技能详情(站内镜像,无评论)
许可证:MIT-0
MIT-0 ·免费使用、修改和重新分发。无需归因。
版本:v1.0.0
统计:⭐ 1 · 1.5k · 3 current installs · 3 all-time installs
⭐ 1
安装量(当前) 3
🛡 VirusTotal :良性 · OpenClaw :可疑
Package:0xreisearch/ercdata
安全扫描(ClawHub)
- VirusTotal :良性
- OpenClaw :可疑
OpenClaw 评估
The skill's code and instructions match its stated purpose (on-chain ERCData management) but the package metadata and install information are inconsistent: required credentials and Python dependencies are not declared, and an executable script is bundled without an install spec — this mismatch warrants caution before installing or granting a private key.
目的
The skill's name, description, SKILL.md, and the included CLI script consistently implement on-chain ERCData operations on Base (store/read/verify/grant/revoke/register/snapshot). Requiring an ERCDATA_KEY (private key) and ERCDATA_CONTRACT is coherent with the stated purpose. However, the registry metadata claims no required env vars or primary credential while the runtime instructions and code require ERCDATA_KEY and ERCDATA_CONTRACT — a pack…
说明范围
SKILL.md and the script instruct only on interacting with the specified smart contract and Base RPC. Commands and flags are limited to transaction signing, reading contract state, and access control; there are no instructions to read unrelated host files, contact unexpected endpoints, or exfiltrate arbitrary data. The default RPC is https://mainnet.base.org (expected for Base).
安装机制
No install spec is provided (instruction-only in registry), yet the SKILL.md and script require Python (3.10+) and third-party packages (web3, eth-account). The script prints a pip install hint and will fail if dependencies are missing; packaging should declare dependencies or provide an install procedure. No remote downloads or suspicious URLs are used, but the lack of a declared install mechanism is a packaging omission to be aware of.
证书
The runtime requires a sensitive credential (ERCDATA_KEY — an Ethereum private key) and ERCDATA_CONTRACT/RPC; these are proportionate to signing and submitting transactions. The problem is that the skill registry metadata does not declare these required env vars or a primary credential. Failing to declare a required private key is a material omission because supplying that key grants the skill power to sign on-chain transactions (and potential…
持久
The skill does not request always: true and is user-invocable with normal autonomous invocation allowed. It does not attempt to modify other skills or system-wide settings. There is no evidence it persists credentials or alters agent config beyond using the provided key at runtime (which is expected for blockchain transaction signing).
安装(复制给龙虾 AI)
将下方整段复制到龙虾中文库对话中,由龙虾按 SKILL.md 完成安装。
请把本段交给龙虾中文库(龙虾 AI)执行:为本机安装 OpenClaw 技能「ERCData」。简介:Store, verify, and manage AI data on the Ethereum blockchain (Base network) usi…。
请 fetch 以下地址读取 SKILL.md 并按文档完成安装:https://raw.githubusercontent.com/openclaw/skills/refs/heads/main/skills/0xreisearch/ercdata/SKILL.md
(来源:yingzhi8.cn 技能库)SKILL.md
---
name: ercdata
description: Store, verify, and manage AI data on the Ethereum blockchain (Base network) using the ERCData standard. Use when an agent needs to store data fingerprints on-chain, verify data integrity, create audit trails, manage access control for private data, or interact with the ERCData smart contract. Supports public and private storage, EIP-712 verification, snapshots, and batch operations.
---
# ERCData
Store and verify AI-related data on Base mainnet. Public or private, with cryptographic integrity proofs.
## Quick Start
```bash
# Store public data
uv run {baseDir}/scripts/ercdata-cli.py store
--type AI_AGENT_MEMORY
--data "memory hash: abc123"
--metadata '{"agent":"MyBot","ts":"2026-01-31"}'
--key $ERCDATA_KEY --contract $ERCDATA_CONTRACT
# Store private data (only you + granted addresses can read)
uv run {baseDir}/scripts/ercdata-cli.py store
--type AI_AGENT_MEMORY
--data "secret memory data"
--private
--key $ERCDATA_KEY --contract $ERCDATA_CONTRACT
# Read entry
uv run {baseDir}/scripts/ercdata-cli.py read --id 1 --key $ERCDATA_KEY --contract $ERCDATA_CONTRACT
# Verify entry (EIP-712 signature check)
uv run {baseDir}/scripts/ercdata-cli.py verify --id 1 --method eip712 --key $ERCDATA_KEY --contract $ERCDATA_CONTRACT
# Grant access to private entry
uv run {baseDir}/scripts/ercdata-cli.py grant-access --id 2 --to 0xSomeAddress --key $ERCDATA_KEY --contract $ERCDATA_CONTRACT
```
## Configuration
Set via environment or skill config:
- `ERCDATA_KEY` — Private key for signing transactions (required for writes)
- `ERCDATA_CONTRACT` — Contract address on Base mainnet
- `ERCDATA_RPC` — RPC URL (default: https://mainnet.base.org)
Or pass via `--key`, `--contract`, `--rpc` flags.
## Commands
| Command | What it does |
|---------|-------------|
| `store` | Store data on-chain (add `--private` for access control) |
| `read` | Read a data entry by ID |
| `verify` | Verify data integrity (eip712 or hash method) |
| `grant-access` | Grant read access to an address (private entries) |
| `revoke-access` | Revoke read access |
| `register-type` | Register a new data type (admin only) |
| `snapshot` | Create a point-in-time snapshot |
| `info` | Get entry info without full data |
## Privacy Model
- **Public (default):** Anyone can read via `getData()`. Use for transparency, audit trails.
- **Private (`--private`):** Only the provider, granted addresses, and admin can read. Use for sensitive agent data.
Private entries store the same data on-chain but gate `getData()` access. Note: raw transaction calldata is still visible on-chain explorers. For maximum privacy, encrypt data before storing.
## Use Cases for AI Agents
1. **Memory attestation** — Hash your MEMORY.md and store it periodically for tamper-proof audit trail
2. **Agent identity** — Store model fingerprint, system prompt hash, config on-chain
3. **Verifiable outputs** — Hash agent outputs and store for later verification
4. **Agent-to-agent trust** — Check another agent's ERCData entries before trusting its data
5. **Model provenance** — Store model hashes, benchmark scores, architecture metadata
## API Reference
See [references/api.md](references/api.md) for full contract API, roles, events, and limits.
## Requirements
- Python 3.10+ with `web3` and `eth-account` packages (auto-installed by uv)
- A funded wallet on Base mainnet (ETH for gas)
- PROVIDER_ROLE granted by contract admin for storing data
- VERIFIER_ROLE granted for verification operations