技能详情(站内镜像,无评论)
作者:Angelos Kappos @adacapo21
许可证:MIT-0
MIT-0 ·免费使用、修改和重新分发。无需归因。
版本:v1.0.0
统计:⭐ 0 · 133 · 0 current installs · 0 all-time installs
⭐ 0
安装量(当前) 0
🛡 VirusTotal :良性 · OpenClaw :可疑
Package:adacapo21/cardano-balances
安全扫描(ClawHub)
- VirusTotal :良性
- OpenClaw :可疑
OpenClaw 评估
The skill's declared purpose (query Cardano wallet balances/UTxOs) is plausible, but it requests a highly sensitive SEED_PHRASE environment variable without clear justification or handling instructions and installs an npm package of unknown provenance — the combination is disproportionate and worth caution.
目的
The skill's functionality (getting balances, addresses, UTxOs) generally aligns with its name and description and the referenced MCP tools. However, requiring a SEED_PHRASE is stronger than normally necessary for read-only balance queries (which can often be done from public addresses or xpub/watch-only data). The SKILL.md does not justify why a full seed phrase is required.
说明范围
The runtime instructions reference only the MCP tools (get_balances, get_addresses, get_utxos) and conversion/display guidance, which is within scope. But SKILL.md does not say how the declared SEED_PHRASE env var is used, stored, or protected. The allowed-tools list (Read, Glob, Grep) could let the skill read local files, yet the instructions never limit or explain use of local data. This ambiguity increases risk because a seed phrase could b…
安装机制
Install is a node package: @indigoprotocol/cardano-mcp (npm). Installing an npm package is a common approach for Cardano tooling and is not unusual, but it is a moderate-risk install mechanism because it will place code on disk and execute from the registry. No homepage, repository link, or package version is provided in the metadata, making provenance harder to verify.
证书
The skill requires a single env var: SEED_PHRASE. A seed phrase is extremely sensitive (full wallet control). The skill does not request more unrelated credentials, but it also does not explain why the seed phrase is necessary versus less-privileged alternatives (e.g., public addresses, xpub, watch-only keys). Requiring a seed phrase for a read-only balances query is disproportionate unless the skill needs to derive private addresses not other…
持久
The skill is not always-enabled, does not request system-wide config changes, and does not claim to modify other skills or agent settings. Autonomous invocation is allowed (the platform default) but is not combined with other high privileges here.
安装(复制给龙虾 AI)
将下方整段复制到龙虾中文库对话中,由龙虾按 SKILL.md 完成安装。
请把本段交给龙虾中文库(龙虾 AI)执行:为本机安装 OpenClaw 技能「Cardano Balances」。简介:Query wallet balances, addresses, and UTxOs on the Cardano blockchain.。
请 fetch 以下地址读取 SKILL.md 并按文档完成安装:https://raw.githubusercontent.com/openclaw/skills/refs/heads/main/skills/adacapo21/cardano-balances/SKILL.md
(来源:yingzhi8.cn 技能库)SKILL.md
暂无本地缓存内容,可在后台执行详情同步。