技能详情(站内镜像,无评论)
许可证:MIT-0
MIT-0 ·免费使用、修改和重新分发。无需归因。
版本:v1.0.0
统计:⭐ 0 · 31 · 0 current installs · 0 all-time installs
⭐ 0
安装量(当前) 0
🛡 VirusTotal :良性 · OpenClaw :可疑
Package:agnicpay-prog/agnic-check-balance
安全扫描(ClawHub)
- VirusTotal :良性
- OpenClaw :可疑
OpenClaw 评估
The skill's instructions match its claimed purpose (checking USDC balances) but rely on running a remote npm package via `npx agnic@latest` (executing third‑party code at runtime) and reference an unspecified auth token, which is disproportionate and risky without more provenance or a pinned/verified install.
目的
The name/description (check USDC balances on Base and Solana) align with the SKILL.md steps which call an `agnic` CLI to query balances. Asking for a token or `auth login` is consistent with needing user auth to read balances.
说明范围
The instructions tell the agent to run `npx agnic@latest ...` which will download and execute code from the npm registry at runtime. The SKILL.md does not instruct reading any unrelated files or environment variables, but running arbitrary remote code can itself read local files or network resources — the skill gives the agent the ability to run that code and supply an auth token (AGNIC_TOKEN or --token), which could be exfiltrated by the down…
安装机制
There is no install spec and the runtime relies on `npx agnic@latest` (a live pull of latest package). Using `npx` to execute an unpinned latest package is higher risk because it executes code fetched from the network each run; there is no provenance, home page, or checksum provided.
证书
The skill declares no required env vars, but the instructions ask the user to supply `--token` or `AGNIC_TOKEN`. That is reasonable for an auth token, but the nature/scope of that token is unspecified (could be API token, wallet token, or sensitive key). Requiring an unspecified token without describing what it is or its minimum scope is a privacy/security concern.
持久
The skill is not always-enabled and does not request persistent installation or system configuration changes. Model invocation is allowed (normal). There is no request to modify other skills or system-wide settings.
安装(复制给龙虾 AI)
将下方整段复制到龙虾中文库对话中,由龙虾按 SKILL.md 完成安装。
请把本段交给龙虾中文库(龙虾 AI)执行:为本机安装 OpenClaw 技能「AgnicPay x402 Wallet check balance」。简介:Check USDC balance across networks (Base, Solana)。
请 fetch 以下地址读取 SKILL.md 并按文档完成安装:https://raw.githubusercontent.com/openclaw/skills/refs/heads/main/skills/agnicpay-prog/agnic-check-balance/SKILL.md
(来源:yingzhi8.cn 技能库)SKILL.md
---
name: check-balance
description: Check USDC balance across networks (Base, Solana)
user-invocable: true
disable-model-invocation: false
allowed-tools: ["Bash(npx agnic@latest *)"]
---
# Check Balance
Check the user's USDC balance across supported networks.
## Steps
1. Verify authentication:
```bash
npx agnic@latest status --json
```
If not authenticated, provide `--token`, set `AGNIC_TOKEN`, or run `npx agnic@latest auth login`.
2. Check balance for all networks:
```bash
npx agnic@latest balance --json
```
3. Or check a specific network:
```bash
npx agnic@latest balance --network base --json
npx agnic@latest balance --network solana --json
```
## Expected Output
```json
[
{ "network": "base", "balance": "125.50", "address": "0x..." },
{ "network": "solana", "balance": "0", "address": "N/A" }
]
```
## Supported Networks
- `base` — Base mainnet (EVM, primary)
- `solana` — Solana mainnet
- `base-sepolia` — Base testnet
- `solana-devnet` — Solana devnet
## Error Handling
- If not authenticated: prompt user to provide `--token`, set `AGNIC_TOKEN`, or run `npx agnic@latest auth login`
- If a network returns an error, report it and show available balances