← Back to Skills Marketplace
XMTP CLI
by
humanagent
· GitHub ↗
· v1.0.0
1644
Downloads
1
Stars
1
Active Installs
1
Versions
Install in OpenClaw
/install xmtp-cli
Description
Run and script the XMTP CLI for testing, debugging, and interacting with XMTP conversations, groups, and messages. Use when the user needs init, send, list, groups, debug, sync, permissions, or content commands from the CLI.
Usage Guidance
This skill's documentation looks like legitimate XMTP CLI usage, but note two things before installing or using it: (1) the SKILL.md expects you to create a .env containing XMTP_WALLET_KEY (your Ethereum private key) and XMTP_DB_ENCRYPTION_KEY — extremely sensitive values. Never paste a real production private key into an untrusted package's config; prefer ephemeral wallets, hardware wallets, or a provider-based auth flow. (2) The skill metadata does not provide a source or homepage and does not declare the required env vars — verify you are installing the official @xmtp/cli from the npm registry (check the package owner, release page, and package contents) and confirm the package integrity (checksums/signatures) before installing. If you must use this skill, run it in an isolated environment (container/VM) and avoid storing long-term private keys in plaintext .env files. If possible, consult the official docs at https://docs.xmtp.org and install only from the official project pages.
Capability Analysis
Type: OpenClaw Skill
Name: xmtp-cli
Version: 1.0.0
The OpenClaw AgentSkills bundle for the XMTP CLI is benign. It provides instructions and commands for installing and interacting with the XMTP command-line interface, including managing conversations, groups, messages, and debugging. While the skill handles sensitive information like private keys (`XMTP_WALLET_KEY`) and database encryption keys (`XMTP_DB_ENCRYPTION_KEY`) in `setup/rules/env-variables.md` and `setup/rules/init.md`, these are explicitly for configuring the XMTP CLI itself, not for exfiltration or unauthorized access. There is no evidence of prompt injection, malicious execution, data exfiltration to external endpoints, persistence mechanisms, or obfuscation. All actions are clearly aligned with the stated purpose of managing the XMTP CLI.
Capability Assessment
Purpose & Capability
The name/description match the instructions: the skill documents how to use the @xmtp/cli to init, send, list, groups, sync, debug, permissions, and content. Sub-skill topics and commands are coherent with a messaging CLI.
Instruction Scope
SKILL.md and the sub-skill docs instruct only CLI commands, env setup, and use of the XMTP gateway; they do not direct the agent to read arbitrary system files, exfiltrate data, or post to unknown endpoints. Using a custom gateway URL is permitted by the tool and documented.
Install Mechanism
This is an instruction-only skill with no install spec; it recommends installing the official npm package (@xmtp/cli) or running via npx/pnpx/dlx — a standard, low-risk approach. No arbitrary download URLs or extract steps are included in the skill bundle.
Credentials
The skill registry lists no required env vars, but the runtime docs explicitly require highly sensitive variables (XMTP_WALLET_KEY — a private key, and XMTP_DB_ENCRYPTION_KEY) plus optional gateway and debug flags. That mismatch (declared none vs. instructions requiring secrets) is an incoherence and a red flag: supplying a private key in a .env is sensitive and should be carefully justified and validated. The need for these variables is proportional to a CLI that signs messages, but the skill should have declared them in metadata and warned about risks.
Persistence & Privilege
The skill does not request always:true, does not modify other skills, and has no install-time persistence in the bundle. Agent autonomous invocation is allowed (platform default) but not combined with other high-risk properties here.
How to Use
- Make sure OpenClaw is installed (local or Docker)
- Run the install command in chat:
/install xmtp-cli - After installation, invoke the skill by name or use
/xmtp-cli - Provide required inputs per the skill's parameter spec and get structured output
Version History
v1.0.0
Initial release of xmtp-cli skill
- Provides a command-line interface for testing, debugging, and interacting with XMTP conversations, groups, and messages.
- Supports commands for init, send, list, groups, debug, sync, permissions, and content demonstrations.
- Includes sub-skills for specialized tasks (setup, groups, send, list, debug, sync, permissions, content, debugging).
- Installation instructions and usage guidance are provided.
- Links to full documentation for additional help.
Metadata
Frequently Asked Questions
What is XMTP CLI?
Run and script the XMTP CLI for testing, debugging, and interacting with XMTP conversations, groups, and messages. Use when the user needs init, send, list, groups, debug, sync, permissions, or content commands from the CLI. It is an AI Agent Skill for Claude Code / OpenClaw, with 1644 downloads so far.
How do I install XMTP CLI?
Run "/install xmtp-cli" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.
Is XMTP CLI free?
Yes, XMTP CLI is completely free (open-source). You can download, install and use it at no cost.
Which platforms does XMTP CLI support?
XMTP CLI is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).
Who created XMTP CLI?
It is built and maintained by humanagent (@humanagent); the current version is v1.0.0.
More Skills