← Back to Skills Marketplace
arunnadarasa

Clawhub Krump Verify

by Arun Nadarasa · GitHub ↗ · v0.1.0
cross-platform ⚠ suspicious
426
Downloads
0
Stars
0
Active Installs
1
Versions
Install in OpenClaw
/install krumpverify
Description
Enables AI agents (e.g. OpenClaw) to understand and use Krump Verify for on-chain move verification against Story IP. Use when the user or agent needs to ver...
README (SKILL.md)

ClawHub & Krump Verify for Agents

Use this skill when working with ClawHub and Krump Verify: on-chain verification of dance moves against registered Story IP, with payment in USDC.k or via x402/EVVM payment receipts. Agents can perform verifications autonomously; humans can audit on-chain.

Building a similar app? See docs/BUILDING_WITH_EVVM_X402_STORY_AENEID.md for step-by-step EVVM/x402/USDC.k on Story Aeneid: architecture, failures (EVVM payment failed, IP registry, funding UX), and fixes.

What Krump Verify Does

  • Verification: Prove a move (hash of move/video data) against a registered Story IP asset. Fee is paid to treasury; a receipt is recorded on-chain and Verified(ipId, verifier, receiptHash, timestamp) is emitted.
  • Chain: Story Aeneid (chain ID 1315). Explorer: https://aeneid.storyscan.io.
  • Fee: USDC.k (6 decimals). Default verificationFee = 1e6 (1 USDC.k). Read from contract verificationFee().

Two Payment Flows

1. Direct (wallet pays on-chain)

  1. User/agent approves USDC.k for KrumpVerify: approve(KrumpVerify, verificationFee) on USDC.k contract.
  2. Call verifyMove(ipId, moveDataHash, proof) on KrumpVerify. Contract does transferFrom(msg.sender, treasury, verificationFee) then records receipt.

2. Receipt (x402 / EVVM; agent-friendly)

  1. Fund EVVM (one-time per payer): Approve USDC.k for EVVM Treasury, then call Treasury.deposit(USDC.k, amount) so the payer has EVVM internal balance.
  2. Sign x402 + EVVM: User signs EIP-712 TransferWithAuthorization (domain = adapter) and an EVVM message: hash payload must include "pay" and (to, '', token, amount, 0n); executor address(0); use getNextCurrentSyncNonce(payer) and isAsyncExec: false.
  3. Relayer (with RECEIPT_SUBMITTER_ROLE) calls adapter payViaEVVMWithX402(...) then submitPaymentReceipt(receiptId, payer, amount).
  4. Payer calls verifyMoveWithReceipt(ipId, moveDataHash, proof, paymentReceiptId). No on-chain transfer; receipt is consumed once. msg.sender must equal the receipt’s payer.

Use the receipt flow when the agent or user has already paid via x402 and has a receiptId (bytes32) to use.

EVVM / x402 Pitfalls (Reference)

  • "EVVM payment failed" on adapter: Hash payload must encode "pay" then (to, identity, token, amount, priorityFee); executor must be 0x0; use sync nonce from Core and isAsyncExec: false.
  • "IP registry not set": Contract’s IP Asset Registry (and License/Royalty if used) must be set at deploy or via setter.
  • No EVVM balance: Payer must complete Fund EVVM (approve + deposit to EVVM Treasury) before Pay via x402.

Key Data Shapes

Term Type Description
ipId address Story IP account address (from IP Asset Registry). Must be registered.
moveDataHash bytes32 keccak256 of move/video data (e.g. keccak256(toHex(utf8MoveData))).
proof bytes Optional; e.g. signature or reference. Can be 0x.
paymentReceiptId / receiptId bytes32 For receipt flow: id of the payment receipt submitted by relayer (0x + 64 hex).
receiptHash bytes32 Returned from verify; unique per (ipId, verifier, moveDataHash, timestamp, fee, proof).

Contract Surface (KrumpVerify)

  • Read: verificationFee(), paymentReceipts(bytes32) → (payer, amount, used), receiptUsed(bytes32).
  • Write (anyone): verifyMove(ipId, moveDataHash, proof), verifyMoveWithReceipt(ipId, moveDataHash, proof, paymentReceiptId).
  • Write (RECEIPT_SUBMITTER_ROLE): submitPaymentReceipt(receiptId, payer, amount).
  • Events: Verified(ipId, verifier, receiptHash, timestamp), PaymentReceiptSubmitted(receiptId, payer, amount).

Agents can discover a user’s unused receipts by querying PaymentReceiptSubmitted(payer=user) and filtering with paymentReceipts(receiptId).used == false.

Default Addresses (Story Aeneid)

  • KrumpVerify: 0x012eD5BfDd306Fa7e959383A8dD63213b7c7AeA5 (override with VITE_KRUMP_VERIFY_ADDRESS).
  • KrumpVerifyNFT: 0x602789919332d242A1Cb70d462CEbb570a53A6Ac.
  • KrumpTreasury: 0xa2e9245cE7D7B89554E86334a76fbE6ac5dc4617.
  • USDC.k: 0xd35890acdf3BFFd445C2c7fC57231bDE5cAFbde5.
  • EVVM Treasury: 0x977126dd6B03cAa3A87532784E6B7757aBc9C1cc.
  • EVVM Core: 0xa6a02E8e17b819328DDB16A0ad31dD83Dd14BA3b. EVVM Native x402 Adapter: 0xDf5eaED856c2f8f6930d5F3A5BCE5b5d7E4C73cc.

Relayer

  • Local: relayer/RELAYER_PRIVATE_KEY, KRUMP_VERIFY_ADDRESS; runs on port 7350. Frontend VITE_X402_RELAYER_URL for local: http://localhost:7350.
  • Production: Fly.io app krump-x402-relayer at https://krump-x402-relayer.fly.dev. Set fly secrets set RELAYER_PRIVATE_KEY=0x...; frontend VITE_X402_RELAYER_URL=https://krump-x402-relayer.fly.dev.

Deploy (Contracts)

  • Script: script/DeployAll.s.sol — deploys KrumpTreasury, KrumpVerify (with Story IP/License/Royalty set), KrumpVerifyNFT; deployer gets RECEIPT_SUBMITTER_ROLE. Optional RELAYER_ADDRESS in env to grant role to another address.
  • Command: ./deploy.sh or forge script script/DeployAll.s.sol:DeployAll --rpc-url https://aeneid.storyrpc.io --broadcast --gas-price 10000000000 --legacy. See DEPLOY.md.

Agent Autonomy and Human Oversight

  • Autonomous use: An agent with a wallet (or delegated signing) can pay via x402 (after Fund EVVM), have a relayer submit a receipt, then call verifyMoveWithReceipt. Or it can approve USDC.k and call verifyMove.
  • Human check: All verifications and payment receipts are on-chain; humans can audit via explorer, Verified / PaymentReceiptSubmitted events, and receiptUsed / paymentReceipts state.
  • Repo: Contract and frontend in this repo; frontend supports Fund EVVM, “Pay via x402”, “Load my receipts”, and “Verify with receipt”.

Quick Reference

  • Verify with wallet payment: approve(USDC.k) then verifyMove(ipId, moveDataHash, proof).
  • Verify with receipt: verifyMoveWithReceipt(ipId, moveDataHash, proof, paymentReceiptId) (payer must be msg.sender).
  • Submit receipt (relayer only): submitPaymentReceipt(receiptId, payer, amount); require amount >= verificationFee, payer != 0, receipt not already submitted.
  • EVVM/x402 build guide: docs/BUILDING_WITH_EVVM_X402_STORY_AENEID.md.

For full contract and env details, see repo README and DEPLOY.md and src/KrumpVerify.sol.

Usage Guidance
This SKILL.md looks like a genuine guide for using Krump Verify on Story Aeneid, but it documents actions that require private keys, relayer secrets, and deployment credentials even though the registry lists no required environment variables. Before installing or allowing an agent to use this skill: - Do not paste or upload private keys (RELAYER_PRIVATE_KEY, deployer keys) into the agent or skill. Prefer delegated signing (user wallet popups, hardware wallets, or a dedicated signing service with limited scope). - If you must use a relayer, review the relayer code (local or at the published URL) and run it yourself or use a trusted hosted relayer. Do not hand over a long‑lived private key unless you understand and accept the risk. - Prefer the receipt/EVVM flow so the agent consumes existing receipts rather than holding persistent funds or allowances. Keep allowances minimal (approve only the exact verificationFee). - Ask the skill author to update registry metadata to declare required env vars and to include explicit safety guidance (what secrets are needed, minimum permissions, and whether the agent ever stores secrets). - For deployments or any on‑chain writes, test on a sandbox/testnet and verify the default contract addresses before using mainnet funds. Because of the mismatch between declared requirements and the SKILL.md's secret‑handling instructions, treat this skill as suspicious until the author clarifies credential requirements and provides safer signing/relayer options.
Capability Analysis
Type: OpenClaw Skill Name: krumpverify Version: 0.1.0 The skill bundle describes a legitimate purpose: on-chain verification of dance moves using Krump Verify contracts on Story Aeneid. The `SKILL.md` provides detailed instructions for AI agents on how to interact with the blockchain, including payment flows (direct and receipt-based), contract addresses, and relayer information. There are no instructions for data exfiltration, unauthorized execution, persistence, or obfuscation. References to external documentation using relative paths (e.g., `../../../docs/BUILDING_WITH_EVVM_X402_STORY_AENEID.md`) are passive ('See X for details') and do not instruct the agent to actively read or execute content from arbitrary file paths, thus not indicating malicious intent or a direct prompt injection attempt from the skill itself.
Capability Assessment
Purpose & Capability
The name and description match the SKILL.md: it describes Krump Verify usage, payment flows (USDC.k and EVVM/x402), contract read/write surfaces, relayer, and deployment. That functionality is internally consistent with an on‑chain verification helper. However, the SKILL.md documents several environment variables and secrets (e.g., RELAYER_PRIVATE_KEY, VITE_X402_RELAYER_URL, VITE_KRUMP_VERIFY_ADDRESS, optional RELAYER_ADDRESS, fly secrets) which the registry metadata does not declare — this discrepancy suggests the skill will expect or instruct use of secrets even though none are listed.
Instruction Scope
The instructions tell agents how to approve tokens, call contract methods, sign EIP‑712 TransferWithAuthorization payloads, fund EVVM and submit receipts, and even run deployment scripts and relayers. Those actions legitimately belong to an on‑chain verification skill, but several steps require private keys or files (RELAYER_PRIVATE_KEY, deployer key) and interacting with remote relayers. The doc also instructs discovery of user receipts by querying events filtered to payer=user — this implies the agent will need the user's address/wallet context. There is no explicit guard text telling an agent not to request or store private keys from the user.
Install Mechanism
This is an instruction-only skill with no install spec and no code files, which minimizes disk write and supply‑chain risk. There is no download or external install step documented.
Credentials
Although registry metadata declares no required env vars, the SKILL.md expects and documents multiple sensitive environment values (RELAYER_PRIVATE_KEY, VITE_* variables, optional RELAYER_ADDRESS, and instructions to set Fly secrets). Requiring a private key or deployer key is a high‑privilege action for a helper skill; the metadata should have declared these if needed. The lack of declared credentials plus detailed secret usage is disproportionate and a red flag.
Persistence & Privilege
The skill does not request always:true and does not request to modify other skills or agent system settings. Autonomous invocation is allowed (platform default), which is expected for agent skills, but when combined with signing/secret usage it increases risk — note: autonomous invocation alone is not being flagged per guidance.
How to Use
  1. Make sure OpenClaw is installed (local or Docker)
  2. Run the install command in chat: /install krumpverify
  3. After installation, invoke the skill by name or use /krumpverify
  4. Provide required inputs per the skill's parameter spec and get structured output
Version History
v0.1.0
Initial release of clawhub-krump-verify: on-chain move verification for Story IP with USDC.k and x402/EVVM integration. - Agents and users can verify dance moves against registered Story IP assets on Story Aeneid (chain ID 1315). - Supports two payment flows: direct USDC.k wallet payments or EVVM/x402 receipt-based payments (agent/relayer-friendly). - Exposes key contract functions: `verifyMove`, `verifyMoveWithReceipt`, and payment receipt submission for relayers. - All verification and payment events are on-chain and auditable; frontend and reference guides provided. - Includes detailed setup for agents, relayer, contract addresses, and troubleshooting common EVVM/x402 issues.
Metadata
Slug krumpverify
Version 0.1.0
License
All-time Installs 0
Active Installs 0
Total Versions 1
Frequently Asked Questions

What is Clawhub Krump Verify?

Enables AI agents (e.g. OpenClaw) to understand and use Krump Verify for on-chain move verification against Story IP. Use when the user or agent needs to ver... It is an AI Agent Skill for Claude Code / OpenClaw, with 426 downloads so far.

How do I install Clawhub Krump Verify?

Run "/install krumpverify" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.

Is Clawhub Krump Verify free?

Yes, Clawhub Krump Verify is completely free (open-source). You can download, install and use it at no cost.

Which platforms does Clawhub Krump Verify support?

Clawhub Krump Verify is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).

Who created Clawhub Krump Verify?

It is built and maintained by Arun Nadarasa (@arunnadarasa); the current version is v0.1.0.

More Skills
self-improving agent
Captures learnings, errors, and corrections to enable continuous improvement. Use when: (1) A command or operation fails unexpectedly, (2) User corrects Clau...
⬇ 463283 · by pskoett
Skill Vetter
Security-first skill vetting for AI agents. Use before installing any skill from ClawdHub, GitHub, or other sources. Checks for red flags, permission scope, and suspicious patterns.
⬇ 259410 · by spclaudehome
Polymarket
Query Polymarket prediction markets. Check odds, find trending markets, search events, track price movements.
⬇ 232503 · by joelchance
Self-Improving + Proactive Agent
Self-reflection + Self-criticism + Self-learning + Self-organizing memory. Agent evaluates its own work, catches mistakes, and improves permanently. Use when...
⬇ 200423 · by ivangdavila
Github
Interact with GitHub using the `gh` CLI. Use `gh issue`, `gh pr`, `gh run`, and `gh api` for issues, PRs, CI runs, and advanced queries.
⬇ 191115 · by steipete
ontology
Typed knowledge graph for structured agent memory and composable skills. Use when creating/querying entities (Person, Project, Task, Event, Document), linkin...
⬇ 190156 · by oswalpalash

💬 Comments