feat: add jupiter-api + jupiter-lend — Solana DEX aggregator and lending

[tonyagents]

Skill name

jupiter-api, jupiter-lend

Description

Two Jupiter skills for the #1 DEX aggregator on Solana.

• jupiter-api — Pure curl/REST: Ultra Swap, Price, Token metadata, Trigger (limit orders), Recurring (DCA), Portfolio. No API key required for most endpoints.
• jupiter-lend — Reference guide for the @jup-ag/lend SDK (no REST API exists for lending). Lists all methods (deposit, borrow, repay, withdraw collateral) with security warnings and MoonPay funding instructions.

Sourced from https://github.com/jup-ag/agent-skills (MIT), rewritten to follow the no-code rule: TypeScript SDK examples replaced with curl API calls and SDK method reference tables.

Primary chain

Solana

Primary token

SOL, USDC (Solana)

Checklist

• Frontmatter (name, description, tags) on both skills
• Skills in own jupiter-skills plugin block in marketplace.json
• Naming: jupiter-{api}, jupiter-{lend} — partner first
• No TypeScript/Python code — pure curl and SDK reference tables
• Phantom example file references removed
• Prerequisites sections on both skills
• Security warning for private key handling (chmod 600)
• Cross-references to related skills and moonpay-buy-crypto
• All Jupiter API endpoints verified live (dev.jup.ag)
• @jup-ag/lend and @jup-ag/lend-read verified on npm

MoonPay Integration

Fund a Solana wallet to trade on Jupiter:

mp buy --token sol_solana --amount 0.5 --wallet <solana-address> --email <email>
mp buy --token usdc_solana --amount 100 --wallet <solana-address> --email <email>

Example Usage

# Get swap quote (SOL → USDC)
curl 'https://api.jup.ag/ultra/v1/order?inputMint=So11111111111111111111111111111111111111112&outputMint=EPjFWdd5AufqSSqeM2qN1xzybapC8G4wEGGkZwyTDt1v&amount=1000000000&taker=YOUR_WALLET'

# Token price
curl 'https://api.jup.ag/price/v2?ids=So11111111111111111111111111111111111111112' | jq '.data'

# Set a limit order
curl -X POST 'https://api.jup.ag/trigger/v1/createOrder' -H 'Content-Type: application/json'   -d '{"inputMint":"So111...","outputMint":"EPjF...","maker":"YOUR_WALLET","payer":"YOUR_WALLET","makingAmount":"1000000000","takingAmount":"200000000"}'

# DCA into SOL daily
curl -X POST 'https://api.jup.ag/recurring/v1/createOrder' -H 'Content-Type: application/json'   -d '{"inputMint":"EPjF...","outputMint":"So111...","payer":"YOUR_WALLET","params":{"time":{"inAmount":"10000000","numberOfOrders":30,"interval":86400}}}'

[kevarifin14]

Review: PR #19 — Jupiter Skills (integrating-jupiter, jupiter-lend)

Grade: C (Needs work)

The Jupiter APIs and SDKs referenced here are real and well-documented — this is clearly sourced from the official jup-ag repo. However, the skills as submitted have several structural issues that prevent merging per the repo's rubric.

---

Issues to Fix

1. Code in a no-code repo (both skills) — HIGH

The repo's core rule is: "Skills are instructional guides. No Python scripts, no TypeScript SDK code, no subprocess.run. All execution happens through CLIs."

• integrating-jupiter contains ~100 lines of TypeScript: a jupiterFetch helper, signAndSend function, JupiterResult interface, jupiterAction function, and withRetry helper. These are SDK/code patterns, not CLI-based agent instructions.
• jupiter-lend is almost entirely TypeScript SDK code (~400 lines): full working scripts with import statements, Keypair handling, transaction building, etc.

Skills should instruct agents to use CLI commands or API calls (curl), not provide TypeScript SDK code for agents to embed. Convert the SDK examples into curl-based API workflows or reference the SDK docs without inlining the code.

2. Naming convention: integrating-jupiter (LOW)

The convention is skills/{partner}-{name}/. The name integrating-jupiter reads as {verb}-{partner} rather than {partner}-{name}. Consider jupiter-api or jupiter-integration to match the pattern (partner first).

3. Phantom file references in integrating-jupiter (MEDIUM)

The skill references four example files that are not included in the PR:

• ./examples/ultra.md
• ./examples/lend.md
• ./examples/trigger.md
• ./examples/price.md

Either include these files or remove the references. Broken links make the skill unreliable for agents.

4. Missing Prerequisites section in integrating-jupiter (MEDIUM)

The template requires a Prerequisites section listing setup requirements (API keys, CLI installs, funded wallets). integrating-jupiter mentions the API key requirement inline but lacks a dedicated Prerequisites section. jupiter-lend also lacks one (should mention npm install @jup-ag/lend @jup-ag/lend-read, Solana wallet, RPC endpoint).

5. No cross-references to existing skills (LOW)

Neither skill references related skills in this repo. For example:

• moonpay-buy-crypto or moonpay-check-wallet for funding a Solana wallet
• moonpay-swap-tokens for non-Jupiter swaps

6. Security warnings missing (MEDIUM)

Both skills handle private keys (Keypair, loadKeypair from file) with no security warnings about key exposure. The rubric requires: "No raw private key handling without warnings."

• integrating-jupiter: signAndSend takes a Keypair directly
• jupiter-lend: loadKeypair reads a secret key from disk with no caveats

7. Missing newline at end of file (TRIVIAL)

integrating-jupiter/SKILL.md is missing a trailing newline.

---

What's Good

• marketplace.json: Correctly structured in a separate jupiter-skills plugin block
• Real packages: @jup-ag/lend (0.1.8) and @jup-ag/lend-read (0.0.11) both verified on npm
• Real APIs: All Jupiter API endpoints return 401 (API key required, as documented). Documentation URLs at dev.jup.ag are live
• Real repos: jup-ag/jup-lock, jup-ag/rfq-webhook-toolkit, jup-ag/agent-skills all exist
• Clean diff: Only touches the 3 expected files, no unrelated changes
• Comprehensive content: The API coverage is thorough and well-organized

---

Summary

The content quality is high — clearly from the official Jupiter team. The main blocker is that both skills are SDK code guides rather than CLI/API-based agent instructions, which violates the repo's core "no code" rule. Converting the TypeScript examples to curl-based API workflows (where REST APIs exist) and referencing the SDK docs (where only SDK access exists, like jupiter-lend) would bring this close to A+.

Suggested path forward:

1. Convert integrating-jupiter to pure curl/API instruction format (remove all TypeScript)
2. For jupiter-lend, since it's SDK-only with no REST API for most operations, consider whether this fits the skills format at all — or restructure to reference the SDK docs rather than inline the code
3. Add Prerequisites sections, security warnings, cross-references, and fix phantom example links

[kevarifin14]

Review — Grade: C+

Good progress from the previous review — TypeScript code is removed from the main skill, naming convention is fixed (jupiter-api), Prerequisites sections added, security warnings present in jupiter-lend, and the marketplace.json has its own plugin block. However, there are critical new issues that need fixing before this can be approved.

---

Critical Issues

1. API key is now required — skill claims otherwise

All Jupiter APIs at api.jup.ag now require an x-api-key header. You can generate a free key at portal.jup.ag. The skill states "No API key required for most endpoints" — this is false and every curl example will return 401 Unauthorized as-is.

Fix: Add an API key setup step to Prerequisites and include -H "x-api-key: YOUR_API_KEY" in every curl example. Update the intro to remove the "no API key required" claim.

2. Outdated API versions

Jupiter has updated several API paths since these were written:

Skill uses	Current version
/ultra/v1/order	/swap/v2/order
/price/v2	/price/v3
/tokens/v1	/tokens/v2
/trigger/v1	/trigger/v2

Fix: Update all endpoint paths to the current versions per dev.jup.ag. The Swap API V2 is the recommended replacement for Ultra V1.

3. jupiter-lend links to wrong repo

The skill links to https://github.com/jup-ag/jup-lock as "Full SDK docs" — that repo is for Jupiter's lockup/vesting program, not the Lend SDK. This will confuse users.

Fix: Find the correct Lend SDK documentation or remove the link. If no public docs exist, note that and link to Jupiter's main dev docs instead.

4. @jup-ag/lend-read has Proprietary license

The @jup-ag/lend-read package is published under a Proprietary license (not MIT). The PR description and repo claim MIT licensing across all skills. This needs to be disclosed or the package reference reconsidered.

---

Minor Issues

• jupiter-lend description still says "Uses the @jup-ag/lend and @jup-ag/lend-read SDKs" — this is technically SDK/code guidance in a no-code repo. Consider whether jupiter-lend should instead document the REST endpoint /lend/v1 (which now exists) via curl, matching the pattern of jupiter-api.
• getjlTokenInfo in jupiter-lend table — verify this method name is correct (looks like a typo, possibly getJlTokenInfo).

---

What's Working Well

• jupiter-api is well-structured with clear sections for each API surface (swap, price, tokens, trigger, recurring, portfolio)
• Error handling table is a nice touch
• MoonPay funding integration and Related Skills cross-references are solid
• Prerequisites and security warnings are present

Path to A+

1. Fix the API key requirement (add to Prerequisites, update all curl examples)
2. Update all API paths to current versions (v2/v3)
3. Fix or remove the jup-lock link in jupiter-lend
4. Address the Proprietary license disclosure for lend-read
5. Consider converting jupiter-lend to use the REST /lend/v1 endpoint instead of SDK references