← Back to Skills Marketplace
1378
Downloads
1
Stars
0
Active Installs
1
Versions
Install in OpenClaw
/install usd1
Description
Securely transfer USD1 (USDC on Wormhole) between wallets via Wormhole Liquidity Facility on Testnet, returning transaction hash and status.
Usage Guidance
This skill appears to do what it says (transfer USD1 via Wormhole) but exercise caution before installing or running it with real funds:
- Private key handling: the skill requires a raw privateKey input. Avoid pasting production private keys. Prefer a signing service, ephemeral/test keys, or hardware wallet integration rather than exposing raw keys to skills.
- Test first: run only on testnet and with very small amounts until you verify behavior. SKILL.md says Testnet by default, but confirm runtime actually uses testnet endpoints in your environment.
- Address format: double-check the recipient address encoding for the chosen chain (the code constructs a UniversalAddress with 'hex' which may be incorrect for some chains such as Solana). Sending to a malformed address can irreversibly lose funds.
- Dependency/supply-chain risk: there is a package-lock with many npm dependencies (some with deprecation/security notes). Audit or vendor the dependencies and run dependency scanners before installing in sensitive environments.
- Operational controls: restrict this skill to user-invoked use only (do not enable it to run autonomously), and review logs/outputs for unexpected network calls. If possible, require an explicit approval step before sending transactions.
If you want, I can: (a) list the dependency warnings found in package-lock, (b) check the code for specific address-format fixes, or (c suggest a safer design that uses an external signer instead of raw private keys.
Capability Analysis
Type: OpenClaw Skill
Name: usd1
Version: 1.0.0
The skill bundle is classified as benign. The `SKILL.md` clearly outlines the purpose of transferring USD1 (USDC on Wormhole) and explicitly marks the `privateKey` input as 'secure', reinforcing safe handling by the agent. The `index.js` code implements this functionality directly using the `@wormhole-foundation/sdk` and `@wormhole-foundation/sdk-base` libraries, operating on the 'Testnet' as specified. There is no evidence of data exfiltration, malicious execution, persistence mechanisms, or prompt injection attempts against the agent. Dependencies listed in `package-lock.json` are extensive but appear to be legitimate components of a multi-chain blockchain SDK.
Capability Assessment
Purpose & Capability
The skill name/SKILL.md describe a USD1 (Wormhole/USDC) transfer and the index.js implements a transfer using the Wormhole SDK. Required input (private key, amount, recipient) is consistent with a wallet transfer. Minor implementation issues (address format and numeric conversion) are present but do not indicate misalignment with the stated purpose.
Instruction Scope
SKILL.md confines behavior to performing a transfer and asks for the sender private key as a secure input. The runtime code only uses provided inputs and the Wormhole SDK; it does not read other files or unrelated environment variables. Note: instructions require direct private key input (raw key material), which expands the attacker surface if mishandled.
Install Mechanism
No install spec is provided (instruction-only), but a package.json and package-lock exist listing @wormhole-foundation/* and many third-party npm deps. There is no direct download-from-URL risk, but a dependency-heavy npm tree increases supply-chain risk and includes packages with deprecation/security notes (see guidance).
Credentials
No environment variables or external credentials are requested beyond the sender private key (provided as a secure input), which is proportionate for a wallet transfer. The skill does not demand unrelated secrets or system credentials.
Persistence & Privilege
The skill does not request always:true, does not declare system-wide config changes, and appears not to persist or escalate privileges. Agent autonomous invocation remains enabled by default (platform behavior) but is not requested by the skill itself.
How to Use
- Make sure OpenClaw is installed (local or Docker)
- Run the install command in chat:
/install usd1 - After installation, invoke the skill by name or use
/usd1 - Provide required inputs per the skill's parameter spec and get structured output
Version History
v1.0.0
USD1 WLF Transfer Skill 1.0.0 – Initial release
- Securely transfer USD1 (USDC on Wormhole) between wallets using Wormhole Liquidity Facility.
- Supports checking sender wallet balance (optional).
- Returns transaction hash, status, and descriptive message after a transfer.
- Operates on Testnet by default for enhanced safety.
- Requires amount, recipient address, and sender private key as input. Chain selection is optional.
Metadata
Frequently Asked Questions
What is usd1 transfer?
Securely transfer USD1 (USDC on Wormhole) between wallets via Wormhole Liquidity Facility on Testnet, returning transaction hash and status. It is an AI Agent Skill for Claude Code / OpenClaw, with 1378 downloads so far.
How do I install usd1 transfer?
Run "/install usd1" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.
Is usd1 transfer free?
Yes, usd1 transfer is completely free (open-source). You can download, install and use it at no cost.
Which platforms does usd1 transfer support?
usd1 transfer is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).
Who created usd1 transfer?
It is built and maintained by AsgherAli (@asgherali); the current version is v1.0.0.
More Skills