← Back to Skills Marketplace

Ordiscan

Name: Ordiscan
Author: t4t5

by T4T5 · GitHub ↗ · v0.0.2

cross-platform ⚠ suspicious

625

Downloads

Stars

Active Installs

Versions

Install in OpenClaw

/install ordiscan

Description

Inscribe content on Bitcoin via the Ordiscan API. Pays per-request with USDC on Base using the x402 protocol.

Usage Guidance

This skill legitimately needs a private key so it can sign x402 USDC payment authorizations — that is sensitive: only install/use it if you trust the skill source. Before using: (1) prefer an ephemeral or low-value wallet/key (do not reuse a high-value private key); (2) verify the recipient/payTo address printed by the signer before approving (the script logs the 'To' address and amount to stderr); (3) be aware that signing an ERC-3009 TransferWithAuthorization authorizes the payee to claim the stated USDC amount, so double-check the Payment-Required header content; (4) note the script will contact a Base RPC (BASE_RPC_URL defaults to https://mainnet.base.org) — if you want to control RPC trust, set BASE_RPC_URL to an RPC you trust; (5) confirm ~/.evm-wallet.json (if used) comes from a trusted wallet skill. If any of these are unacceptable, do not provide a private key to this skill.

Capability Analysis

Type: OpenClaw Skill Name: ordiscan Version: 0.0.2 The skill is classified as suspicious due to its handling of sensitive data and user-provided file paths, despite the stated purpose appearing benign. It instructs the agent to read an Ethereum private key from `~/.evm-wallet.json` (if not already set as an environment variable) for signing x402 payments via `scripts/x402-sign.mjs`. Additionally, the skill directs the agent to read arbitrary user-provided file paths (`base64 -w0 path/to/file`) for content inscription. While these actions are declared as requirements and are necessary for the skill's functionality, they represent high-risk capabilities that, if mishandled or combined with agent vulnerabilities, could lead to unauthorized access to sensitive data or local file inclusion/reading.

Capability Assessment

✓ Purpose & Capability

The skill's name/description (Ordiscan x402 payments) matches what it requires: a signer (X402_PRIVATE_KEY or wallet file) and node or an alternative wallet tool (awal). The included signing script implements EIP-3009-style TransferWithAuthorization for USDC on Base, which is necessary to produce the Payment-Signature header described in SKILL.md.

ℹ Instruction Scope

SKILL.md instructs the agent to read the user's X402_PRIVATE_KEY or, if unset, to extract a private key from ~/.evm-wallet.json (explicitly declared). Those actions are sensitive but directly related to signing payments. The instructions also run npm install to pull 'viem' and optionally call 'awal' if present; they do not reference unrelated system files or external endpoints beyond the Ordiscan API and an RPC URL.

✓ Install Mechanism

This is instruction-only with a small included script and a package.json depending on 'viem'. There is no arbitrary URL download or extract step; installing dependencies is via npm (expected for a node-based signer).

ℹ Credentials

The skill requires a single sensitive secret (X402_PRIVATE_KEY) and optionally reads ~/.evm-wallet.json — both are proportional to the described signing purpose. One minor mismatch: the script also honors BASE_RPC_URL (optional) but SKILL.md/metadata do not list it as a declared env var; this is low-risk but should be documented. No unrelated credentials are requested.

✓ Persistence & Privilege

The skill does not request persistent/always-on inclusion and does not attempt to modify other skills or system-wide configuration. It simply provides a signing helper that runs on demand.

How to Use

Make sure OpenClaw is installed (local or Docker)
Run the install command in chat: /install ordiscan
After installation, invoke the skill by name or use /ordiscan
Provide required inputs per the skill's parameter spec and get structured output

Version History

v0.0.2

- Added environment and config hints to the metadata (now lists required env vars and config files). - Updated wallet setup instructions: now checks for X402_PRIVATE_KEY and ~/.evm-wallet.json before suggesting awal. - No changes to core skill functionality. - README.md file was removed.

v0.0.1

Initial release of ordiscan skill. - Enables inscribing content (text, images, files) on Bitcoin via the Ordiscan API. - Supports dynamic, per-request payments using USDC on Base with the x402 protocol — no API key required. - Lets users query Bitcoin Ordinals data including inscriptions, addresses, runes, BRC-20 tokens, and rare sats. - Provides integration options for both a Node-based signing script and Coinbase’s Agentic Wallet (`awal`). - Detailed setup and usage instructions included for both inscription and querying workflows.

Metadata

Slug ordiscan

Version 0.0.2

License —

All-time Installs 0

Active Installs 0

Total Versions 2

Frequently Asked Questions

What is Ordiscan?

Inscribe content on Bitcoin via the Ordiscan API. Pays per-request with USDC on Base using the x402 protocol. It is an AI Agent Skill for Claude Code / OpenClaw, with 625 downloads so far.

How do I install Ordiscan?

Run "/install ordiscan" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.

Is Ordiscan free?

Yes, Ordiscan is completely free (open-source). You can download, install and use it at no cost.

Which platforms does Ordiscan support?

Ordiscan is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).

Who created Ordiscan?

It is built and maintained by T4T5 (@t4t5); the current version is v0.0.2.

More Skills