← Back to Skills Marketplace
708
Downloads
2
Stars
0
Active Installs
8
Versions
Install in OpenClaw
/install pinata-erc-8004
Description
Register and verify ERC-8004 AI agents on-chain using Pinata IPFS and Viem for blockchain transactions
Usage Guidance
This skill is coherent with its purpose but handles very sensitive credentials. Before installing: 1) Use a dedicated wallet containing only minimal ETH for gas (not your primary wallet); 2) Use a Pinata API key scoped to the smallest necessary permissions or a dedicated Pinata account; 3) Never paste your private key into chat — supply it only via environment variables to the agent runtime; 4) Require and read the confirmation prompts before approving any transaction or deletion; 5) Prefer testing on testnets first; 6) Audit any generated Node.js script before executing it locally. If you cannot follow these precautions, do not install or use the skill.
Capability Analysis
Type: OpenClaw Skill
Name: pinata-erc-8004
Version: 1.0.7
The skill facilitates on-chain registration of AI agents using the ERC-8004 standard, requiring high-risk credentials including a 'PRIVATE_KEY' and 'PINATA_JWT' (SKILL.md). While the instructions include extensive security guardrails—such as mandatory confirmation protocols, strict domain allowlisting (api.pinata.cloud, base.org), and hardcoded contract addresses—the inherent capability to sign blockchain transactions and manage sensitive secrets constitutes a high-risk profile. The reliance on the AI agent's instruction-following to prevent credential leakage and unauthorized asset transfers is an architectural risk that warrants a suspicious classification despite the lack of clear malicious intent.
Capability Tags
Capability Assessment
Purpose & Capability
Name/description match required resources: Pinata API token (PINATA_JWT) for IPFS uploads and an Ethereum private key (PRIVATE_KEY) for signing transactions; node is required to run generated scripts. These are expected for on‑chain registration and IPFS storage.
Instruction Scope
SKILL.md contains extensive runtime instructions, mandatory user confirmation templates, and explicit credential-handling rules that keep behavior scoped to Pinata and Viem. This is appropriate, but the skill relies on the agent and the user to enforce the rules (e.g., not leaking the private key and always requiring explicit confirmations).
Install Mechanism
Instruction-only skill with no install spec and no downloaded code — lowest installation risk. Agent will generate/run Node.js scripts at runtime rather than installing packages from arbitrary URLs.
Credentials
Requires three environment values (PINATA_JWT, PINATA_GATEWAY_URL, PRIVATE_KEY). These are justified for the stated purpose but are high-risk (especially PRIVATE_KEY). The SKILL.md explicitly warns about this and prescribes using a dedicated low-value wallet and restricted Pinata API keys.
Persistence & Privilege
always is false and there are no requested config paths. The skill can be invoked autonomously (platform default), which is expected; no indication it requests permanent elevated presence or modifies other skills.
How to Use
- Make sure OpenClaw is installed (local or Docker)
- Run the install command in chat:
/install pinata-erc-8004 - After installation, invoke the skill by name or use
/pinata-erc-8004 - Provide required inputs per the skill's parameter spec and get structured output
Version History
v1.0.7
No changes detected in this version. Transferring ownership to the Pinata org.
- Version 1.0.7 released with no file modifications.
- No updates to functionality, documentation, or metadata.
v1.0.6
**Summary: Enhanced security posture with strict credential and external data handling restrictions.**
- Added explicit rules prohibiting output or leakage of PRIVATE_KEY and PINATA_JWT in all forms of agent output.
- Introduced a new "THREAT MODEL" section, outlining untrusted data sources and stricter denial by default for write operations.
- Clarified boundaries for usage of addresses and data from untrusted external sources (IPFS/API responses).
- Added "Credential Handling Rules (Absolute)" including Node.js environment variable requirements in code generation.
- Updated forbidden operations section to prohibit use of addresses/contracts from IPFS or API responses unless validated against a hardcoded allowlist.
- Emphasized that credentials must only be referenced as environment variables in code and must never appear in chat, file, HTTP request, log, or code outputs.
v1.0.5
Correct namespace for ENV variables
v1.0.4
## pinata-erc-8004 v1.0.4 Changelog
- Major documentation overhaul: Critical security warnings and safe usage guidelines are now more clearly explained with explicit confirmation templates and forbidden-operation checklists.
- Strengthened prompt injection protections and added detailed AI agent response protocols for suspicious or high-risk requests.
- Added security checklist and operational limit recommendations for file management and blockchain transactions.
- Enhanced clarity for users about required credentials, risks, and safe/unsafe operations.
- No code changes; documentation and security best practices only.
v1.0.3
Version 1.0.3
- No file changes detected in this release.
- Documentation, metadata, and instructions remain unchanged.
v1.0.2
- Added a link to the GitHub repository in the usage instructions section.
- No other user-facing or functional changes.
v1.0.1
## pinata-erc-8004 v1.0.1 Changelog
- Added critical security warnings and best practice guidance to the documentation.
- Clarified that explicit user confirmation is required for any blockchain transaction, NFT transfer, or file deletion/upload operations.
- Explained the risks and mitigations for environment variables, especially `PRIVATE_KEY` and `PINATA_JWT`.
- Listed safe read-only operations that do not need user confirmation.
- Provided prompt injection warnings and guidance for suspicious or unexpected requests.
v1.0.0
Initial public release of pinata-erc-8004:
- Enables on-chain registration and verification of ERC-8004 AI agents using Pinata IPFS storage and Viem for blockchain interactions.
- Provides a step-by-step guide for agent card creation, uploading to IPFS, NFT minting, metadata updates, and URI management.
- Documents required environment variables for secure operation.
- Includes detailed API instructions for interacting with Pinata and ERC-8004 smart contracts.
- Lists agent JSON card structure and registration workflow for easy onboarding.
Metadata
Frequently Asked Questions
What is Pinata ERC-8004?
Register and verify ERC-8004 AI agents on-chain using Pinata IPFS and Viem for blockchain transactions. It is an AI Agent Skill for Claude Code / OpenClaw, with 708 downloads so far.
How do I install Pinata ERC-8004?
Run "/install pinata-erc-8004" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.
Is Pinata ERC-8004 free?
Yes, Pinata ERC-8004 is completely free, licensed under MIT-0. You can download, install and use it at no cost.
Which platforms does Pinata ERC-8004 support?
Pinata ERC-8004 is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).
Who created Pinata ERC-8004?
It is built and maintained by Pinata (@pinata); the current version is v1.0.7.
More Skills