← Back to Skills Marketplace
95
Downloads
0
Stars
0
Active Installs
2
Versions
Install in OpenClaw
/install wendao-agent
Description
Automates BNB Chain NFA cultivation with on-chain authorized Agent wallet for meditation, leveling, attribute allocation, PK, and breakthrough tasks.
Usage Guidance
This package is functionally consistent with an on‑chain NFA agent, but review these points before installing:
- Secret handling: The agent needs the Agent private key (AGENT_PRIVATE_KEY or --key). Treat this as highly sensitive; prefer environment variable usage (AGENT_PRIVATE_KEY) over command‑line flags, and never use your main owner wallet private key. The skill metadata incorrectly lists no required env vars — assume the private key is required.
- External backend: By default the agent authenticates to and uses https://wendaobsc.xyz for JWT and PK matching. The backend receives signed messages (not your private key) but will be able to authenticate your agent and coordinate PK actions. Only use the default API if you trust that service; you can set --api "" or another URL to disable/replace it.
- Funding and risk: PK deposits and breakthroughs can require $JW (on‑chain token) and the agent will spend tokens from the agent wallet if present. Do not fund the agent wallet with large amounts — create a dedicated child wallet with only a small BNB balance for gas and, if you enable PK, only the minimal $JW you accept to risk. The README contains contradictory claims about whether the agent wallet holds $JW — assume PK can consume $JW from the agent wallet.
- Local files: The agent persists a Merkle leaf file named .wendao-tree-<tokenId>.json in the current working directory. These files contain action logs and should be protected (permissions/backups) or periodically inspected/cleaned if you are privacy‑conscious.
- Audit and provenance: The skill source lists no homepage and the registry metadata owner is opaque. If you plan to run this with real funds, consider auditing the pkg (especially execPK and execPKRecover flows that interact with the backend), running in read‑only mode first (status command), or running on a throwaway agent wallet to observe behavior before giving it any tokens.
If you want, I can point out the exact lines where the agent authenticates to the backend and where wallet writes occur, or help craft safe CLI/environment settings to minimize risk.
Capability Analysis
Type: OpenClaw Skill
Name: wendao-agent
Version: 1.1.0
The WenDao Agent skill bundle is a legitimate automation tool for a BNB Chain-based game (BAP-578 protocol). The code (agent.ts, cli.ts) implements game-specific logic such as automated 'meditation', attribute point distribution, and 'PK' (player vs player) battles. While the tool requires a private key for an 'Agent sub-wallet', it follows security best practices by prioritizing environment variables over CLI arguments to prevent shell history exposure and uses the standard 'viem' library for secure signing. Network activity is restricted to the project's stated domain (wendaobsc.xyz) for authentication and game state resolution, with no evidence of data exfiltration, obfuscation, or malicious intent.
Capability Tags
Capability Assessment
Purpose & Capability
The code and docs implement an NFA Agent SDK (on‑chain reads/writes, levelUp, distributeSP, PK, merkle roots), which is consistent with the stated purpose. However the metadata claims no required env vars/credentials while the CLI and code clearly expect an agent private key (AGENT_PRIVATE_KEY or --key) and allow overriding contract addresses via environment variables — that mismatch should have been declared.
Instruction Scope
Runtime instructions and the packaged code require the agent private key to sign transactions and perform writeContract calls (levelUp, distributeSP, depositPK, updateLearningTree). The agent also authenticates with a backend (default https://wendaobsc.xyz) by signing and POSTing an auth message to obtain a JWT; PK matching and recovery interact with that backend. The agent persists a local file (.wendao-tree-<tokenId>.json) containing merkle leaves. These actions (network calls to a third party, signing, disk writes) are within the claimed feature set but expand trust to an external API and create local persistent state — both deserve explicit disclosure.
Install Mechanism
There is no install spec in the skill metadata (instruction-only), but the package contains full JS/TS source and a package.json with dependencies (viem, commander, etc.). Dependencies are appropriate for a blockchain SDK. No remote download URLs or extract steps are present in the metadata that would increase install risk.
Credentials
The agent requires a private key (sensitive credential) at runtime but the skill metadata declares no required env vars or primary credential. The CLI encourages using AGENT_PRIVATE_KEY (preferred) but also supports passing --key (which leaks to shell history). The default API (https://wendaobsc.xyz) will receive signed messages and return JWTs; while the private key is never sent, the server sees signatures and agent addresses. The README/SKILL.md contains inconsistent statements about token custody (at points claiming the agent wallet has no $JW, elsewhere indicating PK consumes $JW from the agent wallet) — that inconsistency could lead users to fund the agent unexpectedly and risk token loss.
Persistence & Privilege
The skill does not request elevated system privileges and 'always' is false. It persists agent action leaves to disk (.wendao-tree-<tokenId>.json) and uses in‑process state (JWT stored on the instance). This per‑agent persistence is reasonable for the feature (Merkle learning tree) but is a durable local artifact that may include timestamps, actions, and tx hashes — users should know where these files are written and with what permissions.
How to Use
- Make sure OpenClaw is installed (local or Docker)
- Run the install command in chat:
/install wendao-agent - After installation, invoke the skill by name or use
/wendao-agent - Provide required inputs per the skill's parameter spec and get structured output
Version History
v1.1.0
v1.1.0: 修复 JWT frozen config bug, PK 恢复 tier 读链上值, 文档更正
v1.0.0
WenDao Agent Skill 1.0.0 — Initial Release
- Automates NFA 修仙 actions on BNB Chain via BAP-578 Agent Protocol.
- Features include automatic closed-door meditation, leveling up, attribute assignment, PK matching, and境界突破.
- All agent actions are securely logged and anchored on-chain using a Merkle Tree.
- Supports customizable strategies: aggressive, defensive, and balanced.
- Security-focused: agent subwallet is fully isolated from the owner's main wallet.
- Includes setup instructions for quick installation and usage.
Metadata
Frequently Asked Questions
What is 问道 Agent SDK?
Automates BNB Chain NFA cultivation with on-chain authorized Agent wallet for meditation, leveling, attribute allocation, PK, and breakthrough tasks. It is an AI Agent Skill for Claude Code / OpenClaw, with 95 downloads so far.
How do I install 问道 Agent SDK?
Run "/install wendao-agent" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.
Is 问道 Agent SDK free?
Yes, 问道 Agent SDK is completely free, licensed under MIT-0. You can download, install and use it at no cost.
Which platforms does 问道 Agent SDK support?
问道 Agent SDK is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).
Who created 问道 Agent SDK?
It is built and maintained by bb964305 (@bb964305); the current version is v1.1.0.
More Skills