← Back to Skills Marketplace

Trust Escrow

Name: Trust Escrow
Author: droppingbeans

by droppingbeans · GitHub ↗ · v1.0.0

cross-platform ⚠ suspicious

1481

Downloads

Stars

Active Installs

Versions

Install in OpenClaw

/install trust-escrow

Description

Create and manage USDC escrows for agent-to-agent payments on Base Sepolia. 30% gas savings, batch operations, dispute resolution.

Usage Guidance

Before installing or using this skill: 1) Treat the skill as requiring transaction signing even though it doesn't declare credentials — do NOT paste private keys into the agent. Use an external signer (hardware wallet, WalletConnect, or an ephemeral signing service) if you intend to interact. 2) Verify the contract and USDC token addresses on a block explorer and review the escrow contract source yourself (or ask the author for verified source). 3) Confirm the skill's provenance: who published it, and does the web app/agent docs belong to a reputable project? 4) If you must test, use a throwaway account with minimal funds on the Sepolia testnet first. 5) Prefer skills that explicitly declare credential needs and recommend secure signing flows; if the agent will ever have signing power, restrict autonomous invocation or require explicit user approval for transactions.

Capability Analysis

Type: OpenClaw Skill Name: trust-escrow Version: 1.0.0 The skill bundle describes a legitimate decentralized application for managing USDC escrows on Base Sepolia. It provides clear instructions and code examples for interacting with a smart contract using standard web3 libraries (viem). There is no evidence of prompt injection, data exfiltration, malicious execution, or persistence mechanisms. While the skill requires access to a private key for blockchain transactions, this is inherent to its stated purpose and not an attempt to steal credentials. All external links point to a Vercel-hosted web app, GitHub repository, or a block explorer, which are common for dApp projects, and none are instructed to be executed by the agent.

Capability Assessment

✓ Purpose & Capability

Name, description, and SKILL.md functions (create/release/autoRelease/dispute, batch ops) align with an on-chain USDC escrow contract on Base Sepolia. Contract and token addresses, RPC, and code examples are consistent with the stated purpose.

⚠ Instruction Scope

The SKILL.md contains concrete wallet code that requires a raw private key (privateKeyToAccount('0xYOUR_PRIVATE_KEY')) and shows writeContract calls. It does not instruct safe signing practices (e.g., external signer, hardware wallet, WalletConnect) and gives no constraints on where the private key comes from. That creates a real risk that an agent following these instructions could request, store, or transmit private keys. The doc links to external web apps (vercel.app) and an 'agent-info' page — these could be legitimate integration docs but are external endpoints the agent might contact; the SKILL.md does not specify or limit what agent-supplied data to send to those endpoints.

✓ Install Mechanism

Instruction-only skill with no install spec and no code files — low install risk because nothing is written to disk by an installer. The scanner had no code to analyze.

⚠ Credentials

The skill declares no required environment variables or primary credential, yet its examples require a signing key (private key) and use an RPC endpoint. The implicit need for a private key (or other signer) is not declared nor constrained — a mismatch that could lead to insecure practices (pasting private keys into the agent).

ℹ Persistence & Privilege

always:false (normal). The skill allows autonomous invocation by default (platform default). While that alone is not a problem, autonomous invocation combined with access to a user's private key would be high-risk — the SKILL.md does not prevent the agent from performing on-chain writes if it obtains signing credentials.

How to Use

Make sure OpenClaw is installed (local or Docker)
Run the install command in chat: /install trust-escrow
After installation, invoke the skill by name or use /trust-escrow
Provide required inputs per the skill's parameter spec and get structured output

Version History

v1.0.0

Initial release: Production-ready escrow for agent-to-agent USDC payments on Base Sepolia. 30% gas savings, batch operations, dispute resolution.

Metadata

Slug trust-escrow

Version 1.0.0

License —

All-time Installs 1

Active Installs 1

Total Versions 1

Frequently Asked Questions

What is Trust Escrow?

Create and manage USDC escrows for agent-to-agent payments on Base Sepolia. 30% gas savings, batch operations, dispute resolution. It is an AI Agent Skill for Claude Code / OpenClaw, with 1481 downloads so far.

How do I install Trust Escrow?

Run "/install trust-escrow" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.

Is Trust Escrow free?

Yes, Trust Escrow is completely free (open-source). You can download, install and use it at no cost.

Which platforms does Trust Escrow support?

Trust Escrow is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).

Who created Trust Escrow?

It is built and maintained by droppingbeans (@droppingbeans); the current version is v1.0.0.

More Skills