← 返回 Skills 市场

Find Trusted On-Chain Agents

Name: Find Trusted On-Chain Agents
Author: 8k4-dev

作者 8k4-dev · GitHub ↗ · v1.0.1 · MIT-0

cross-platform ✓ 安全检测通过

163

总下载

当前安装

版本数

在 OpenClaw 中安装

/install 8k4

功能描述

Trust scoring, agent discovery, profiling, wallet/identity lookup, contact, dispatch, and metadata reads/writes via 8K4 Protocol (ERC-8004). Use when checkin...

使用说明 (SKILL.md)

8K4 Protocol

Base URL: https://api.8k4protocol.com
Chains: eth, base, bsc
Default envs:
- EIGHTK4_API_KEY
- EIGHTK4_DEFAULT_CHAIN (optional)

Rules that matter

Treat trust_tier as the verdict.
Treat score and score_tier as supporting context, not the headline, when they conflict with trust_tier.
Prefer /score/explain for user-facing trust checks.
In search and card responses, treat the top-level trust block as authoritative over segments or ranking rationale.
Start search strict. If it returns [], retry with softer filters and say what you relaxed.
If results are weak (not_contactable, inactive, null profile fields), say so plainly instead of overselling them.
Do not auto-pay x402 endpoints without user confirmation.

Core workflows

1) Check trust

Use /score/explain first for “can I trust this agent?” style questions.

curl -s -H "X-API-Key: $EIGHTK4_API_KEY" \
  "https://api.8k4protocol.com/agents/{agent_id}/score/explain?chain=eth"

Use /score for a compact read.

curl -s -H "X-API-Key: $EIGHTK4_API_KEY" \
  "https://api.8k4protocol.com/agents/{agent_id}/score?chain=eth"

2) Find agents

Start strict:

curl -s -H "X-API-Key: $EIGHTK4_API_KEY" \
  "https://api.8k4protocol.com/agents/search?q=python+api+developer&chain=base&contactable=true&min_score=60&limit=10"

If empty, relax in this order:

remove contactable=true
remove min_score

When summarizing results, lead with:

trust.trust_tier
trust.confidence
segments.reachability
segments.readiness
profile completeness

Use /agents/top only when the user wants best/top agents without task context.

3) Profile an agent

curl -s -H "X-API-Key: $EIGHTK4_API_KEY" \
  "https://api.8k4protocol.com/agents/{agent_id}/card?chain=base&q=optional+task+context"

Useful follow-ups:

curl -s -H "X-API-Key: $EIGHTK4_API_KEY" \
  "https://api.8k4protocol.com/agents/{agent_id}/validations?chain=base&limit=10"

curl -s -H "X-API-Key: $EIGHTK4_API_KEY" \
  "https://api.8k4protocol.com/wallet/{wallet}/agents?chain=eth"

curl -s -H "X-API-Key: $EIGHTK4_API_KEY" \
  "https://api.8k4protocol.com/wallet/{wallet}/score?chain=eth"

curl -s -H "X-API-Key: $EIGHTK4_API_KEY" \
  "https://api.8k4protocol.com/identity/{global_id}"

4) Contact / dispatch

Use only when the user explicitly wants live routing. Use dry_run for preview.

curl -s -X POST -H "X-API-Key: $EIGHTK4_API_KEY" \
  -H "Content-Type: application/json" \
  -d '{"task": "Review this smart contract", "chain": "base", "send": true}' \
  "https://api.8k4protocol.com/agents/{agent_id}/contact"

curl -s -X POST -H "X-API-Key: $EIGHTK4_API_KEY" \
  -H "Content-Type: application/json" \
  -d '{"task": "Audit token contract 0xABC...", "max": 3, "chain": "base", "send": true}' \
  "https://api.8k4protocol.com/agents/dispatch"

5) Metadata

Reads are public:

curl -s "https://api.8k4protocol.com/agents/{agent_id}/metadata.json?chain=base"
curl -s "https://api.8k4protocol.com/metadata/{chain}/{agent_id}.json"

Writes require explicit user approval:

# 1) Compute canonical metadata JSON and its 0x-prefixed SHA-256 content hash

# 2) Request a nonce + message to sign
curl -s -X POST -H "X-API-Key: $EIGHTK4_API_KEY" \
  "https://api.8k4protocol.com/metadata/nonce?agent_id={agent_id}&chain=base&content_hash=0x..."

# 3) Sign the returned message, then upload the signed payload
curl -s -X POST -H "X-API-Key: $EIGHTK4_API_KEY" \
  -H "Content-Type: application/json" \
  -d '{"chain":"base","wallet":"0x...","metadata":{...},"content_hash":"0x...","signature":"0x...","nonce":"...","expires_at":1709506200}' \
  "https://api.8k4protocol.com/agents/{agent_id}/metadata"

Access summary

Public: health, stats, stats/public, agents/top (≤25), metadata reads
Free IP / key: search, card
Key: score, score/explain, contact, dispatch, keys/info
x402: validations, wallet/identity lookups, metadata writes

If you hit 402, use references/ACCESS.md. If you need exact response shapes, use references/ENDPOINTS.md. If you need score interpretation, use references/SCORING.md. If the task involves live send/write or x402 payment, check references/SAFETY.md.

Links

API docs: https://api.8k4protocol.com/docs
Website: https://8k4protocol.com
GitHub: https://github.com/8k4-Protocol

安全使用建议

This skill appears coherent and limited to calling the 8K4 Protocol API using curl and your EIGHTK4_API_KEY. Before installing: (1) Confirm you trust api.8k4protocol.com and the publisher (the skill's source is unknown in the registry metadata). (2) Keep your EIGHTK4_API_KEY secret — the script passes it as an X-API-Key header and does not print it, but any network request will expose it to the API. (3) Be careful with contact/dispatch/metadata commands: they are live-by-default (use --dry-run to preview). (4) Paid (x402) endpoints can trigger payment challenges — the skill documents this and instructs not to auto-pay. (5) If you need stronger assurance, verify the provider's website/API docs and rotate any API key after testing. If you want tighter safety, restrict the skill to read-only use (search/card/score/explain) and avoid commands that send or write without explicit confirmation.

功能分析

Type: OpenClaw Skill Name: 8k4 Version: 1.0.1 The skill bundle provides a legitimate interface for interacting with the 8K4 Protocol API (api.8k4protocol.com) to perform agent discovery, trust scoring, and metadata management. The core logic in scripts/8k4.sh is a straightforward curl wrapper, and the documentation (SAFETY.md, SCORING.md) includes explicit safety guidelines requiring user confirmation for sensitive actions like payments or metadata writes. No evidence of data exfiltration, malicious execution, or harmful prompt injection was found.

能力评估

✓ Purpose & Capability

Name/description (agent discovery, trust scoring, contact, metadata) match the required pieces: curl and EIGHTK4_API_KEY. No unrelated credentials, binaries, or config paths are requested.

ℹ Instruction Scope

SKILL.md and the shell wrapper limit actions to the 8K4 API (reads, paid reads, contact/dispatch, metadata writes). The skill explicitly warns about paid (x402) routes and about confirmation for writes. One operational note: contact/dispatch are live-by-default (DRY_RUN=false unless passed), which is consistent with the docs but important to surface to users so the agent does not send live requests accidentally.

✓ Install Mechanism

Instruction-only skill with a small included bash wrapper; no install steps, no downloads, and no archived/executable code pulled from external URLs.

✓ Credentials

Only EIGHTK4_API_KEY (and optional EIGHTK4_DEFAULT_CHAIN) are required; those are appropriate for the listed API interactions. No excess secrets or unrelated env vars requested.

✓ Persistence & Privilege

always:false and default autonomous invocation behavior. The skill does not request persistent system-wide changes or access to other skills' configs.

如何使用

确保已安装 OpenClaw（本地或 Docker 部署）
在对话框中输入安装命令：/install 8k4
安装完成后，直接呼叫该 Skill 的名称或使用 /8k4 触发
根据 Skill 的参数说明提供必要输入，即可获得结构化输出

版本历史

v1.0.1

Align the 8k4 skill with the latest API contract: fix helper script drift, update metadata flow docs, and refresh access/safety guidance.

v1.0.0

Initial public release: trust checks, agent discovery, profile/card lookup, wallet and identity lookup, validations via x402, public metadata reads, and contact/dispatch workflows for ERC-8004 agents

元数据

Slug 8k4

版本 1.0.1

许可证 MIT-0

累计安装 0

当前安装数 0

历史版本数 2

常见问题