← Back to Skills Marketplace
308
Downloads
1
Stars
0
Active Installs
5
Versions
Install in OpenClaw
/install safelink
Description
Secure agent-to-agent hiring and execution skill for OpenClaw MCP with escrowed settlement, x402 facilitator payments, ERC-8004 identity/reputation checks, s...
Usage Guidance
Key points before installing or running SafeLink:
- Metadata mismatch: the registry metadata claims 'no required env vars / instruction-only' but the included SKILL.md and code expect many sensitive environment variables (LLM keys, Coinbase/Privy credentials, DEPLOYER_PRIVATE_KEY, optional shared secrets). Treat that inconsistency as a red flag and ask the publisher to clarify.
- Secrets handling: the interactive setup writes a .env and tests credentials by making network requests. Always use throwaway testnet keys (and not mainnet production keys) when first testing. If you must deploy to mainnet, follow the SKILL.md guidance to use a throwaway DEPLOYER_PRIVATE_KEY for contract deployment and then discard it.
- Review endpoints: the default facilitator URL and other endpoints are external (e.g., https://x402.org/facilitator, Anthropic, Privy). Confirm you trust those services before providing API keys. The code performs some validation (chainId/token checks) but will still transmit auth tokens as part of validation/payment flows.
- Network exposure: safe_listen_for_hire starts an HTTP server bound to a port (default 127.0.0.1). Verify it is bound to loopback in your environment and that you do not accidentally expose it to the public internet or an unrestricted reverse proxy.
- Audit the code paths you care about: if you only plan to use escrow/x402 flows, inspect src/payments/*, src/security/* and wallet providers to ensure they meet your security requirements. Pay special attention to deploy scripts (scripts/deploy-contracts.ts) which execute forge and require a funded private key.
- Verify publisher and provenance: SKILL.md points to a GitHub repo (https://github.com/charliebot8888/SafeLink) but registry 'Source' was unknown and homepage missing in the registry metadata. Confirm the repository origin, review commit history, and prefer installing from an audited/official source.
- Run in a sandbox first: install and run in an isolated environment (container or VM) with network egress controls and testnet/throwaway secrets. Ask the author to correct registry metadata before granting production credentials.
If you want, I can: 1) list the exact env vars the code expects, 2) point out every place keys are transmitted in the code, or 3) produce minimal run instructions for a safe local test using throwaway/testnet credentials.
Capability Analysis
Type: OpenClaw Skill
Name: safelink
Version: 0.1.4
SafeLink is a legitimate, security-focused framework for agent-to-agent (A2A) transactions and hiring. The bundle implements high-standard defensive features, including PII redaction (src/security/input-gate.ts), SSRF protection with strict DNS resolution checks for outbound endpoints, and MPC wallet integration (Coinbase AgentKit/Privy) to ensure private keys never enter application memory. It includes robust payment verification logic (x402 and escrow) and human-in-the-loop risk scoring (src/security/approval.ts) to prevent unauthorized or high-risk on-chain executions. All high-risk behaviors, such as the one-time use of a deployment key and the local HTTP task server, are explicitly disclosed and protected by authentication layers.
Capability Assessment
Purpose & Capability
The name/description (A2A hiring, escrow, x402, ERC-8004, MPC wallets) align with the provided source files (escrow, x402, input-gate, MPC wallet integration, approvals, deploy scripts). HOWEVER the registry summary at the top of the submission states 'Required env vars: none' and 'No install spec / instruction-only' while the SKILL.md and package.json/code clearly expect many environment variables and include full source code. This metadata mismatch is unexpected and should be clarified.
Instruction Scope
SKILL.md and scripts instruct the operator to run an interactive setup that collects LLM keys, Coinbase/Privy credentials, and a DEPLOYER_PRIVATE_KEY (one-time) and writes them to a local .env. The setup tests keys by making remote calls (Anthropic, Privy, RPC, facilitator). These behaviours are coherent with the stated purpose (credential checking, onboarding), but they do transmit tester requests to third-party endpoints as part of validation — review that you trust the endpoints and prefer testing with throwaway/testnet credentials.
Install Mechanism
No install spec in registry (instruction-only) and package.json uses normal npm dependencies from known packages. There are no suspicious external download URLs in the provided files; deploy script invokes Foundry (forge) via child_process, which is expected for contract deployment. Overall the install footprint is standard for a Node/Foundry project.
Credentials
The skill requires multiple high-sensitivity variables (ANTHROPIC_API_KEY or LLM_API_KEY, COINBASE_CDP_API_KEY_PRIVATE_KEY or PRIVY_APP_SECRET, DEPLOYER_PRIVATE_KEY for contract deployment, optional TASK_AUTH_SHARED_SECRET, REDIS_URL, etc.). These are reasonable for a payment/escrow/MPC tool, but the registry metadata failed to declare them. The one-time DEPLOYER_PRIVATE_KEY usage is documented, but storing keys in .env and the setup testing behavior increases risk if users supply production/mainnet credentials. Verify use of throwaway keys for deployment and prefer Privy/Coinbase MPC options if you want reduced local key exposure.
Persistence & Privilege
The skill does not set always:true. It can start an HTTP server (safe_listen_for_hire) bound to TASK_SERVER_PORT (default 127.0.0.1:3402) when asked, and writes .env via setup scripts. These are expected capabilities for an MCP server but mean the skill can open network listeners and store local credentials/config — run in isolated environments and confirm binding to loopback before exposing externally.
How to Use
- Make sure OpenClaw is installed (local or Docker)
- Run the install command in chat:
/install safelink - After installation, invoke the skill by name or use
/safelink - Provide required inputs per the skill's parameter spec and get structured output
Version History
v0.1.4
Force rescan with full source package: src/security/, src/wallet/, src/server/, src/payments/, scripts/, contracts/src/, _meta.json, tests context headers. Full source: https://github.com/charliebot8888/SafeLink
v0.1.3
Full source publish: added src/, scripts/, contracts/, tests/, _meta.json to package so scanner can verify all referenced implementation files. Registry metadata now includes complete env var declarations.
v0.1.2
Full metadata disclosure in SKILL.md frontmatter: required_env, wallet, llm, deploy-only vars, runtime behavior, security notes. README restructured with clear credential sections.
v0.1.1
Registry metadata: added _meta.json with required env vars, runtime behavior, and security disclosure. Added scanner context to stress test files. Upgraded x402 to 1.1.0 (CVE fix).
v0.1.0
Initial public release: secure A2A agent hiring with escrow, x402 USDC micropayments, MPC wallets, ERC-8004 identity, proof-before-settlement, and policy-gated transactions on Base.
Metadata
Frequently Asked Questions
What is SafeLink?
Secure agent-to-agent hiring and execution skill for OpenClaw MCP with escrowed settlement, x402 facilitator payments, ERC-8004 identity/reputation checks, s... It is an AI Agent Skill for Claude Code / OpenClaw, with 308 downloads so far.
How do I install SafeLink?
Run "/install safelink" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.
Is SafeLink free?
Yes, SafeLink is completely free (open-source). You can download, install and use it at no cost.
Which platforms does SafeLink support?
SafeLink is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).
Who created SafeLink?
It is built and maintained by licc921 (@licc921); the current version is v0.1.4.
More Skills