Description

Interact with the Ceaser privacy protocol on Base L2 using the ceaser-mcp MCP tools. This skill uses the ceaser-mcp npm package for ALL operations -- shield,...

README (SKILL.md)

Ceaser Privacy Protocol

Name: Openclaw Skill
Author: zyra-v21

You are a skill that interacts with the Ceaser privacy protocol on Base L2 (chain ID 8453). Ceaser lets users shield (deposit) ETH into a privacy pool and unshield (withdraw) to any address, using zero-knowledge proofs. No trusted setup -- the protocol uses Noir circuits compiled to UltraHonk proofs.

This skill uses the ceaser-mcp npm package for shield, unshield, and note management operations. All ceaser tool calls use CLI subcommands:

npx -y ceaser-mcp \x3Csubcommand> [args]

Alternatively, if mcporter is installed with the ceaser MCP server configured (see {baseDir}/mcporter.json), you may use mcporter call ceaser.TOOL_NAME as an equivalent method. CLI is the primary and recommended approach.

Base URL: https://ceaser.org Network: Base L2 (chain ID 8453) Contract: 0x278652aA8383cBa29b68165926d0534e52BcD368 Facilitator: https://ceaser.org Protocol Fee: 0.25% (25 bps) per operation Valid Denominations: 0.001, 0.01, 0.1, 1, 10, 100 ETH Proof System: Noir circuits compiled to UltraHonk proofs (no trusted setup)

All REST endpoints below are public and require no authentication. Rate limits: 60 req/min (read), 5 req/min (write) per IP.

For a complete OpenAPI 3.0 specification, see {baseDir}/references/openapi.json.

Read-Only Queries

List valid denominations with fee breakdown

Shows what amounts users can shield/unshield and the exact costs (0.25% protocol fee).

curl -s "https://ceaser.org/api/ceaser/denominations" | jq .

Valid denominations: 0.001, 0.01, 0.1, 1, 10, 100 ETH.

Calculate fee breakdown for a specific amount

curl -s "https://ceaser.org/api/ceaser/fees/100000000000000000" | jq .

The amount parameter is in wei. 100000000000000000 = 0.1 ETH. Response includes protocolFee (0.25%), treasuryShare (0.24%), relayerAlloc (0.01%), and netAmount.

Get pool statistics

curl -s "https://ceaser.org/api/ceaser/pool/0" | jq .

Asset ID 0 = ETH. Returns totalLocked (TVL in wei), totalLockedFormatted (human readable), totalNotes, and feeBps.

Get current Merkle root

curl -s "https://ceaser.org/api/ceaser/merkle-root" | jq .

Returns the 24-level Poseidon Merkle tree root. The source field indicates whether it came from the local indexer (instant) or fell back to an on-chain query.

Check if a nullifier has been spent

curl -s "https://ceaser.org/api/ceaser/nullifier/0x0000000000000000000000000000000000000000000000000000000000000001" | jq .

Replace the hash with the actual bytes32 nullifier hash. Returns { "spent": true/false }.

Facilitator health and status

curl -s "https://ceaser.org/status" | jq .

Returns facilitator wallet balance, registered protocols, circuit breaker state, transaction queue info, persistent transaction tracker stats, and indexer sync status.

Simple liveness check

curl -s "https://ceaser.org/health" | jq .

Returns { "ok": true } if the facilitator is running.

Indexer Queries

The indexer maintains a local Merkle tree synchronized with the on-chain contract. It provides instant access to commitments and root data without RPC calls.

Indexer sync status

curl -s "https://ceaser.org/api/ceaser/indexer/status" | jq .

Returns synced, syncInProgress, lastSyncBlock, leafCount, root, and operational stats.

Indexed Merkle root (instant, no RPC)

curl -s "https://ceaser.org/api/ceaser/indexer/root" | jq .

List commitments (paginated)

curl -s "https://ceaser.org/api/ceaser/indexer/commitments?offset=0&limit=100" | jq .

Returns commitments array, total count, offset, and limit. Max 1000 per page.

Get commitment by leaf index

curl -s "https://ceaser.org/api/ceaser/indexer/commitment/0" | jq .

x402 Facilitator (Gasless Settlement)

The facilitator is a gasless relay: it validates ZK proofs and submits them on-chain, paying gas on behalf of the user. This enables withdrawals from wallets with zero ETH balance.

x402 capability discovery

curl -s "https://ceaser.org/supported" | jq .

Returns supported schemes (zk-relay), networks (eip155:8453), protocols (ceaser), and proof formats (ultrahonk).

Verify a ZK proof (dry run, no on-chain submission)

curl -s -X POST "https://ceaser.org/verify" \
  -H "Content-Type: application/json" \
  -d '{
    "protocol": "ceaser",
    "network": "eip155:8453",
    "payload": {
      "proof": "0x...",
      "nullifierHash": "0x...",
      "amount": "100000000000000000",
      "assetId": "0",
      "recipient": "0x742d35Cc6634C0532925a3b844Bc9e7595f2bD18",
      "root": "0x..."
    }
  }' | jq .

Returns isValid, validation details, gas estimate, and facilitator fee.

Submit ZK proof on-chain (gasless settlement)

curl -s -X POST "https://ceaser.org/settle" \
  -H "Content-Type: application/json" \
  -d '{
    "protocol": "ceaser",
    "network": "eip155:8453",
    "payload": {
      "proof": "0x...",
      "nullifierHash": "0x...",
      "amount": "100000000000000000",
      "assetId": "0",
      "recipient": "0x742d35Cc6634C0532925a3b844Bc9e7595f2bD18",
      "root": "0x..."
    }
  }' | jq .

The facilitator pays gas. Recipient receives amount minus 0.25% protocol fee. Idempotent: resubmitting the same nullifier returns the cached result.

Prepare a Shield Transaction

This builds an unsigned transaction for shielding ETH. The user must sign and submit it from their own wallet.

curl -s -X POST "https://ceaser.org/api/ceaser/shield/prepare" \
  -H "Content-Type: application/json" \
  -d '{
    "proof": "0x...",
    "commitment": "0x...",
    "amount": "100000000000000000",
    "assetId": "0"
  }' | jq .

Returns pre-built transaction data (to, data, value) and fee breakdown. The caller signs this with their wallet.

IMPORTANT: Shield operations require generating a ZK proof client-side. The proof, commitment, and secret/nullifier must be generated using the Ceaser frontend (https://ceaser.org) or the ceaser-mcp npm package (npx ceaser-mcp). This skill cannot generate proofs -- it only queries the API.

CLI Subcommands (Shield / Unshield)

The ceaser-mcp npm package includes CLI subcommands that run directly from bash. These generate ZK proofs locally and interact with the facilitator for gasless settlement. All output is JSON.

Shield ETH (generate proof + unsigned tx)

npx -y ceaser-mcp shield 0.001

Returns an unsigned transaction (to, data, value) and a note backup string. The user must sign and send the transaction from their wallet. Valid denominations: 0.001, 0.01, 0.1, 1, 10, 100 ETH.

The unsigned transaction is also saved to ~/.ceaser-mcp/pending-tx.json for automatic signing flows (used by the ceaser-send skill).

IMPORTANT: The backup field in the output contains the note's private keys. It MUST be saved securely -- it is the only way to later unshield the funds.

List stored notes

npx -y ceaser-mcp notes

Shows unspent notes with their IDs, amounts, and leaf indices. Add --all to include spent notes.

Unshield ETH (gasless withdrawal via x402)

npx -y ceaser-mcp unshield \x3CnoteId> 0x742d35Cc6634C0532925a3b844Bc9e7595f2bD18

Generates a burn ZK proof and submits it to the facilitator. The facilitator pays gas. The recipient receives the amount minus 0.25% protocol fee. Requires a stored note with a valid leaf index (shield tx must have confirmed on-chain).

Import a note from backup

npx -y ceaser-mcp import eyJzIjoiMTIzLi4uIn0=

Imports a note from a base64 backup string (generated by shield or the Ceaser frontend). Required before unshielding a note created elsewhere.

Help

npx -y ceaser-mcp help

Notes are stored at ~/.ceaser-mcp/notes.json. All commands output JSON to stdout on success and JSON to stderr on failure.

Key Concepts

Shield: Deposit ETH into the privacy pool. Creates a note (commitment) on-chain. Requires ZK proof generation (client-side only).
Unshield: Withdraw ETH from the privacy pool to any address. Requires a stored note with secret/nullifier. The facilitator handles gas.
Note: A private record containing secret, nullifier, amount, and commitment. Notes are never stored on-chain -- only their Poseidon hash (commitment) is.
Nullifier: A unique identifier derived from the note. Once spent, the nullifier is recorded on-chain to prevent double-spending.
Denomination: Fixed amounts (0.001 to 100 ETH) to prevent amount-based deanonymization.
Protocol Fee: 0.25% (25 basis points) split between treasury (0.24%) and relayer fund (0.01%).

Performing Transactions (Shield / Unshield)

When a user asks to shield or unshield ETH, ALWAYS use the ceaser-mcp CLI subcommands. This is the primary and recommended method:

# Shield ETH (generates ZK proof + unsigned tx)
npx -y ceaser-mcp shield 0.001

# List stored notes to get noteId
npx -y ceaser-mcp notes

# Unshield ETH (gasless via facilitator)
npx -y ceaser-mcp unshield \x3CnoteId> \x3Crecipient>

# Import a note from backup string
npx -y ceaser-mcp import \x3Cbase64-backup>

# Help
npx -y ceaser-mcp help

The shield command generates a ZK proof locally and returns an unsigned transaction. The user must sign and send it. The unshield command generates a burn proof and settles via the facilitator (gasless).

Notes are stored at ~/.ceaser-mcp/notes.json. All commands output JSON to stdout on success and JSON to stderr on failure.

Alternative: MCP Server via Claude Code

The ceaser-mcp npm package also runs as an MCP server for Claude Code:

claude mcp add --transport stdio ceaser -- npx -y ceaser-mcp

This provides 10 MCP tools including ceaser_shield_eth and ceaser_unshield. Notes are stored locally at ~/.ceaser-mcp/notes.json.

npm package: https://www.npmjs.com/package/ceaser-mcp

Alternative: Web App (non-technical users)

Direct the user to https://ceaser.org -- connect wallet, select amount, click Shield or Unshield. The frontend handles proof generation, wallet signing, and note management in-browser.

Auto-Signing Mode (ceaser-send)

A separate skill (/ceaser-send) provides fully automated shield-to-unshield flow using an ephemeral hot wallet. The agent generates a BIP-39 mnemonic, the user funds the hot wallet, and the agent signs and broadcasts the shield transaction automatically. Only one manual step: funding the hot wallet with ETH.

PRIVACY NOTE: Auto-signing creates observable on-chain links between the user's wallet and the hot wallet (funding + refund transactions). For maximum privacy, the manual approach (this skill + MetaMask) is recommended. Use ceaser-send only when the user explicitly requests automated signing.

Install: clawhub install ceaser-send

What this skill can help with

While you wait for a transaction or are exploring the protocol, this skill can:

Check denominations and fees before shielding
Monitor pool TVL and note count
Verify a nullifier is unspent before attempting unshield
Check facilitator health and circuit breaker state
Browse indexed commitments and Merkle tree state

Usage Guidance

This skill appears to do what it says: call Ceaser facilitator endpoints and run the ceaser-mcp CLI. Before installing or running it, consider: (1) npx -y executes the ceaser-mcp package fetched from npm at runtime — review the ceaser-mcp npm package (publisher, version, recent changes) or prefer installing a pinned package locally rather than using npx -y. (2) Avoid running the skill in environments with highly sensitive data or credentials since running third-party code can be risky. (3) The OpenAPI reference includes admin endpoints (protected by ADMIN_KEY); the skill does not request that key — do not provide any unrelated credentials. (4) If you want stronger assurance, fetch and inspect the ceaser-mcp source (or pin a known-good release), or run the tool in a sandboxed environment. If you need help checking the npm package or verifying the facilitator URL/certs, provide the package name/version or more context and I can help review.

Capability Analysis

Type: OpenClaw Skill Name: ceaser Version: 1.4.2 The skill bundle is designed to interact with the Ceaser privacy protocol, using `curl` for API calls to `https://ceaser.org` and `npx -y ceaser-mcp` for local operations like generating ZK proofs and managing notes. While `allowed-tools: Bash` grants broad execution capabilities and `npx -y` automates package installation (a potential supply chain risk if the `ceaser-mcp` package itself were compromised), all commands and instructions in `SKILL.md` are directly aligned with the stated purpose of the privacy protocol. There is no evidence of intentional harmful behavior, data exfiltration, persistence mechanisms, obfuscation, or malicious prompt injection directives against the agent. The skill even includes responsible privacy warnings for a related 'auto-signing' skill, indicating a transparent and non-malicious intent.

Capability Assessment

✓ Purpose & Capability

Name/description match the requested binaries and the runtime instructions: the skill uses the ceaser-mcp npm CLI and public ceaser.org endpoints. Required binaries (curl, jq, node, npx) are appropriate and expected for the described operations. The included OpenAPI reference documents the same API surface.

ℹ Instruction Scope

SKILL.md instructs only public REST calls to ceaser.org and use of the ceaser-mcp CLI via `npx -y ceaser-mcp <subcommand>`. It does not request arbitrary file or credential access. It does mention an optional local mcporter config ({baseDir}/mcporter.json) which could cause the agent to interact with a locally configured MCP server if present — this is optional, but worth noting.

ℹ Install Mechanism

There is no install spec (instruction-only), which minimizes persistent footprint. However, the runtime pattern uses `npx -y` to fetch and execute the ceaser-mcp package on demand. That behavior is coherent with a CLI-based skill but carries moderate risk: running code fetched from npm at runtime executes third-party code in the agent environment and can run arbitrary operations if the package or its dependencies are compromised.

✓ Credentials

The skill declares no required environment variables or credentials. The OpenAPI file references administrative endpoints protected by an ADMIN_KEY in production, but the SKILL.md does not request that key — the absence of credential requirements is consistent with the skill's described public/facilitator usage.

✓ Persistence & Privilege

The skill is not always-enabled and is user-invocable. It does not request persistent system-wide privileges or modifications. Autonomous invocation is allowed by default but not combined with other high-risk privileges in this skill.

Version History

v1.4.2

### Ceaser Skill 1.4.2 Changelog - Updated OpenAPI specification in `references/openapi.json`. - Documentation (SKILL.md) remains unchanged: no new features or user-facing changes. - Under-the-hood update to ensure API references reflect the current backend.

v1.4.1

Sync openapi.json skill version metadata.

v1.4.0

Shield now saves unsigned TX to ~/.ceaser-mcp/pending-tx.json. Agents no longer need to pass long hex data as CLI args. Updated ceaser-mcp to v1.2.0.

v1.3.0

Add explicit ceaser-mcp MCP tool references at the top of SKILL.md for better compatibility with less capable models. Reorder transaction section to prioritize CLI subcommands.

v1.2.3

Add x-openclaw-skills extension to openapi.json with ceaser-send metadata

v1.2.2

Add ceaser-send cross-reference and privacy recommendation

v1.2.1

Bump openapi.json version to 1.1.0, sync with facilitator spec.

v1.2.0

Add CLI subcommands (shield, unshield, notes, import, help) for bash-only agents. Update requires to include node/npx. Restructure transaction guidance to recommend CLI as primary option for agents.

v1.1.0

Expanded transaction guidance with 3 options (web app, MCP via Claude Code, manual). Better UX when users ask to shield/unshield.

v1.0.0

Initial release: read-only API queries, indexer access, gasless settlement via x402 facilitator

Metadata

Slug ceaser

Version 1.4.2

License —

All-time Installs 1

Active Installs 1

Total Versions 10

Frequently Asked Questions

What is Openclaw Skill?

Interact with the Ceaser privacy protocol on Base L2 using the ceaser-mcp MCP tools. This skill uses the ceaser-mcp npm package for ALL operations -- shield,... It is an AI Agent Skill for Claude Code / OpenClaw, with 769 downloads so far.

How do I install Openclaw Skill?

Run "/install ceaser" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.

Is Openclaw Skill free?

Yes, Openclaw Skill is completely free (open-source). You can download, install and use it at no cost.

Which platforms does Openclaw Skill support?

Openclaw Skill is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).

Who created Openclaw Skill?

It is built and maintained by Zyra-V21 (@zyra-v21); the current version is v1.4.2.

More Skills

Openclaw Skill