← Back to Skills Marketplace
ClawSkill
by
AutoJanitor
· GitHub ↗
· v1.2.1
1219
Downloads
2
Stars
0
Active Installs
4
Versions
Install in OpenClaw
/install clawskill
Description
Mine RustChain Tokens (RTC) by proving your AI agent runs on real hardware with secure, open-source attestation and built-in wallet management.
README (SKILL.md)
ClawSkill — Mine RTC Tokens With Your AI Agent\r
\r Mine RTC (RustChain Tokens) by proving your agent runs on real hardware. One command to install, automatic attestation, built-in wallet.\r \r
Security & Transparency\r
\r This skill is open-source mining software, not malware. Before installing, you can verify everything:\r \r
# Preview what will happen — nothing installed\r
clawskill install --dry-run\r
\r
# Show SHA256 hashes of bundled files\r
clawskill install --verify\r
```\r
\r
| Concern | How We Address It |\r
|---------|-------------------|\r
| **Code origin** | All miner scripts are **bundled inside the package** — no external downloads at install time. Inspect them yourself in the `data/` directory. Source code: [RustChain GitHub repo](https://github.com/Scottcjn/Rustchain). |\r
| **Background service** | **Opt-in only.** Install does NOT create a service by default. You must explicitly pass `--service` to enable auto-start. Without it, the miner runs in the foreground only when you say so. |\r
| **Hardware fingerprinting** | Required for Proof-of-Antiquity consensus. Collects CPU model, timing variance, and cache latency — nothing personal. No files, passwords, browsing data, or credentials are accessed. Full disclosure shown before install with a consent prompt. |\r
| **Network endpoint** | The RustChain node uses a **CA-signed TLS certificate** (Let's Encrypt). All communication is standard HTTPS with certificate verification. |\r
\r
### What Data Is Collected\r
\r
During attestation (every few minutes when mining), the following is sent to the RustChain node:\r
\r
- CPU model name and architecture (e.g. "AMD Ryzen 5 8645HS", "x86_64")\r
- Clock timing variance (coefficient of variation — proves real oscillator, not emulated)\r
- Cache latency profile (proves real L1/L2/L3 hierarchy)\r
- VM detection flags (hypervisor present: yes/no)\r
- Wallet name (your chosen identifier)\r
\r
**NOT collected**: file contents, browsing history, credentials, IP geolocation, personal data, or anything from your filesystem.\r
\r
### Clean Uninstall\r
\r
```bash\r
clawskill uninstall # Removes ALL files, services, and configs\r
```\r
\r
## Install\r
\r
```bash\r
# Python (recommended)\r
pip install clawskill\r
\r
# Node.js\r
npm install -g clawskill\r
```\r
\r
## Setup\r
\r
```bash\r
# Install miner + configure wallet (shows disclosure, asks consent)\r
clawskill install --wallet my-agent-miner\r
\r
# Start mining in foreground (Ctrl+C to stop)\r
clawskill start\r
\r
# Or: start with background auto-restart (opt-in)\r
clawskill start --service\r
```\r
\r
## How It Works\r
\r
1. **Hardware Fingerprinting** — 6 cryptographic checks prove your machine is real:\r
- Clock-skew & oscillator drift\r
- Cache timing fingerprint (L1/L2/L3 latency)\r
- SIMD unit identity (SSE/AVX/AltiVec/NEON bias)\r
- Thermal drift entropy\r
- Instruction path jitter (microarchitectural)\r
- Anti-emulation behavioral checks\r
\r
2. **Automatic Attestation** — Your agent attests to the RustChain network every few minutes\r
\r
3. **Per-Epoch Rewards** — RTC tokens accumulate in your wallet each epoch (~10 minutes)\r
\r
4. **VM Detection** — Virtual machines are detected and receive effectively zero rewards. Real iron only.\r
\r
## Multipliers\r
\r
| Hardware | Multiplier | Notes |\r
|----------|-----------|-------|\r
| Modern x86/ARM | **1.0x** | Standard rate — this is you |\r
| Apple Silicon (M1/M2/M3) | **1.2x** | Slight bonus |\r
| IBM POWER8 | **1.5x** | Server-class vintage |\r
| PowerPC G5 | **2.0x** | Vintage bonus |\r
| PowerPC G4 | **2.5x** | Maximum vintage bonus |\r
| **VM/Emulator** | **~0x** | **Detected and penalized** |\r
\r
## Commands\r
\r
| Command | Description |\r
|---------|-------------|\r
| `clawskill install` | Extract miner, create wallet (consent prompt, no service by default) |\r
| `clawskill install --service` | Install + create background service |\r
| `clawskill install --dry-run` | Preview without making any changes |\r
| `clawskill install --verify` | Show SHA256 hashes of bundled files |\r
| `clawskill start` | Start mining in foreground |\r
| `clawskill start --service` | Start + create auto-restart service |\r
| `clawskill stop` | Stop mining |\r
| `clawskill status` | Check miner + network status + file hashes |\r
| `clawskill logs` | View miner output |\r
| `clawskill uninstall` | Remove everything cleanly |\r
\r
## What Gets Installed\r
\r
- Miner scripts **bundled with the package** (2 Python files, no external downloads)\r
- Python virtual environment with one dependency (`requests`)\r
- All files stored in `~/.clawskill/` (user-scoped, no root needed)\r
- **No background service unless you pass `--service`**\r
\r
## Requirements\r
\r
- Python 3.8+ (installed on most systems)\r
- Linux or macOS\r
- Real hardware (not a VM)\r
\r
## Links\r
\r
- **Source Code**: https://github.com/Scottcjn/Rustchain (MIT License)\r
- **PyPI**: https://pypi.org/project/clawskill/\r
- **npm**: https://www.npmjs.com/package/clawskill\r
- **Block Explorer**: https://bulbous-bouffant.metalseed.net/explorer\r
- **BoTTube**: https://bottube.ai\r
\r
## License\r
\r
MIT — [Elyan Labs](https://bottube.ai)\r
Usage Guidance
Do not install or run this skill until you resolve the contradictions and verify sources. Specific actions to take before proceeding:
- Inspect the upstream GitHub repo (https://github.com/Scottcjn/Rustchain) and the PyPI/npm packages the SKILL.md references. Confirm the package versions and that their contents actually include the miner scripts and the SHA256 hashes the README claims.
- If you consider installing, download and inspect the PyPI/npm package contents locally (do not run install blindly). Verify cryptographic hashes and read the miner source code to see how wallets/keys are stored and how telemetry is sent.
- Treat the installer behavior as network-download-of-code: prefer running it inside an isolated environment or disposable VM that you can wipe, not on your primary machine.
- Ask the skill author to explain the discrepancy: why does SKILL.md claim 'bundled' files while this registry package lacks them, and why does it assert 'no external downloads' while instructing pip/npm install?
- If you cannot perform code review and independent verification, avoid installing. The current package contents and SKILL.md claims are internally inconsistent and could enable unexpected remote code execution.
Capability Analysis
Type: OpenClaw Skill
Name: clawskill
Version: 1.2.1
The skill is a cryptocurrency miner that performs hardware fingerprinting (CPU model, timing variance, cache latency, VM detection) and sends this data to an external RustChain node. While the `SKILL.md` documentation explicitly claims transparency, denies collection of sensitive personal data, and states that persistence is opt-in, the inherent collection of system-level identifiers and network communication to an external endpoint for a non-essential purpose (mining) represents a significant risk. Without access to the actual miner scripts, the claims regarding data collection cannot be independently verified, making the activity suspicious despite the stated intent.
Capability Assessment
Purpose & Capability
The skill claims to be 'open-source mining software' with miner scripts bundled inside the package (inspectable in data/). The provided manifest only contains SKILL.md and package.json — no miner scripts or data/ directory are present. Yet SKILL.md instructs the user/agent to run 'pip install clawskill' or 'npm install -g clawskill', meaning the actual miner would be downloaded from external registries at install time. This mismatch between 'bundled' vs 'downloaded' is incoherent for a skill that claims local verifiability.
Instruction Scope
The runtime instructions tell the agent to execute system package installs (pip/npm) and then run miner commands that attest hardware and periodically send fingerprinting data to a network node. The SKILL.md asserts strong transparency guarantees (local hashes, consent prompts, no external downloads) but the shipped skill lacks the files that would enable those guarantees. The instructions also do not explain wallet key handling or how attestation data is protected — the skill will collect periodic hardware fingerprints and a wallet identifier and send them to a RustChain node, which is significant telemetry even if not 'credentials'.
Install Mechanism
There is no install specification in the skill bundle, but SKILL.md directs installation from public package registries (PyPI/npm). This creates a moderate-to-high risk because code will be fetched from the network at install time. SKILL.md's repeated claim that 'All miner scripts are bundled inside the package — no external downloads at install time' contradicts the explicit pip/npm install commands, making the install mechanism claims unreliable.
Credentials
The skill requests no environment variables or special system config paths, which is proportionate on its face. However, it will create files under ~/.clawskill, create a wallet, and periodically transmit hardware fingerprinting telemetry and a wallet name to remote nodes. The lack of declared credentials is not reassuring here because the telemetry and wallet data handling (private keys, backups, storage security) is unspecified.
Persistence & Privilege
The skill is not marked always:true and background service is opt-in per SKILL.md, which is reasonable. However, because the instructions can cause the agent to install and run external software and then perform recurring network attestation, autonomous invocation combined with the ability to fetch and install packages increases blast radius. This combination is noteworthy even though autonomous invocation alone is normal.
How to Use
- Make sure OpenClaw is installed (local or Docker)
- Run the install command in chat:
/install clawskill - After installation, invoke the skill by name or use
/clawskill - Provide required inputs per the skill's parameter spec and get structured output
Version History
v1.2.1
RTC miner wrapper with verification and consent
v1.2.0
Bundled miner scripts (no external downloads), CA-signed TLS certificate (Let's Encrypt), security-compliant install flow
v1.1.1
Security compliance: consent gates before download, opt-in background service (--service flag), SHA256 hash verification (--verify), --dry-run and --show-urls for pre-install audit
v1.0.0
Initial release: pip install clawskill / npm install -g clawskill. Mine RTC tokens on real hardware with 6 fingerprint checks, auto-attestation, built-in wallet. VMs detected and penalized.
Metadata
Frequently Asked Questions
What is ClawSkill?
Mine RustChain Tokens (RTC) by proving your AI agent runs on real hardware with secure, open-source attestation and built-in wallet management. It is an AI Agent Skill for Claude Code / OpenClaw, with 1219 downloads so far.
How do I install ClawSkill?
Run "/install clawskill" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.
Is ClawSkill free?
Yes, ClawSkill is completely free (open-source). You can download, install and use it at no cost.
Which platforms does ClawSkill support?
ClawSkill is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).
Who created ClawSkill?
It is built and maintained by AutoJanitor (@scottcjn); the current version is v1.2.1.
More Skills