← Back to Skills Marketplace
243
Downloads
0
Stars
0
Active Installs
1
Versions
Install in OpenClaw
/install use-usdc
Description
USDC is Circle's stablecoin deployed across multiple blockchain ecosystems including EVM chains (Ethereum, Base, Arbitrum, Polygon, Arc) and Solana. Use this...
Usage Guidance
This skill appears to implement legitimate USDC operations for EVM and Solana, but it has an important mismatch: the documentation and examples expect you to provide private keys (via PRIVATE_KEY or SOLANA_PRIVATE_KEY env vars or local files), yet the skill metadata declares no required credentials. Before installing or using it: (1) do not paste your main/private keys into an untrusted agent — prefer hardware wallets, wallet-connect flows, or ephemeral/testnet keys; (2) insist the skill metadata be updated to explicitly declare required env vars/credential usage so you know what will be requested; (3) test all flows on testnets and faucets first; (4) prefer storing secrets in a secrets manager, not plaintext files, and verify any suggested file paths and .gitignore guidance; (5) review any npm packages the agent will install (viem, @solana/kit) and the exact RPC endpoints used (ensure they are official or self-hosted) to avoid accidental exfiltration. If you want, ask the skill author to add explicit metadata listing PRIVATE_KEY / SOLANA_PRIVATE_KEY and to provide optional hardware-wallet or signing-provider options instead of raw private-key instructions.
Capability Analysis
Type: OpenClaw Skill
Name: use-usdc
Version: 0.1.0
The skill provides instructions for an AI agent to perform USDC transactions on EVM and Solana chains. While it includes defensive security rules and requires user confirmation for write operations, it explicitly guides the agent to read private keys from environment variables and specific filesystem paths like `~/.ethereum/keys/` and `~/.solana/keys/` in `references/evm.md` and `references/solana.md`. This represents a high-risk capability that could be leveraged for credential exfiltration if the agent's instructions are subverted via prompt injection, although no clear malicious intent is present in the provided code logic.
Capability Assessment
Purpose & Capability
The skill's name and description (interact with USDC on EVM and Solana) match the code patterns in the guidance (balance checks, transfers, approvals). Recommending viem and @solana/kit is proportionate for the stated functionality. However, the skill metadata declares no required credentials while the runtime instructions clearly expect private keys for write operations — an inconsistency worth noting.
Instruction Scope
SKILL.md and the reference files explicitly instruct the agent to read environment variables (PRIVATE_KEY, SOLANA_PRIVATE_KEY) and local files under user home paths (~/.ethereum/keys/*, ~/.solana/keys/*). Those actions go beyond purely read-only queries and involve handling private keys. The metadata did not declare these env vars or file access patterns. While the file reads are necessary for write operations, the agent instructions do not restrict or limit when/how secrets are accessed (e.g., they allow file reads and env reads without metadata disclosure).
Install Mechanism
This is an instruction-only skill with no install spec, which is lowest-risk from an automatic-install perspective. It recommends installing npm packages (viem, @solana/kit, @solana-program/token, etc.), which is expected for this functionality and not disproportionate.
Credentials
The references require sensitive secrets for write operations (PRIVATE_KEY and SOLANA_PRIVATE_KEY or file copies). The skill metadata lists no required env vars or primary credential, so a user may not realize they must supply private keys. Requesting raw private keys (or instructions to store them in plaintext files) is high-risk unless explicit safeguards are used (hardware wallets, ephemeral keys, or a secrets manager).
Persistence & Privilege
The skill is not always-enabled and allows user invocation only. It does not request persistent system-wide privileges or claim to modify other skills' configs. That's appropriate for its purpose.
How to Use
- Make sure OpenClaw is installed (local or Docker)
- Run the install command in chat:
/install use-usdc - After installation, invoke the skill by name or use
/use-usdc - Provide required inputs per the skill's parameter spec and get structured output
Version History
v0.1.0
use-usdc v0.1.0 – Initial release
- Enables USDC balance checks, transfers, approvals, and transaction verification on both EVM-compatible blockchains (Ethereum, Base, Arbitrum, Polygon, etc.) and Solana.
- Provides quick-reference USDC contract and mint addresses for supported mainnets and testnets.
- Details best practices and security rules for interacting with USDC on-chain.
- Offers clear setup and per-ecosystem implementation guidelines, including key differences between EVM and Solana.
- Lists alternatives for bridging or unified multi-chain USDC operations.
Metadata
Frequently Asked Questions
What is Use Usdc?
USDC is Circle's stablecoin deployed across multiple blockchain ecosystems including EVM chains (Ethereum, Base, Arbitrum, Polygon, Arc) and Solana. Use this... It is an AI Agent Skill for Claude Code / OpenClaw, with 243 downloads so far.
How do I install Use Usdc?
Run "/install use-usdc" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.
Is Use Usdc free?
Yes, Use Usdc is completely free, licensed under MIT-0. You can download, install and use it at no cost.
Which platforms does Use Usdc support?
Use Usdc is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).
Who created Use Usdc?
It is built and maintained by Madelyn (@mscandlen3); the current version is v0.1.0.
More Skills