← Back to Skills Marketplace
nativ3ai

Agentic Commerce Relay

by nativ3ai · GitHub ↗ · v0.1.0
cross-platform ⚠ suspicious
960
Downloads
0
Stars
0
Active Installs
1
Versions
Install in OpenClaw
/install agentic-commerce-relay
Description
Run the CCTP relay to burn USDC on a source chain and mint on a destination chain, returning verifiable receipts. Use for multichain agent-to-agent settlement, with optional Moltbook discovery and integrations.
README (SKILL.md)

Agentic Commerce Relay

Use this skill when you need to settle USDC across CCTP-supported chains without deploying contracts. The relay script calls Circle’s official CCTP contracts and outputs a machine-readable receipt.

Quick Use

From the repo root:

SRC_RPC=... \
DST_RPC=... \
PRIVATE_KEY=0x... \
SRC_USDC=0x... \
SRC_TOKEN_MESSENGER=0x... \
SRC_MESSAGE_TRANSMITTER=0x... \
DST_MESSAGE_TRANSMITTER=0x... \
DST_DOMAIN=... \
node scripts/cctp-bridge.js

Required env

  • SRC_RPC
  • DST_RPC
  • PRIVATE_KEY

Optional env (override per chain)

  • SRC_USDC
  • SRC_TOKEN_MESSENGER
  • SRC_MESSAGE_TRANSMITTER
  • DST_MESSAGE_TRANSMITTER
  • DST_DOMAIN
  • AMOUNT (default 1000000, 1 USDC with 6 decimals)

Receipt

The script prints JSON with:

  • burnTx
  • messageHash
  • mintTx
  • recipient

Optional modules

Moltbook discovery

Find counterparties by submolt feed:

MOLTBOOK_API_KEY=... \
MOLTBOOK_BASE_URL=https://www.moltbook.com \
node scripts/discovery-moltbook.cjs --submolt usdc --sort new --tag payment

Bundled integrations

This repo includes optional modules under integrations/:

  • integrations/mvp (USDC Intent Payer)
  • integrations/anonx402-hackathon (Anon x402 Relay)

Use these for intent parsing/guardrails or privacy, then call the relay to settle cross-chain.

Usage Guidance
Do not supply your real/private signing key or production RPC credentials to this skill as packaged. The SKILL.md expects local Node scripts and integrations (scripts/cctp-bridge.js, integrations/) but the skill bundle contains only the SKILL.md and no code or homepage — that makes it impossible to audit what will run. Before installing or using: 1) ask the publisher for the source repo or a signed release and verify the scripts; 2) only use an ephemeral or low-value key and non-production RPC endpoints for testing; 3) prefer hardware-wallet or external-signing workflows rather than providing raw PRIVATE_KEY to an agent; 4) be cautious about optional discovery integrations (Moltbook) and API keys — verify their endpoints and privacy implications. If the publisher cannot provide source or an installable package, treat this skill as untrusted.
Capability Analysis
Type: OpenClaw Skill Name: agentic-commerce-relay Version: 0.1.0 The skill is classified as suspicious primarily due to its requirement for the `PRIVATE_KEY` to be passed directly as an environment variable for executing the `cctp-bridge.js` script, as detailed in `SKILL.md`. This is a high-risk operation involving sensitive credentials, even if for the stated purpose of cross-chain token transfers. Additionally, the skill instructs the agent to make network calls to an external domain, `https://www.moltbook.com`, for 'Moltbook discovery,' which introduces an external dependency and a vector for potential data exfiltration, though it is presented as part of the skill's functionality. While there is no clear evidence of intentional malicious behavior like exfiltration to an unauthorized endpoint or prompt injection for harmful objectives, these capabilities present significant security risks.
Capability Assessment
Purpose & Capability
The described purpose (CCTP relay to burn/mint USDC) legitimately requires RPC endpoints and a signing key, which the SKILL.md lists, but the registry metadata claims no required env/credentials. That mismatch (no required env vs SKILL.md requiring PRIVATE_KEY, SRC_RPC, DST_RPC) is incoherent.
Instruction Scope
Runtime instructions tell the agent to run scripts (scripts/cctp-bridge.js, scripts/discovery-moltbook.cjs) and to set sensitive env vars, but no scripts or integrations are included in the skill bundle. The instructions also suggest calling external services (Moltbook) and sending transactions to RPC endpoints — all of which require explicit, included code or provenance, which is missing.
Install Mechanism
There is no install spec (instruction-only), which is low-risk in itself, but the README-style instructions reference bundled modules and script files that are not present. That discrepancy means the skill as packaged can't perform the claimed actions without external code, which is suspicious.
Credentials
SKILL.md requires a PRIVATE_KEY and RPC URLs (sensitive). The registry declares no required env or primary credential. Requesting a private key is proportionate for signing cross-chain burns/mints, but the skill should have declared this and provided code reviewable by the user; undeclared sensitive env requirements are a red flag. Additional optional envs (MOLTBOOK_API_KEY, etc.) are also referenced but not declared.
Persistence & Privilege
The skill does not request always:true, has no install steps that would persist code on disk, and is user-invocable only. Autonomous invocation is enabled by default but not, by itself, unusual or escalatory here.
How to Use
  1. Make sure OpenClaw is installed (local or Docker)
  2. Run the install command in chat: /install agentic-commerce-relay
  3. After installation, invoke the skill by name or use /agentic-commerce-relay
  4. Provide required inputs per the skill's parameter spec and get structured output
Version History
v0.1.0
Initial public release
Metadata
Slug agentic-commerce-relay
Version 0.1.0
License
All-time Installs 0
Active Installs 0
Total Versions 1
Frequently Asked Questions

What is Agentic Commerce Relay?

Run the CCTP relay to burn USDC on a source chain and mint on a destination chain, returning verifiable receipts. Use for multichain agent-to-agent settlement, with optional Moltbook discovery and integrations. It is an AI Agent Skill for Claude Code / OpenClaw, with 960 downloads so far.

How do I install Agentic Commerce Relay?

Run "/install agentic-commerce-relay" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.

Is Agentic Commerce Relay free?

Yes, Agentic Commerce Relay is completely free (open-source). You can download, install and use it at no cost.

Which platforms does Agentic Commerce Relay support?

Agentic Commerce Relay is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).

Who created Agentic Commerce Relay?

It is built and maintained by nativ3ai (@nativ3ai); the current version is v0.1.0.

More Skills
self-improving agent
Captures learnings, errors, and corrections to enable continuous improvement. Use when: (1) A command or operation fails unexpectedly, (2) User corrects Clau...
⬇ 463283 · by pskoett
Skill Vetter
Security-first skill vetting for AI agents. Use before installing any skill from ClawdHub, GitHub, or other sources. Checks for red flags, permission scope, and suspicious patterns.
⬇ 259410 · by spclaudehome
Polymarket
Query Polymarket prediction markets. Check odds, find trending markets, search events, track price movements.
⬇ 232503 · by joelchance
Self-Improving + Proactive Agent
Self-reflection + Self-criticism + Self-learning + Self-organizing memory. Agent evaluates its own work, catches mistakes, and improves permanently. Use when...
⬇ 200423 · by ivangdavila
Github
Interact with GitHub using the `gh` CLI. Use `gh issue`, `gh pr`, `gh run`, and `gh api` for issues, PRs, CI runs, and advanced queries.
⬇ 191115 · by steipete
ontology
Typed knowledge graph for structured agent memory and composable skills. Use when creating/querying entities (Person, Project, Task, Event, Document), linkin...
⬇ 190156 · by oswalpalash

💬 Comments