← Back to Skills Marketplace
scottcjn

ClawRTC

by AutoJanitor · GitHub ↗ · v1.5.0
cross-platform ⚠ suspicious
777
Downloads
9
Stars
2
Active Installs
4
Versions
Install in OpenClaw
/install clawrtc
Description
Mine RustChain RTC tokens on real x86/ARM or vintage hardware by proving physical device control with ClawRTC mining client.
README (SKILL.md)

ClawRTC\r

\r Mine RTC tokens with your AI agent using Proof-of-Antiquity consensus.\r \r

What It Does\r

\r

  • One-command setup: pip install clawrtc && clawrtc install --wallet my-agent\r
  • Hardware fingerprinting: 6 cryptographic checks prove your machine is real (clock drift, cache timing, SIMD identity, thermal entropy, instruction jitter, anti-emulation)\r
  • Automatic attestation: Attests to the RustChain network every few minutes\r
  • Per-epoch rewards: RTC tokens accumulate in your wallet each epoch (~10 minutes)\r
  • VM detection: Virtual machines are detected and receive effectively zero rewards\r \r

Security\r

\r

  • No post-install telemetry — no network calls during pip install\r
  • TLS verification enabled — all RustChain API calls verify SSL certificates (CA-signed)\r
  • Bundled code only — all miner scripts ship with the package, no external downloads\r
  • Consent required — interactive approval prompt before installation\r
  • Dry-run modeclawrtc install --dry-run previews without installing\r
  • Hash verificationclawrtc install --verify shows SHA256 of all bundled files\r
  • Clean uninstallclawrtc uninstall removes all files, services, and configs\r
  • No background service by default — must explicitly pass --service to enable\r
  • Source available — full source at https://github.com/Scottcjn/Rustchain (MIT)\r \r

What Data Is Sent\r

\r During attestation (when mining), the following is sent to the RustChain node:\r \r

  • CPU model name and architecture (e.g. "AMD Ryzen 5", "x86_64")\r
  • Clock timing variance (proves real oscillator)\r
  • Cache latency profile (proves real L1/L2/L3 hierarchy)\r
  • VM detection flags (hypervisor yes/no)\r
  • Wallet name (your chosen identifier)\r \r NOT sent: file contents, browsing history, credentials, IP geolocation, personal data.\r \r

Install\r

\r

pip install clawrtc\r
```\r
\r
## Usage\r
\r
```bash\r
# Install miner + configure wallet\r
clawrtc install --wallet my-agent\r
\r
# Start mining (foreground)\r
clawrtc start\r
\r
# Check status\r
clawrtc status\r
\r
# View logs\r
clawrtc logs\r
\r
# Stop mining\r
clawrtc stop\r
\r
# Clean uninstall\r
clawrtc uninstall\r
```\r
\r
## Multipliers\r
\r
| Hardware | Multiplier |\r
|----------|-----------|\r
| Modern x86/ARM | 1.0x |\r
| Apple Silicon (M1-M3) | 1.2x |\r
| PowerPC G5 | 2.0x |\r
| PowerPC G4 | 2.5x |\r
| VM/Emulator | ~0x (detected and penalized) |\r
\r
## Coinbase Wallet (v1.5.0)\r
\r
```bash\r
# Create a Coinbase Base wallet\r
pip install clawrtc[coinbase]\r
clawrtc wallet coinbase create\r
\r
# Show wallet info\r
clawrtc wallet coinbase show\r
\r
# Link existing Base address\r
clawrtc wallet coinbase link 0xYourBaseAddress\r
\r
# USDC → wRTC swap guide\r
clawrtc wallet coinbase swap-info\r
```\r
\r
Requires CDP credentials from [portal.cdp.coinbase.com](https://portal.cdp.coinbase.com) for auto-creation. Manual linking works without credentials.\r
\r
## Links\r
\r
- Source: https://github.com/Scottcjn/Rustchain\r
- PyPI: https://pypi.org/project/clawrtc/\r
- npm: https://www.npmjs.com/package/clawrtc\r
- Block Explorer: https://rustchain.org/explorer\r
- Agent Wallets: https://rustchain.org/wallets.html\r
- RustChain: https://rustchain.org\r
- BoTTube: https://bottube.ai\r
Usage Guidance
This package contains genuine miner code, but be cautious before installing. Things to check: 1) The coinbase auto-create path expects CDP_API_KEY_NAME and CDP_API_KEY_PRIVATE_KEY environment variables (sensitive private key material) yet the skill metadata does not declare them — do not set private keys unless you trust the maintainer. 2) The runtime attestation transmits MAC addresses, hostname and fingerprint samples (potentially identifying); SKILL.md understates what is sent. If you care about privacy, run in an isolated test machine (not your primary machine) and use the --dry-run and --verify options first. 3) Verify the node endpoints (NODE_URL) and repository sources independently — node hostnames/IPs in README/skill differ and may be untrusted. 4) Inspect ~/.clawrtc after installation and avoid enabling background service unless you accept persistent miner behavior. 5) Prefer installing from a verified source (official PyPI page or a cryptographically signed release on GitHub) and review the maintainer identity/contact. If you want to proceed, consider using a sacrificial/air-gapped or VM host (not one with sensitive data) and do not export private keys into environment variables unless you fully trust the code and operator.
Capability Analysis
Type: OpenClaw Skill Name: clawrtc Version: 1.5.0 The skill is classified as suspicious due to a critical shell injection vulnerability. The `wallet` parameter, which accepts user input, is directly embedded into shell commands used to configure systemd and launchd services in `clawrtc/cli.py` (e.g., `ExecStart={python_bin} {miner_py} --wallet {wallet}`). An attacker providing a malicious wallet name (e.g., `my-agent; rm -rf /`) could achieve arbitrary command execution when the service is started or reloaded. While the skill's stated purpose and data collection practices are transparent, this vulnerability poses a significant security risk. Anonymous telemetry is sent to `https://bottube.ai/api/telemetry/install` during installation, which is a minor discrepancy with the documentation's claim of 'No post-install telemetry', but it does not involve PII or sensitive data exfiltration.
Capability Assessment
Purpose & Capability
The code implements a RustChain miner and hardware-fingerprint checks which match the skill description, so purpose and capability mostly align. However the optional Coinbase integration expects CDP API credentials via environment variables (CDP_API_KEY_NAME, CDP_API_KEY_PRIVATE_KEY) but the registry metadata lists no required env vars or primary credential. Also multiple repository/explorer URLs in README/SKILL.md differ (hostname, IP, bottube.ai), and the package owner/registry homepage is blank — these metadata mismatches reduce trust.
Instruction Scope
SKILL.md describes the attestation payload as limited (CPU model, clock variance, cache profile, VM flags, wallet name). The actual miner attestation transmits MAC addresses, hostname, fingerprint_data (including sample previews / entropy stats) and device fields — more identifying information than the SKILL.md explicitly lists. The CLI and miner read many system paths and run commands (lscpu, ip/ifconfig, free, /proc files, sysctl), which is expected for hardware fingerprinting but broader than the simple summary in the docs. The coinbase flow requires environment secrets (checked at runtime) that were not declared in registry metadata.
Install Mechanism
This is an instruction-and-package distribution intended to be installed via pip (no additional install spec in registry). There are no external downloads at runtime claimed; bundled miner scripts are installed from the package. That is proportionate for a Python miner. The miner does perform network calls to a node URL (bulbous-bouffant.metalseed.net) during operation; there is no code-obfuscation or remote archive extraction in the package itself.
Credentials
The package does not declare required environment variables in the registry, yet coinbase_wallet.py reads CDP_API_KEY_NAME and CDP_API_KEY_PRIVATE_KEY for auto wallet creation. The miner also reads standard environment keys to detect containerization (KUBERNETES, DOCKER, VIRTUAL) and writes wallet/config files to ~/.clawrtc. Asking for CDP private key material is sensitive and should be declared explicitly; omission is a red flag.
Persistence & Privilege
The tool creates a directory in the user's home (~/.clawrtc), a Python venv, saves wallet and coinbase files, and (per README/CLI hints) can create a user background service if requested. 'always' is false and autonomous invocation is default platform behavior. This level of persistence and privilege is expected for a miner but the user should be aware files and services will be added to their home directory and optionally a user service manager.
How to Use
  1. Make sure OpenClaw is installed (local or Docker)
  2. Run the install command in chat: /install clawrtc
  3. After installation, invoke the skill by name or use /clawrtc
  4. Provide required inputs per the skill's parameter spec and get structured output
Version History
v1.5.0
Added Coinbase Agentic Wallet integration (create, show, link, swap-info), x402 payment protocol support, Base chain wRTC token awareness
v1.4.0
v1.4.0: Added Ed25519 wallet generation (create/show/export subcommands)
v1.3.1
Security documentation update, no-telemetry guarantees
v1.3.0
- Added comprehensive SKILL.md documentation detailing commands, functionality, security features, and hardware multipliers. - Clearly described how ClawRTC allows AI agents to mine RTC tokens on real hardware, including requirements and supported platforms. - Listed all CLI commands with descriptions and new audit/security options (e.g., --dry-run, --verify). - Provided explicit details on Proof of Antiquity rewards for vintage hardware. - Outlined enhanced security practices, including code bundling, TLS, and consent/audit features. - Added links to key resources: GitHub, PyPI, token explorer, and bridge/trade platform.
Metadata
Slug clawrtc
Version 1.5.0
License
All-time Installs 2
Active Installs 2
Total Versions 4
Frequently Asked Questions

What is ClawRTC?

Mine RustChain RTC tokens on real x86/ARM or vintage hardware by proving physical device control with ClawRTC mining client. It is an AI Agent Skill for Claude Code / OpenClaw, with 777 downloads so far.

How do I install ClawRTC?

Run "/install clawrtc" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.

Is ClawRTC free?

Yes, ClawRTC is completely free (open-source). You can download, install and use it at no cost.

Which platforms does ClawRTC support?

ClawRTC is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).

Who created ClawRTC?

It is built and maintained by AutoJanitor (@scottcjn); the current version is v1.5.0.

More Skills
self-improving agent
Captures learnings, errors, and corrections to enable continuous improvement. Use when: (1) A command or operation fails unexpectedly, (2) User corrects Clau...
⬇ 463283 · by pskoett
Skill Vetter
Security-first skill vetting for AI agents. Use before installing any skill from ClawdHub, GitHub, or other sources. Checks for red flags, permission scope, and suspicious patterns.
⬇ 259410 · by spclaudehome
Polymarket
Query Polymarket prediction markets. Check odds, find trending markets, search events, track price movements.
⬇ 232503 · by joelchance
Self-Improving + Proactive Agent
Self-reflection + Self-criticism + Self-learning + Self-organizing memory. Agent evaluates its own work, catches mistakes, and improves permanently. Use when...
⬇ 200423 · by ivangdavila
Github
Interact with GitHub using the `gh` CLI. Use `gh issue`, `gh pr`, `gh run`, and `gh api` for issues, PRs, CI runs, and advanced queries.
⬇ 191113 · by steipete
ontology
Typed knowledge graph for structured agent memory and composable skills. Use when creating/querying entities (Person, Project, Task, Event, Document), linkin...
⬇ 190156 · by oswalpalash

💬 Comments