技能详情(站内镜像,无评论)
许可证:MIT-0
MIT-0 ·免费使用、修改和重新分发。无需归因。
版本:v1.0.0
统计:⭐ 0 · 33 · 0 current installs · 0 all-time installs
⭐ 0
安装量(当前) 0
🛡 VirusTotal:Pending · OpenClaw :可疑
Package:0x-wzw/ox-agent-identity
安全扫描(ClawHub)
- VirusTotal:Pending
- OpenClaw :可疑
OpenClaw 评估
The skill's behavior matches its ERC-8004 identity purpose, but it asks for sensitive on-chain credentials (private keys and RPC URLs) in SKILL.md while the package metadata declares no required environment variables, and the README suggests a remote install curl|bash — these mismatches and the ability to perform on-chain writes are concerning.
目的
The SKILL.md and README clearly describe on-chain registration, reputation updates, and attestations using Foundry's cast and wallet private keys — which is coherent with the stated purpose. However, the skill metadata claims 'Required env vars: none' and 'Primary credential: none' despite runtime instructions requiring WEB3_RPC_URL and private key variables. That mismatch is unexpected and reduces trust in the package metadata.
说明范围
Runtime instructions explicitly tell the agent to read environment variables containing RPC URLs and private keys and to execute transaction-sending commands (cast send). Those actions are within the claimed feature set (on-chain writes) but the instructions therefore involve handling sensitive secrets and performing irreversible blockchain transactions. The SKILL.md does not limit or qualify autonomous action, nor does it suggest safe default…
安装机制
There is no formal install spec (instruction-only), which minimizes automated code installation risk. However, the README recommends installing Foundry via a remote install script (curl -L https://foundry.paradigm.xyz | bash), which is a common but higher-risk pattern (running a remote script). The package itself contains a harmless validate.sh; no other executables or remote downloads are present inside the skill bundle.
证书
The SKILL.md requires sensitive environment variables (AGENT_WALLET_PRIVATE_KEY, VALIDATOR_PRIVATE_KEY, ATTESTER_PRIVATE_KEY, WEB3_RPC_URL, AGENT_REGISTRY_ADDRESS) but the skill metadata declares no required env vars or primary credential. Requesting private keys is proportionate to performing writes on-chain, but the omission in metadata is a red flag. There is no guidance in SKILL.md to use limited-scope keys, hardware wallets, or ephemeral/…
持久
The skill is not always-enabled (always: false) and is user-invocable, but platform-default autonomous invocation is allowed (disable-model-invocation: false). Combined with the ability to read private keys from env vars and execute transaction-sending commands, that grants the agent the capability to autonomously sign and broadcast transactions if keys are provided — this raises a high-risk operational concern unless the user explicitly restr…
安装(复制给龙虾 AI)
将下方整段复制到龙虾中文库对话中,由龙虾按 SKILL.md 完成安装。
请把本段交给龙虾中文库(龙虾 AI)执行:为本机安装 OpenClaw 技能「Ox Agent Identity」。简介:ERC-8004 agent identity management. Register AI agents on-chain, update reputat…。
请 fetch 以下地址读取 SKILL.md 并按文档完成安装:https://raw.githubusercontent.com/openclaw/skills/refs/heads/main/skills/0x-wzw/ox-agent-identity/SKILL.md
(来源:yingzhi8.cn 技能库)SKILL.md
暂无本地缓存内容,可在后台执行详情同步。