← Back to Skills Marketplace
robwoodgate

Cashu Emoji

by Rob Woodgate · GitHub ↗ · v0.1.0
cross-platform ⚠ suspicious
693
Downloads
0
Stars
1
Active Installs
1
Versions
Install in OpenClaw
/install cashu-emoji
Description
Encode and decode Cashu tokens that are hidden inside emojis using Unicode variation selectors.
README (SKILL.md)

Cashu Emoji Tokens (Variation Selector encoding)

This skill helps agents decode Cashu tokens received as emoji (and encode tokens for sending), and it also supports general hidden messages inside emojis.

If the decoded text starts with cashu, it’s likely a Cashu token. Otherwise treat it as a plain hidden message.

Why this exists

Some services embed a cashu... token into an emoji using Unicode variation selectors (VS1..VS256). Chat apps often display only the emoji, but preserve the hidden selector characters.

Important: many messengers can truncate or normalize Unicode. If the variation selectors are lost, the embedded token cannot be recovered.

Quickstart (copy/paste)

git clone https://github.com/robwoodgate/cashu-emoji.git
cd cashu-emoji
npm ci

# decode a whole message (recommended)
node ./bin/cashu-emoji.js decode "\x3Cpaste message>"

# decode and print mint/unit/amount if it’s a cashu token
node ./bin/cashu-emoji.js decode "\x3Cpaste message>" --metadata

# decode as structured JSON (agent-friendly)
node ./bin/cashu-emoji.js decode "\x3Cpaste message>" --metadata --json

# encode a hidden message
node ./bin/cashu-emoji.js encode "🥜" "hello from inside an emoji"

# encode a cashu token
node ./bin/cashu-emoji.js encode "🥜" "cashuB..."

What you can do

1) Decode

  • Input: entire message text (may include other text/emojis)
  • Output: the embedded UTF‑8 text, usually a cashuA.../cashuB... token
node ./bin/cashu-emoji.js decode "\x3Cpaste entire message>"

Decode semantics (important): the decoder ignores normal characters until it finds the first variation-selector byte, then collects bytes until the first normal character after that payload begins.

2) Encode

  • Input: a carrier emoji (recommend 🥜) and a token string
  • Output: an emoji string that visually looks like the emoji but contains the hidden token
node ./bin/cashu-emoji.js encode "🥜" "cashuB..."

Tip: some messengers are less likely to deliver a truncated/corrupted emoji-token if any normal text follows it (even a single character). It’s not required, just a delivery reliability trick.

Tip (Telegram): sending the emoji-token inside a code block / “monospace” formatting can help preserve the hidden characters and makes it easier to tap-to-copy.

Optional metadata

To sanity-check the decoded token without redeeming it, you can request metadata.

For programmatic/agent use, prefer JSON output:

node ./bin/cashu-emoji.js decode "\x3Cmessage>" --metadata --json

Example JSON response (Cashu token):

{
  "text": "cashuB...",
  "isCashu": true,
  "metadata": {
    "mint": "https://mint.example",
    "unit": "sat",
    "amount": 21
  },
  "metadataError": null
}

Example JSON response (plain hidden message):

{
  "text": "hello from inside an emoji",
  "isCashu": false
}

node ./bin/cashu-emoji.js decode "\x3Cmessage>" --metadata

This prints mint/unit/amount using @cashu/cashu-ts getTokenMetadata() (no mint calls).

Cashu gotchas for new agents

  • A decoded cashu... token is a bearer asset. Treat it like cash.
  • --metadata is a local parse. It can’t prove the token is unspent/valid.
  • If decode returns a partial token or nonsense, the messenger likely munged the variation selectors; ask for the token to be re-sent (often with some trailing normal text after the emoji token).

Files

  • src/emoji-encoder.ts: core encode/decode
  • bin/cashu-emoji.js: CLI wrapper
  • examples/: test vectors

Safety

This tool only encodes/decodes text. It does not spend funds.

Usage Guidance
This skill appears coherent: it decodes/encodes hidden text in emojis and only optionally uses @cashu/cashu-ts to parse token metadata locally. Before installing: 1) Be aware decoded cashu tokens are bearer assets—treat them like cash (don’t paste into public logs). 2) npm ci will fetch dependencies from the npm registry; review/verify @cashu/cashu-ts if you don’t trust that package. 3) Ensure your runtime Node version satisfies dependency engine constraints. If you want tighter containment, run the CLI in a sandboxed environment so decoded tokens cannot be accidentally transmitted by other software or services.
Capability Analysis
Type: OpenClaw Skill Name: cashu-emoji Version: 0.1.0 The core functionality of encoding and decoding text into emojis using Unicode variation selectors is benign. However, the `SKILL.md` (and `README.md`) contains 'Quickstart' instructions that, if interpreted and executed by an AI agent, pose a prompt injection vulnerability. Specifically, `git clone https://github.com/robwoodgate/cashu-emoji.git` and `npm ci` instruct the agent to perform external network operations and potentially execute arbitrary code (via `npm ci`'s lifecycle scripts), which are risky capabilities without clear malicious intent in the current context.
Capability Assessment
Purpose & Capability
Name/description match included code and CLI: encode/decode text in emoji variation selectors. The only declared dependency (@cashu/cashu-ts) is used solely to parse token metadata locally, which aligns with the described optional --metadata feature.
Instruction Scope
SKILL.md and the CLI instruct cloning, npm ci, and running the provided CLI. Runtime actions are limited to reading input (arg or stdin), encoding/decoding variation selector bytes, and optionally calling getTokenMetadata() from @cashu/cashu-ts. The README warns that decoded cashu tokens are bearer assets.
Install Mechanism
This is instruction-only for the agent (no platform install spec), but the Quickstart recommends running npm ci which will fetch packages from the npm registry (not an arbitrary URL). That network fetch is expected for a Node CLI that depends on @cashu/cashu-ts.
Credentials
No environment variables, no secrets, and no config paths are requested. The dependency list is reasonable for the stated functionality and is limited to crypto/token parsing libraries used only for local metadata parsing.
Persistence & Privilege
The skill does not request permanent presence (always: false) and does not modify other skills or system settings. Autonomous invocation is allowed by default (normal for skills) but not excessive here.
How to Use
  1. Make sure OpenClaw is installed (local or Docker)
  2. Run the install command in chat: /install cashu-emoji
  3. After installation, invoke the skill by name or use /cashu-emoji
  4. Provide required inputs per the skill's parameter spec and get structured output
Version History
v0.1.0
Initial release of cashu-emoji. - Encode Cashu tokens or any hidden message inside emojis using Unicode variation selectors. - Decode emoji messages to extract embedded Cashu tokens or plain hidden text. - Detect Cashu tokens (text starts with `cashu`) and provide optional mint/unit/amount metadata. - Supports structured JSON output for agent/programmatic use. - CLI includes encode and decode commands with metadata and formatting options. - Designed to help safely transmit hidden tokens/messages through chat apps.
Metadata
Slug cashu-emoji
Version 0.1.0
License
All-time Installs 1
Active Installs 1
Total Versions 1
Frequently Asked Questions

What is Cashu Emoji?

Encode and decode Cashu tokens that are hidden inside emojis using Unicode variation selectors. It is an AI Agent Skill for Claude Code / OpenClaw, with 693 downloads so far.

How do I install Cashu Emoji?

Run "/install cashu-emoji" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.

Is Cashu Emoji free?

Yes, Cashu Emoji is completely free (open-source). You can download, install and use it at no cost.

Which platforms does Cashu Emoji support?

Cashu Emoji is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).

Who created Cashu Emoji?

It is built and maintained by Rob Woodgate (@robwoodgate); the current version is v0.1.0.

More Skills
self-improving agent
Captures learnings, errors, and corrections to enable continuous improvement. Use when: (1) A command or operation fails unexpectedly, (2) User corrects Clau...
⬇ 463942 · by pskoett
Skill Vetter
Security-first skill vetting for AI agents. Use before installing any skill from ClawdHub, GitHub, or other sources. Checks for red flags, permission scope, and suspicious patterns.
⬇ 259883 · by spclaudehome
Polymarket
Query Polymarket prediction markets. Check odds, find trending markets, search events, track price movements.
⬇ 232503 · by joelchance
Self-Improving + Proactive Agent
Self-reflection + Self-criticism + Self-learning + Self-organizing memory. Agent evaluates its own work, catches mistakes, and improves permanently. Use when...
⬇ 200739 · by ivangdavila
Github
Interact with GitHub using the `gh` CLI. Use `gh issue`, `gh pr`, `gh run`, and `gh api` for issues, PRs, CI runs, and advanced queries.
⬇ 191401 · by steipete
ontology
Typed knowledge graph for structured agent memory and composable skills. Use when creating/querying entities (Person, Project, Task, Event, Document), linkin...
⬇ 190375 · by oswalpalash

💬 Comments