← Back to Skills Marketplace
scottcjn

clawrtc

by AutoJanitor · GitHub ↗ · v1.5.0
cross-platform ⚠ suspicious
606
Downloads
1
Stars
0
Active Installs
1
Versions
Install in OpenClaw
/install clawrtc-pip
Description
Mine RTC tokens by proving your hardware's authenticity with cryptographic checks and automated RustChain network attestation.
README (SKILL.md)

ClawRTC\r

\r Mine RTC tokens with your AI agent using Proof-of-Antiquity consensus.\r \r

What It Does\r

\r

  • One-command setup: pip install clawrtc && clawrtc install --wallet my-agent\r
  • Hardware fingerprinting: 6 cryptographic checks prove your machine is real (clock drift, cache timing, SIMD identity, thermal entropy, instruction jitter, anti-emulation)\r
  • Automatic attestation: Attests to the RustChain network every few minutes\r
  • Per-epoch rewards: RTC tokens accumulate in your wallet each epoch (~10 minutes)\r
  • VM detection: Virtual machines are detected and receive effectively zero rewards\r \r

Security\r

\r

  • No post-install telemetry — no network calls during pip install\r
  • TLS verification enabled — all RustChain API calls verify SSL certificates (CA-signed)\r
  • Bundled code only — all miner scripts ship with the package, no external downloads\r
  • Consent required — interactive approval prompt before installation\r
  • Dry-run modeclawrtc install --dry-run previews without installing\r
  • Hash verificationclawrtc install --verify shows SHA256 of all bundled files\r
  • Clean uninstallclawrtc uninstall removes all files, services, and configs\r
  • No background service by default — must explicitly pass --service to enable\r
  • Source available — full source at https://github.com/Scottcjn/Rustchain (MIT)\r \r

What Data Is Sent\r

\r During attestation (when mining), the following is sent to the RustChain node:\r \r

  • CPU model name and architecture (e.g. "AMD Ryzen 5", "x86_64")\r
  • Clock timing variance (proves real oscillator)\r
  • Cache latency profile (proves real L1/L2/L3 hierarchy)\r
  • VM detection flags (hypervisor yes/no)\r
  • Wallet name (your chosen identifier)\r \r NOT sent: file contents, browsing history, credentials, IP geolocation, personal data.\r \r

Install\r

\r

pip install clawrtc\r
```\r
\r
## Usage\r
\r
```bash\r
# Install miner + configure wallet\r
clawrtc install --wallet my-agent\r
\r
# Start mining (foreground)\r
clawrtc start\r
\r
# Check status\r
clawrtc status\r
\r
# View logs\r
clawrtc logs\r
\r
# Stop mining\r
clawrtc stop\r
\r
# Clean uninstall\r
clawrtc uninstall\r
```\r
\r
## Multipliers\r
\r
| Hardware | Multiplier |\r
|----------|-----------|\r
| Modern x86/ARM | 1.0x |\r
| Apple Silicon (M1-M3) | 1.2x |\r
| PowerPC G5 | 2.0x |\r
| PowerPC G4 | 2.5x |\r
| VM/Emulator | ~0x (detected and penalized) |\r
\r
## Coinbase Wallet (v1.5.0)\r
\r
```bash\r
# Create a Coinbase Base wallet\r
pip install clawrtc[coinbase]\r
clawrtc wallet coinbase create\r
\r
# Show wallet info\r
clawrtc wallet coinbase show\r
\r
# Link existing Base address\r
clawrtc wallet coinbase link 0xYourBaseAddress\r
\r
# USDC → wRTC swap guide\r
clawrtc wallet coinbase swap-info\r
```\r
\r
Requires CDP credentials from [portal.cdp.coinbase.com](https://portal.cdp.coinbase.com) for auto-creation. Manual linking works without credentials.\r
\r
## Links\r
\r
- Source: https://github.com/Scottcjn/Rustchain\r
- PyPI: https://pypi.org/project/clawrtc/\r
- npm: https://www.npmjs.com/package/clawrtc\r
- Block Explorer: https://rustchain.org/explorer\r
- Agent Wallets: https://rustchain.org/wallets.html\r
- RustChain: https://rustchain.org\r
- BoTTube: https://bottube.ai\r
Usage Guidance
This package largely does what it describes (hardware fingerprinting + attestation) but makes misleading privacy statements. Before installing: 1) Treat MAC addresses, hostname, and timing samples as identifying data — the miner sends them to an external node (NODE_URL) and the node will observe your IP. 2) Use --dry-run and --verify to inspect hashes and behavior first. 3) Inspect the upstream source (the GitHub repo referenced) and confirm the node domain/IP are legitimate. 4) If you value privacy, run it in an isolated environment (air-gapped or disposable VM/container) and do not enable persistent service or automatic enrollment. 5) If using Coinbase wallet features, protect CDP credentials (they are optional but sensitive). 6) If you allow the agent to invoke skills autonomously, be aware this skill has network access and will periodically call the external attestation endpoint — limit autonomous invocation or monitor network calls. If you need full assurance, do not install until the node/operator identity and data retention/policy are verified.
Capability Analysis
Type: OpenClaw Skill Name: clawrtc-pip Version: 1.5.0 The skill bundle is classified as suspicious primarily due to a critical shell injection vulnerability (RCE risk) in `clawrtc/cli.py`. The `_setup_systemd` function directly inserts the user-provided or auto-generated `wallet` name into the `ExecStart` command of a systemd service file without proper sanitization. This allows for arbitrary command execution if a malicious `wallet` name containing shell metacharacters is provided. A minor discrepancy also exists where `SKILL.md` claims 'No post-install telemetry', but `clawrtc/cli.py` sends anonymous install telemetry to `https://bottube.ai/api/telemetry/install`. While the core functionality of hardware fingerprinting and mining aligns with the stated purpose, the RCE vulnerability is a significant security flaw.
Capability Assessment
Purpose & Capability
Code implements the stated purpose: local fingerprinting, attestation, and periodic HTTP calls to a RustChain node to earn tokens. Commands run (lscpu, nproc, ip/ifconfig, sysctl) and filesystem reads (/proc, /sys) are consistent with hardware fingerprinting and VM detection.
Instruction Scope
SKILL.md claims 'No post-install telemetry' and 'No personal data sent', but the miner code sends MAC addresses, hostname, timing entropy samples, CPU model, and other fingerprint data to NODE_URL (/attest/*). Network-level metadata (your IP) will also be visible to the node. The README and SKILL.md also reference different endpoints (IP vs domain), which is inconsistent and should be clarified.
Install Mechanism
There is no special install spec in the registry; installation is via pip (as the SKILL.md instructs). The package bundles miner scripts (no external downloads during install), creates a venv, and installs dependencies (requests, cryptography). This is expected for a Python miner; installing dependencies will cause normal network activity via pip.
Credentials
The skill declares no required environment variables, but optional Coinbase wallet functionality depends on CDP_API_KEY_NAME and CDP_API_KEY_PRIVATE_KEY. The miner reads many system files and environment keys (KUBERNETES, DOCKER, VIRTUAL, container) for VM detection and collects MAC addresses and hostname — these are identifying and arguably 'personal' data despite SKILL.md claiming otherwise.
Persistence & Privilege
always:false and background service is opt-in ('--service'). The installer writes to the user home (~/.clawrtc), creates a venv and can install a per-user systemd/LaunchAgent service if requested. It does not request elevated or system-wide privileges by default, but it does create persistent files/services in the user account.
How to Use
  1. Make sure OpenClaw is installed (local or Docker)
  2. Run the install command in chat: /install clawrtc-pip
  3. After installation, invoke the skill by name or use /clawrtc-pip
  4. Provide required inputs per the skill's parameter spec and get structured output
Version History
v1.5.0
ClawRTC 1.5.0 introduces native Coinbase Base wallet support and security enhancements. - New: Coinbase wallet support—create, link, and manage Base addresses directly from the CLI. - New: USDC to wRTC swap guide for on-chain integration. - Security: Explicit details on what data is (and is not) sent during attestation. - Security: Hash verification and dry-run mode for transparent installs. - Privacy: No post-install telemetry and explicit consent prompt before installing. - Docs: Expanded setup, usage, and hardware multiplier descriptions.
Metadata
Slug clawrtc-pip
Version 1.5.0
License
All-time Installs 0
Active Installs 0
Total Versions 1
Frequently Asked Questions

What is clawrtc?

Mine RTC tokens by proving your hardware's authenticity with cryptographic checks and automated RustChain network attestation. It is an AI Agent Skill for Claude Code / OpenClaw, with 606 downloads so far.

How do I install clawrtc?

Run "/install clawrtc-pip" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.

Is clawrtc free?

Yes, clawrtc is completely free (open-source). You can download, install and use it at no cost.

Which platforms does clawrtc support?

clawrtc is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).

Who created clawrtc?

It is built and maintained by AutoJanitor (@scottcjn); the current version is v1.5.0.

More Skills
self-improving agent
Captures learnings, errors, and corrections to enable continuous improvement. Use when: (1) A command or operation fails unexpectedly, (2) User corrects Clau...
⬇ 463283 · by pskoett
Skill Vetter
Security-first skill vetting for AI agents. Use before installing any skill from ClawdHub, GitHub, or other sources. Checks for red flags, permission scope, and suspicious patterns.
⬇ 259410 · by spclaudehome
Polymarket
Query Polymarket prediction markets. Check odds, find trending markets, search events, track price movements.
⬇ 232503 · by joelchance
Self-Improving + Proactive Agent
Self-reflection + Self-criticism + Self-learning + Self-organizing memory. Agent evaluates its own work, catches mistakes, and improves permanently. Use when...
⬇ 200423 · by ivangdavila
Github
Interact with GitHub using the `gh` CLI. Use `gh issue`, `gh pr`, `gh run`, and `gh api` for issues, PRs, CI runs, and advanced queries.
⬇ 191115 · by steipete
ontology
Typed knowledge graph for structured agent memory and composable skills. Use when creating/querying entities (Person, Project, Task, Event, Document), linkin...
⬇ 190156 · by oswalpalash

💬 Comments