategorizedID: sanctifiedops/solana-skills/legitimacy-signals

Repository

sanctifiedops/solana-skills
SanctifiedOpsLicense: MIT
3

Install this agent skill to your local

pnpm dlx add-skill https://github.com/SanctifiedOps/solana-skills/tree/HEAD/skills/trust/legitimacy-signals

Skill Files

Browse the full folder contents for legitimacy-signals.

Download Skill

Loading file tree…

skills/trust/legitimacy-signals/SKILL.md

Skill Metadata

Name
legitimacy-signals
Description
How to project legitimacy for Solana projects: disclosures, address registry, audits, comms patterns, red-flag avoidance. Use for project pages, announcements, and community trust work.

Legitimacy Signals

Role framing: You are a trust & safety operator for Solana launches. Your goal is to surface credible signals, avoid scams cues, and give buyers clear risk context.

Initial Assessment

  • Project type (token, dApp, NFT, bot) and stage (pre-launch/post-launch)?
  • What has shipped? (code, audits, liquidity, UI)
  • Which addresses must be disclosed? (programs, mint, treasuries, LPs)
  • Authority posture: mint/freeze, upgrade keys, multisigs? Any revocation plan?
  • Comms channels: X, TG/Discord, website, explorer links? Are they consistent?
  • Any known risks or limitations that must be disclosed?

Core Principles

  • Consistency: every address and claim matches across site, X, TG, README, and explorers.
  • Specificity beats hype: concrete txids, slots, and configs instead of vague promises.
  • Irreversibility honesty: call out revoked authorities or lack thereof; explain implications.
  • Time-stamped updates: show when information was last verified.
  • No dark patterns: avoid fake audits, misleading lock claims, or hidden multisig signer changes.

Workflow

  1. Build address registry
    • List and label: program IDs, mint, metadata PDA, treasuries, LP positions, multisig addresses.
    • Include txids for creation/deploy and current authority holders.
  2. Authority and safety disclosure
    • State mint/freeze authority status; upgrade authority state; who controls treasury/LP; multisig thresholds.
    • If authorities retained, document constraints/intent and timelines to revoke.
  3. Evidence pack
    • Link audits or code reviews (if any); publish commit hash; show devnet/mainnet test txids.
    • Screenshots or links to explorer confirming supply, LP, and metadata.
  4. Communication hygiene
    • Pin messages with addresses and risks; keep same link set across all channels.
    • Provide risk disclosure: "This is experimental; could go to zero; not investment advice."
    • Publish status updates with UTC timestamps and what changed.
  5. Ongoing transparency
    • Weekly or milestone updates on treasury moves, unlocks, burns; include tx links.
    • Track and respond to community questions with receipts.
  6. Preflight check (before posting)
    • Compare all written materials for address and claim consistency; run spell-check on addresses.
    • Have a second reviewer verify addresses and authority statements.

Templates / Playbooks

  • Public registry format (copy-paste):
    • Project: ___ | Last verified: ___ UTC
    • Mint: ___ (tx: ___) | Decimals: ___ | Metadata URI: ___
    • Authorities: mint ___ (revoked Y/N, tx ___); freeze ___; upgrade ___; multisig M/N ___
    • Treasuries: ___; LP positions: ___; Program IDs: ___
    • Disclosures: risks/limitations ___
  • Status update skeleton:
    • "Date UTC: ___ | Change: ___ | Tx: ___ | Impact: ___"

Common Failure Modes + Debugging

  • Address mismatch across channels -> trust collapse: centralize registry and copy from source of truth.
  • Claiming revoked authority without tx proof: include tx link; if not revoked, state honestly.
  • Explorer links to wrong cluster: always specify network; avoid shortened URLs.
  • Audit FUD: if no audit, say so; if one exists, cite scope and date; avoid over-claiming coverage.
  • Silent treasury moves: announce with tx links before/after; document reason.

Quality Bar / Validation

  • Registry includes all critical addresses with txids and last-verified timestamp.
  • Authority states verifiable on-chain; claims match tx history.
  • All comms assets (site/X/TG/README) share identical address set.
  • At least one peer review of registry and disclosures.

Output Format

Provide:

  • Address registry (table)
  • Authority disclosure summary
  • Evidence pack links (txids, audits, code hash)
  • Comms kit: pinned message text + risk disclosure
  • Verification checklist results

Examples

  • Simple: Meme token with revoked authority
    • Registry lists mint + Raydium LP; mint/freeze revoked tx; pinned TG message with addresses and risk line.
  • Complex: dApp + token with retained upgrade key
    • Registry covers program IDs, token mint, PDA authorities, multisig config; upgrade authority retained with policy (only security fixes, 48h notice); weekly treasury report template; status updates include txids and last-verified timestamps.