技能详情(站内镜像,无评论)
许可证:MIT-0
MIT-0 ·免费使用、修改和重新分发。无需归因。
版本:v1.0.0
统计:⭐ 0 · 38 · 0 current installs · 0 all-time installs
⭐ 0
安装量(当前) 0
🛡 VirusTotal :良性 · OpenClaw :可疑
Package:agnicpay-prog/agnic-authenticate-wallet
安全扫描(ClawHub)
- VirusTotal :良性
- OpenClaw :可疑
OpenClaw 评估
The skill's purpose (wallet authentication) is coherent, but it instructs the agent to run npx agnic@latest (downloads and executes unpinned npm code) and references an AGNIC_TOKEN env var that isn't declared — creating supply‑chain and credential‑scope concerns.
目的
Name/description match the runtime instructions: the SKILL.md only describes authenticating to an AgnicPay wallet using either an OAuth browser flow or a token. Nothing in the instructions requests access to unrelated services or credentials.
说明范围
Instructions are narrowly scoped to running the agnic CLI (npx agnic@latest) for login/status and optionally setting AGNIC_TOKEN. They instruct opening a browser for OAuth and using a token for headless flows. Minor inconsistency: the metadata declares no required env vars, yet the doc uses AGNIC_TOKEN (optional token mode).
安装机制
The skill relies on running 'npx agnic@latest' at runtime. npx fetching an unpinned 'latest' package from the npm registry means arbitrary third‑party code will be downloaded and executed on the host — a supply‑chain / arbitrary code execution risk. There is no pinned version, no verified release host, and no install spec to control what is fetched.
证书
No required environment variables are declared in the skill metadata, but the instructions tell the user/agent to set AGNIC_TOKEN for headless auth. Requesting a token for auth is reasonable for this purpose, but the token variable is not documented as required or described further (scope, least privilege, lifetime), so the skill omits useful context about credential scope and handling.
持久
The skill does not request always:true, does not declare config paths, and does not instruct modifying other skills or system-wide agent settings. default autonomy is allowed but not otherwise privileged.
安装(复制给龙虾 AI)
将下方整段复制到龙虾中文库对话中,由龙虾按 SKILL.md 完成安装。
请把本段交给龙虾中文库(龙虾 AI)执行:为本机安装 OpenClaw 技能「AgnicPay x402 wallet authentication」。简介:Authenticate to AgnicPay wallet using browser OAuth or non-browser API token mo…。
请 fetch 以下地址读取 SKILL.md 并按文档完成安装:https://raw.githubusercontent.com/openclaw/skills/refs/heads/main/skills/agnicpay-prog/agnic-authenticate-wallet/SKILL.md
(来源:yingzhi8.cn 技能库)SKILL.md
---
name: authenticate-wallet
description: Authenticate to AgnicPay wallet using browser OAuth or non-browser API token mode
user-invocable: true
disable-model-invocation: false
allowed-tools: ["Bash(npx agnic@latest *)"]
---
# Authenticate Wallet
Authenticate the user with their AgnicPay wallet using browser OAuth or token-based auth for headless agents.
## Steps
1. Preferred for headless agents: provide a token (no browser required):
```bash
npx agnic@latest --token <agnic_token> status --json
```
Or set an environment variable:
```bash
export AGNIC_TOKEN=<agnic_token>
npx agnic@latest status --json
```
2. Browser mode: run the login command:
```bash
npx agnic@latest auth login
```
This opens the user's browser to AgnicPay where they sign in and set spending limits.
3. Wait for the browser flow to complete. The CLI will show "Authenticated!" when done.
4. Verify authentication:
```bash
npx agnic@latest status --json
```
## Expected Output
```json
{
"authenticated": true,
"userId": "did:privy:...",
"email": "user@example.com",
"walletAddress": "0x...",
"tokenExpiry": "2026-05-22T..."
}
```
## Error Handling
- If the user cancels the browser flow, the CLI will show "Authentication failed".
- If the browser doesn't open, the CLI prints a URL the user can copy manually.
- If token auth fails, check whether the token is valid/revoked/expired.
- If already authenticated, `agnic status` will confirm without re-login.
## Logout
To remove stored credentials:
```bash
npx agnic@latest auth logout
```