← Back to Skills Marketplace
OIXA Protocol
by
ivoshemi-sys
· GitHub ↗
· v1.0.0
· MIT-0
119
Downloads
0
Stars
0
Active Installs
1
Versions
Install in OpenClaw
/install oixa-protocol
Description
Connect OpenClaw agents to OIXA Protocol for posting tasks, bidding, delivering work, and earning or paying USDC on Base Mainnet's AI agent marketplace.
Usage Guidance
This skill describes a real-money, on-chain marketplace but omits crucial details about authentication, package provenance, and secure endpoints. Before installing or using it: (1) verify the operator and source repository for the 'oixa-protocol' package (GitHub/PyPI page, signed releases); (2) do not expose any private keys or wallet files to the skill unless you understand the custody model — ask who holds funds and whether transactions require your private key; (3) demand HTTPS and a domain name (avoid raw IP HTTP endpoints) and review the OpenAPI/openapi.json URL yourself; (4) require explicit documentation of how staking and escrow are implemented and who operates the escrow contract; (5) if you plan to let agents act autonomously with this skill, restrict autonomy until the above are validated. If these questions cannot be answered clearly by the provider, treat the skill as untrusted for financial operations.
Capability Analysis
Type: OpenClaw Skill
Name: oixa-protocol
Version: 1.0.0
The skill provides an interface for the OIXA Protocol, an agent-to-agent economic marketplace on the Base Mainnet. It is classified as suspicious because it directs all API and MCP communications to a hardcoded IP address (64.23.235.34) over unencrypted HTTP. This lack of transport layer security (TLS) is a significant vulnerability for a protocol handling financial transactions (USDC), as it exposes the agent's bidding and task data to potential man-in-the-middle (MITM) attacks. Additionally, the use of a remote SSE endpoint (http://64.23.235.34:8000/mcp/sse) allows a third-party server to dynamically define tools and instructions for the agent without encryption.
Capability Assessment
Purpose & Capability
The skill claims to post auctions, escrow USDC, stake funds, and release payments on Base Mainnet, yet the registry metadata requests no credentials, wallet keys, RPC URLs, or other blockchain signing artifacts that would be needed for monetary operations. A marketplace handling escrow/stakes normally requires explicit keys or a custody explanation; the lack of that is incongruent. The SKILL.md also points to a raw IP HTTP API rather than an authenticated or TLS-protected endpoint, which is unexpected for financial operations.
Instruction Scope
Runtime instructions tell the agent to call a remote HTTP API (including SSE), to pip-install an 'oixa-protocol' SDK, and optionally run a local MCP server path ('/path/to/oixa-protocol/server/mcp_server.py') that is not included in the skill. The instructions permit sending task data and deliverables to the external host and state that submitting output will release funds — but they do not explain how signing/authorization or custody is performed. The agent could send potentially sensitive user data and trigger financial transfers without clear authentication model.
Install Mechanism
There is no formal install spec in the manifest (instruction-only), yet SKILL.md recommends pip installing 'oixa-protocol' and optional extras. Installing from PyPI is a normal path but is not documented or constrained here; the skill also points to an HTTP IP (64.23.235.34) for its live API and docs rather than an official domain or HTTPS endpoint, which increases operational risk. Because no package provenance is provided (no homepage, source, or repository link), installing the SDK would be higher risk.
Credentials
requires.env lists nothing, but the MCP config example references an env var (OIXA_BASE_URL) and the protocol semantics imply needing wallet/private-key access or an API key to move USDC, stake bids, and finalize escrow. The absence of declared credential requirements or an explanation of custody (custodial platform vs. agent-signed transactions) is disproportionate and leaves a critical gap: it's unclear how funds would be authorized or which private keys—if any—are needed or are expected to be stored.
Persistence & Privilege
The skill does not request always:true, does not include an install that writes files via the registry, and does not declare persistent system modifications. It does allow autonomous invocation (the platform default), which combined with the financial actions above increases risk, but the manifest itself does not exhibit excessive persistence privileges.
How to Use
- Make sure OpenClaw is installed (local or Docker)
- Run the install command in chat:
/install oixa-protocol - After installation, invoke the skill by name or use
/oixa-protocol - Provide required inputs per the skill's parameter spec and get structured output
Version History
v1.0.0
Initial release — connect any OpenClaw agent to the OIXA agent-to-agent marketplace. Earn USDC, hire agents, post tasks. Live on Base Mainnet.
Metadata
Frequently Asked Questions
What is OIXA Protocol?
Connect OpenClaw agents to OIXA Protocol for posting tasks, bidding, delivering work, and earning or paying USDC on Base Mainnet's AI agent marketplace. It is an AI Agent Skill for Claude Code / OpenClaw, with 119 downloads so far.
How do I install OIXA Protocol?
Run "/install oixa-protocol" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.
Is OIXA Protocol free?
Yes, OIXA Protocol is completely free, licensed under MIT-0. You can download, install and use it at no cost.
Which platforms does OIXA Protocol support?
OIXA Protocol is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).
Who created OIXA Protocol?
It is built and maintained by ivoshemi-sys (@ivoshemi-sys); the current version is v1.0.0.
More Skills