← Back to Skills Marketplace
ZKGov
by
Blockchain Oracle
· GitHub ↗
· v0.0.3
· MIT-0
100
Downloads
0
Stars
0
Active Installs
1
Versions
Install in OpenClaw
/install zkgov
Description
Anonymous governance on HashKey Chain using zero-knowledge proofs. Query proposals, check voter status, register, create proposals, vote anonymously with ZK...
Usage Guidance
This skill appears to do what it says (interact with ZKGov CLI to query and vote on a HashKey Chain testnet) but there are important practical and safety details missing from the registry metadata. Before installing or letting an agent use this skill: 1) Treat the wallet behavior as sensitive — the agent will generate and store a private key at ~/.zkgov/config.json unless you supply ZKGOV_PRIVATE_KEY; do not allow it to generate keys if you don't want a secret created. 2) Verify the npm packages (@zkgov/cli and @zkgov/mcp): check their npm pages, source repos, maintainers, and recent publication history; prefer inspecting code or using a wallet you control. 3) Expect the agent to be able to send on‑chain transactions (gas costs, even on testnet) — require user confirmation for any write action. 4) Ask the publisher/maintainer for explicit metadata updates (declare ZKGOV_PRIVATE_KEY and the ~/.zkgov/config.json path, provide package repository URLs and checksums). If the registry metadata is corrected and the npm packages are auditable/trusted (or you provide your own key), my concerns would be significantly reduced.
Capability Analysis
Type: OpenClaw Skill
Name: zkgov
Version: 0.0.3
The 'zkgov' skill provides a legitimate interface for anonymous blockchain governance on the HashKey Chain testnet using Semaphore ZK proofs. It defines standard MCP tools and CLI commands (e.g., `zkgov-vote`, `zkgov-register`) for interacting with a specific smart contract (0xEa625841E031758786141c8b13dD1b1137C9776C). The instructions in SKILL.md are well-structured, align with the stated purpose, and do not contain any indicators of malicious intent, data exfiltration, or prompt injection.
Capability Tags
Capability Assessment
Purpose & Capability
The name and description (ZKGov anonymous voting on HashKey Chain) match the CLI commands and read/write operations described. Requesting an npm CLI and an MCP helper is consistent with the claimed functionality. However, the registry metadata omits some practical requirements present in SKILL.md (see env/config mismatches below).
Instruction Scope
SKILL.md instructs the agent to run external CLI tools (npx/@zkgov/mcp and @zkgov/cli) and to perform write operations that generate and persist a wallet (~/.zkgov/config.json). It also references an environment variable override (ZKGOV_PRIVATE_KEY) and instructs the agent to perform on‑chain transactions. These behaviors are within the stated domain but expand the agent's scope (creating/storing a private key and sending transactions) and are not declared in the skill metadata.
Install Mechanism
There is no declared install spec in the registry, but SKILL.md tells users/agents to install packages from npm (npx @zkgov/mcp and npm install -g @zkgov/cli). Installing third‑party npm packages is a reasonable delivery mechanism for a CLI, but it is higher risk than an instruction-only read tool because it pulls code from the public registry. The skill does not provide package source/repos or checksums to verify provenance.
Credentials
SKILL.md references an override env var (ZKGOV_PRIVATE_KEY) and a persistent config path (~/.zkgov/config.json) for storing private keys, but the registry metadata lists no required env vars or config paths. The agent will either generate a private key and store it locally (sensitive persistent secret) or accept a user private key from an env var. Requesting or creating private keys is intrinsic to write operations here, but the metadata omission is an incoherence and a sensitive capability that should be explicit.
Persistence & Privilege
The skill instructs creating a persistent wallet file in the user's home directory and derives both the EVM account and ZK identity from the same private key; this is a lasting side effect. The skill is not marked always:true, but it does enable the agent to perform autonomous write actions (transactions) if invoked — that increases impact if the agent is allowed to act without explicit confirmation. The registry did not declare the config path, which is a persistence/privilege mismatch.
How to Use
- Make sure OpenClaw is installed (local or Docker)
- Run the install command in chat:
/install zkgov - After installation, invoke the skill by name or use
/zkgov - Provide required inputs per the skill's parameter spec and get structured output
Version History
v0.0.3
- Added detailed documentation for ZKGov skill, covering usage, workflow, and error handling.
- Clarified when to use or avoid the skill, with specific on-chain governance scenarios.
- Outlined tool priority: MCP tools preferred, CLI as fallback, always use `--json`.
- Included step-by-step governance workflow and CLI flag examples.
- Listed all available read/write tools with their functions.
- Provided key technical facts about the platform and contract.
Metadata
Frequently Asked Questions
What is ZKGov?
Anonymous governance on HashKey Chain using zero-knowledge proofs. Query proposals, check voter status, register, create proposals, vote anonymously with ZK... It is an AI Agent Skill for Claude Code / OpenClaw, with 100 downloads so far.
How do I install ZKGov?
Run "/install zkgov" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.
Is ZKGov free?
Yes, ZKGov is completely free, licensed under MIT-0. You can download, install and use it at no cost.
Which platforms does ZKGov support?
ZKGov is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).
Who created ZKGov?
It is built and maintained by Blockchain Oracle (@blockchain-oracle); the current version is v0.0.3.
More Skills