← Back to Skills Marketplace
l0c0luke

Millionfinney Homepage

by Luke Ollett · GitHub ↗ · v1.2.0
cross-platform ⚠ suspicious
546
Downloads
0
Stars
0
Active Installs
3
Versions
Install in OpenClaw
/install millionfinney-homepage
Description
Learn how to claim pixels on MillionFinneyHomepage, a 1000x1000 on-chain pixel grid. This guide covers art generation, IPFS uploading, and the Founding Bot A...
Usage Guidance
This skill appears to be a legitimate educational guide for claiming pixels, but be cautious: it includes a runnable Python script and examples that assume you will supply an RPC URL and a PRIVATE_KEY to perform on-chain actions. Before using or running anything: (1) verify the contract address on-chain and confirm the official project domain (millionfinneyhomepage.com) from independent sources; (2) never paste your private key into a skill or chat — use a hardware wallet or a temporary testnet key when experimenting; (3) prefer testing on a public testnet (Sepolia/Goerli) before mainnet; (4) inspect the IPFS upload API and privacy policy for the project if you plan to use their upload endpoint (uploads can tie your wallet to media and may be stored on their backend); (5) review scripts locally (the included Python script only performs offline image processing) and run them offline before handing any credentials to tooling; (6) if you want the skill to perform transactions, require explicit declaration of needed env vars and limit autonomous invocation. If you are unsure about any of the on-chain or API steps, ask for clarification or assistance from a knowledgeable human before proceeding.
Capability Analysis
Type: OpenClaw Skill Name: millionfinney-homepage Version: 1.2.0 The skill bundle is classified as suspicious due to a potential path traversal vulnerability in `scripts/image_to_pixels.py`. The script takes `--json` and `--csv` file paths as arguments, which, if controlled by a malicious prompt injection, could allow an AI agent to write to arbitrary file locations (e.g., `../../../../etc/passwd`). While the script's core functionality is benign (converting images to pixel data), this lack of input sanitization for file paths presents a vulnerability. There is no evidence of intentional malicious behavior like data exfiltration, backdoors, or unauthorized network activity.
Capability Assessment
Purpose & Capability
Name, description, SKILL.md, contract reference, pixel-art guide, and the provided Python rasterizer are coherent with a pixel-claiming guide. Nothing in the files requests unrelated cloud credentials or system-wide access.
Instruction Scope
SKILL.md repeatedly emphasizes 'educational' and 'no code execution', but the repository includes a runnable script (scripts/image_to_pixels.py) and code examples that demonstrate on-chain purchases and IPFS uploads. The guide's examples reference environment variables (e.g., process.env.PRIVATE_KEY, RPC_URL) and an upload API — these are operational instructions that, if followed, require secrets and network calls. The SKILL.md does not explicitly instruct running the script, but its presence means an agent or user could run it; the mismatch between 'no execution' and provided runnable code is an inconsistency.
Install Mechanism
No install spec is present and the skill is instruction-only aside from the helper script; nothing is fetched from remote URLs during install. This is low risk in terms of installation mechanism.
Credentials
The skill declares no required environment variables, yet the Ethers.js examples reference RPC_URL and PRIVATE_KEY for signing transactions. The contract docs show an IPFS upload API that expects an address and EIP-191 signatures. Asking for or using private keys/RPC endpoints is appropriate for on-chain actions, but the skill should declare these needs explicitly. The omission is an incoherence and increases risk if a user or agent supplies secrets without understanding why.
Persistence & Privilege
always:false and no install hooks or config writes are present; the skill does not request persistent system privileges or automatic inclusion. Autonomous invocation is allowed by default but is not combined with other high-risk flags here.
How to Use
  1. Make sure OpenClaw is installed (local or Docker)
  2. Run the install command in chat: /install millionfinney-homepage
  3. After installation, invoke the skill by name or use /millionfinney-homepage
  4. Provide required inputs per the skill's parameter spec and get structured output
Version History
v1.2.0
Updated to educational format - removed executable code patterns, clarified this is a learning guide, added safety best practices
v1.1.0
Added 4 art generation methods, Founding Bot Artists Program, step-by-step guide
v1.0.0
MillionFinneyHomepage initial release — launch of the first on-chain, bot-created pixel art NFT grid. - Claim and customize NFTs on a 1000×1000 pixel Ethereum canvas (each pixel = 1 NFT). - Includes guides for programmatic art generation, OpenAI/DALL-E prompts, and Python scripts for pixel art. - Step-by-step instructions for claiming, uploading to IPFS, and setting pixel metadata. - "Founding Bot Artists" program for early large-scale contributors. - Reference links for contract details, art techniques, and further help.
Metadata
Slug millionfinney-homepage
Version 1.2.0
License
All-time Installs 0
Active Installs 0
Total Versions 3
Frequently Asked Questions

What is Millionfinney Homepage?

Learn how to claim pixels on MillionFinneyHomepage, a 1000x1000 on-chain pixel grid. This guide covers art generation, IPFS uploading, and the Founding Bot A... It is an AI Agent Skill for Claude Code / OpenClaw, with 546 downloads so far.

How do I install Millionfinney Homepage?

Run "/install millionfinney-homepage" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.

Is Millionfinney Homepage free?

Yes, Millionfinney Homepage is completely free (open-source). You can download, install and use it at no cost.

Which platforms does Millionfinney Homepage support?

Millionfinney Homepage is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).

Who created Millionfinney Homepage?

It is built and maintained by Luke Ollett (@l0c0luke); the current version is v1.2.0.

More Skills
self-improving agent
Captures learnings, errors, and corrections to enable continuous improvement. Use when: (1) A command or operation fails unexpectedly, (2) User corrects Clau...
⬇ 463815 · by pskoett
Skill Vetter
Security-first skill vetting for AI agents. Use before installing any skill from ClawdHub, GitHub, or other sources. Checks for red flags, permission scope, and suspicious patterns.
⬇ 259802 · by spclaudehome
Polymarket
Query Polymarket prediction markets. Check odds, find trending markets, search events, track price movements.
⬇ 232503 · by joelchance
Self-Improving + Proactive Agent
Self-reflection + Self-criticism + Self-learning + Self-organizing memory. Agent evaluates its own work, catches mistakes, and improves permanently. Use when...
⬇ 200680 · by ivangdavila
Github
Interact with GitHub using the `gh` CLI. Use `gh issue`, `gh pr`, `gh run`, and `gh api` for issues, PRs, CI runs, and advanced queries.
⬇ 191345 · by steipete
ontology
Typed knowledge graph for structured agent memory and composable skills. Use when creating/querying entities (Person, Project, Task, Event, Document), linkin...
⬇ 190333 · by oswalpalash

💬 Comments