← Back to Skills Marketplace
mlegls

Make Git Escrow

by 疒奀 · GitHub ↗ · v1.0.0 · MIT-0
cross-platform ⚠ suspicious
269
Downloads
0
Stars
0
Active Installs
1
Versions
Install in OpenClaw
/install make-git-escrow
Description
Create a new git escrow bounty for a test suite. Use when the user wants to submit a challenge with escrowed token rewards for passing a failing test suite....
README (SKILL.md)

Make Git Escrow

You are automating the creation of a git escrow bounty via the git-escrows submit CLI command. This locks ERC20 tokens in escrow as a bounty for someone who can make a failing test suite pass.

Step 1: Check CLI availability

Run git-escrows --help to verify the CLI is installed. If it fails, try npx git-escrows --help or bunx git-escrows --help. Use whichever works for all subsequent commands. If none work, tell the user to install with npm i -g git-escrows.

Step 2: Check .env configuration

Check if a .env file exists in the current directory. If not, tell the user they need one and suggest running:

git-escrows new-client --privateKey "0x..." --network "sepolia"

Verify it contains at least PRIVATE_KEY and NETWORK (or defaults to anvil). For base-sepolia and sepolia networks, contract addresses are auto-configured.

Step 3: Gather parameters

You need all of these to run the submit command:

  1. --tests-repo (required): Git repository URL containing the failing test suite.

    • If the user provided a URL as an argument, use that.
    • Otherwise, check if the current directory is a git repo and offer to use its remote URL.
    • Ask the user if neither is available.

  2. --tests-commit (required): The commit hash of the test suite.

    • If using the current repo, detect HEAD with git rev-parse HEAD.
    • Otherwise ask the user.

  3. --reward (required): Amount of tokens to escrow, in wei.

    • Ask the user. Help them convert if they give a human-readable amount (e.g., "1 USDC" = "1000000" for 6-decimal tokens, "1 ETH worth" = "1000000000000000000" for 18-decimal tokens).

  4. --oracle (required): The Ethereum address of the oracle that will arbitrate.

    • Ask the user. Mention the public demo oracle on Sepolia: 0xc5c132B69f57dAAAb75d9ebA86cab504b272Ccbc.

  5. --arbiter (required): The arbiter contract address.

    • Ask the user. This is typically the TrustedOracleArbiter contract on their network.

  6. --token (required): The ERC20 token contract address for the reward.

    • Ask the user.

Ask for any missing parameters, grouping related questions together when possible to minimize back-and-forth.

Step 4: Execute

Run the submit command with all gathered parameters:

git-escrows submit \
  --tests-repo "\x3Crepo-url>" \
  --tests-commit "\x3Ccommit-hash>" \
  --reward "\x3Camount>" \
  --arbiter "\x3Caddress>" \
  --oracle "\x3Caddress>" \
  --token "\x3Caddress>"

Step 5: Report results

After successful execution:

  • Report the Escrow UID prominently
  • Show the full escrow details (attester, recipient, schema, reward, token, oracle)
  • Provide the fulfill command that a solver would use: 
    git-escrows fulfill --escrow-uid \x3CUID> --solution-repo "\x3Curl>" --solution-commit "\x3Chash>"
  • Mention they can track status with: git-escrows list --status open

If the command fails, help diagnose the issue (insufficient balance, wrong network, missing approval, etc.).

Usage Guidance
This skill appears to do what it claims (create an on-chain git escrow), but it requires your PRIVATE_KEY — a highly sensitive credential. Before installing or running it: 1) Do NOT paste your main/private keys directly on command lines (they go into shell history and process listings). Prefer environment variables set securely, locked keystores, or a hardware wallet / signer that the CLI can use without exposing raw private keys. 2) Use an account with only the funds needed for the escrow (ephemeral or testnet account) rather than your main wallet. 3) Inspect the git-escrows npm package source (or the project's GitHub) to verify behavior before running it. 4) Keep the .env file access-restricted and delete or rotate any private key stored there after use. 5) If you allow autonomous agent invocation, require explicit, per-transaction confirmations so the agent cannot sign and submit transactions without your approval. If you cannot follow these precautions, avoid supplying a private key to this skill.
Capability Analysis
Type: OpenClaw Skill Name: make-git-escrow Version: 1.0.0 The skill automates blockchain escrow creation using the `git-escrows` CLI, requiring the agent to access and potentially manage a `PRIVATE_KEY` within a `.env` file. It is classified as suspicious due to the high-risk nature of an AI agent handling sensitive private keys and the potential for shell injection vulnerabilities in `SKILL.md`, where user-provided parameters (e.g., repo URLs, reward amounts) are passed directly into bash commands without explicit sanitization instructions. The skill relies on an external tool and repository (https://github.com/arkhai-io/git-commit-trading) for its core logic.
Capability Assessment
Purpose & Capability
The skill's name/description (create a git escrow bounty) aligns with its declared needs: the git-escrows CLI, git, a .env containing a PRIVATE_KEY, and network access to an Ethereum RPC. Requiring a signing key is consistent with submitting a transaction to lock tokens in escrow.
Instruction Scope
Instructions stay within the stated task (checking CLI, reading .env for PRIVATE_KEY and NETWORK, gathering git repo/commit, running git-escrows submit). However, the SKILL.md explicitly suggests providing a raw private key on the CLI (git-escrows new-client --privateKey "0x..."), which is insecure (exposes secrets to shell history, process lists, and logs). The skill also directs reading .env in the working directory; that file may contain other secrets but the instructions only reference PRIVATE_KEY and NETWORK. No instructions appear to exfiltrate data to unrelated endpoints, but the private-key handling guidance is risky.
Install Mechanism
This is an instruction-only skill with no install spec or bundled code — the lowest install risk. The only install hint is recommending the public npm package git-escrows (npm i -g git-escrows), which is reasonable. There are no downloaded archives or third-party install URLs in the skill itself.
Credentials
Requesting a PRIVATE_KEY is proportionate to submitting on-chain escrows, but PRIVATE_KEY is extremely high-privilege (it can sign transactions and move tokens). The skill also expects a .env file. The small set of requested credentials is coherent, but users must understand that supplying this key grants the tool/agent the ability to spend funds from that account. The skill's advice to pass the key on the command line increases exposure risk.
Persistence & Privilege
The skill is not always-enabled and is user-invocable (normal). However, because it requires the PRIVATE_KEY, allowing autonomous invocation (the platform default) would increase the blast radius: an agent with this skill and access to the key could autonomously submit transactions. The skill itself does not request persistent modification of other skills or system-wide settings.
How to Use
  1. Make sure OpenClaw is installed (local or Docker)
  2. Run the install command in chat: /install make-git-escrow
  3. After installation, invoke the skill by name or use /make-git-escrow
  4. Provide required inputs per the skill's parameter spec and get structured output
Version History
v1.0.0
- Initial release of make-git-escrow. - Automates creation of a git escrow bounty for a test suite using the git-escrows CLI. - Guides users to verify dependencies and .env configuration. - Interactively collects required parameters: repository URL, commit hash, reward amount, oracle & arbiter addresses, and ERC20 token contract. - Executes the escrow submission and clearly reports the results, including Escrow UID and next steps. - Provides troubleshooting help if any command fails.
Metadata
Slug make-git-escrow
Version 1.0.0
License MIT-0
All-time Installs 0
Active Installs 0
Total Versions 1
Frequently Asked Questions

What is Make Git Escrow?

Create a new git escrow bounty for a test suite. Use when the user wants to submit a challenge with escrowed token rewards for passing a failing test suite.... It is an AI Agent Skill for Claude Code / OpenClaw, with 269 downloads so far.

How do I install Make Git Escrow?

Run "/install make-git-escrow" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.

Is Make Git Escrow free?

Yes, Make Git Escrow is completely free, licensed under MIT-0. You can download, install and use it at no cost.

Which platforms does Make Git Escrow support?

Make Git Escrow is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).

Who created Make Git Escrow?

It is built and maintained by 疒奀 (@mlegls); the current version is v1.0.0.

More Skills
self-improving agent
Captures learnings, errors, and corrections to enable continuous improvement. Use when: (1) A command or operation fails unexpectedly, (2) User corrects Clau...
⬇ 463283 · by pskoett
Skill Vetter
Security-first skill vetting for AI agents. Use before installing any skill from ClawdHub, GitHub, or other sources. Checks for red flags, permission scope, and suspicious patterns.
⬇ 259410 · by spclaudehome
Polymarket
Query Polymarket prediction markets. Check odds, find trending markets, search events, track price movements.
⬇ 232503 · by joelchance
Self-Improving + Proactive Agent
Self-reflection + Self-criticism + Self-learning + Self-organizing memory. Agent evaluates its own work, catches mistakes, and improves permanently. Use when...
⬇ 200423 · by ivangdavila
Github
Interact with GitHub using the `gh` CLI. Use `gh issue`, `gh pr`, `gh run`, and `gh api` for issues, PRs, CI runs, and advanced queries.
⬇ 191113 · by steipete
ontology
Typed knowledge graph for structured agent memory and composable skills. Use when creating/querying entities (Person, Project, Task, Event, Document), linkin...
⬇ 190156 · by oswalpalash

💬 Comments