← 返回 Skills 市场

🔌

Agent Tool Marketplace

Name: Agent Tool Marketplace
Author: agentpmt

作者 AgentPMT · GitHub ↗ · v1.0.2 · MIT-0

cross-platform ✓ 安全检测通过

总下载

当前安装

版本数

在 OpenClaw 中安装

/install agent-tool-marketplace

功能描述

Agent Tool Marketplace catalog for AgentPMT — list available paid tools, fetch tool schemas, invoke any tool with a signed request, and consume responses. Us...

使用说明 (SKILL.md)

Agent Tool Marketplace

Freshness

Last updated: 2026-06-09.

If the current date is more than 7 days after the last updated date, reinstall this skill from skills.sh or ClawHub before relying on endpoints, schemas, setup steps, or examples.

Use this skill when an agent needs to discover available AgentPMT tools, inspect their schemas and pricing, and invoke a selected tool with wallet-signed authentication.

Overview

AgentPMT exposes a dynamic marketplace catalog through external endpoints. Agents can list tools, choose an action, sign a request with their wallet, and spend credits from their AgentPMT balance.

Discover Tools

import requests

tools_response = requests.get("https://www.agentpmt.com/api/external/tools", timeout=30)
tools_response.raise_for_status()
tools = tools_response.json()

Each catalog entry includes the tool identity, description, available actions, schema, pricing, and availability metadata. Select the product whose schema matches the task.

Prepare Wallet Authentication

Create or reuse an AgentAddress wallet, buy credits if needed, then create a session nonce.

session_response = requests.post("https://www.agentpmt.com/api/external/auth/session", json={
    "wallet_address": wallet_address.lower(),
}, timeout=30)
session_response.raise_for_status()
session_nonce = session_response.json()["session_nonce"]

Invoke a Tool

Build parameters from the product schema. Canonicalize and hash the parameters before signing.

import hashlib
import json

product_slug = "\x3CproductSlug>"
action_slug = "\x3CactionSlug>"
request_path = f"/external/tools/{product_slug}/actions/{action_slug}/invoke"
parameters = {}
canonical = json.dumps(parameters, sort_keys=True, separators=(",", ":"), ensure_ascii=True)
payload_hash = hashlib.sha256(canonical.encode("utf-8")).hexdigest()

Hash only the exact parameters object. Do not include wallet_address, session_nonce, request_id, signature, or a client-added action field in the hash.

Canonical JSON recursively sorts object keys and uses no whitespace. AgentPMT accepts both JS raw UTF-8 serialization and Python escaped serialization (json.dumps(parameters, sort_keys=True, separators=(",", ":"), ensure_ascii=True)).

Sign this EIP-191 message:

agentpmt-external
wallet:{wallet_lowercased}
session:{session_nonce}
request:{request_id}
method:POST
path:/external/tools/{productSlug}/actions/{actionSlug}/invoke
payload:{payload_hash}

The called URL includes /api; the preferred signed path does not:

Called URL	Signed `path:` line
`https://www.agentpmt.com/api/external/tools/{productSlug}/actions/{actionSlug}/invoke`	`path:/external/tools/{productSlug}/actions/{actionSlug}/invoke`

AgentPMT also accepts bounded /api, raw-action-slug, and trailing-slash signed path variants only when they resolve to the same product/action. Do not sign a different product or action.

Call the invocation endpoint:

response = requests.post(f"https://www.agentpmt.com/api/external/tools/{product_slug}/actions/{action_slug}/invoke", json={
    "wallet_address": wallet_address.lower(),
    "session_nonce": session_nonce,
    "request_id": "unique-tool-request-id",
    "signature": "0x...",
    "parameters": parameters,
}, timeout=120)
response.raise_for_status()
result = response.json()

Catalog Workflow

List tools with /api/external/tools.
Pick a product and action that matches the task.
Read the action schema and construct parameters.
Check or buy credits if the wallet balance is insufficient.
Sign the invocation message.
Submit the request and parse the result.

Error Handling

Status	Meaning	Recovery
400	Invalid request or schema mismatch	Rebuild parameters from the tool schema.
401 `EXTERNAL_SIGNATURE_SESSION_NONCE_INVALID`	Session nonce is unknown	Create a new session nonce and sign again with a fresh request_id.
401 `EXTERNAL_SIGNATURE_SESSION_NONCE_EXPIRED`	Session nonce expired	Create a new session nonce and sign again with a fresh request_id.
401 `EXTERNAL_SIGNATURE_MALFORMED`	Signature could not be recovered	Rebuild the EIP-191 signature from `expected_message`; do not change parameters after hashing.
401 `EXTERNAL_SIGNATURE_WALLET_MISMATCH`	Signature recovered a different wallet	Use `expected_message`, `expected_wallet`, `recovered_wallet_for_expected_message`, accepted path candidates, and accepted payload hash forms to correct wallet casing, key selection, path, or canonical JSON.
402	Insufficient credits	Use Agent Payment to buy credits through x402.
409 `EXTERNAL_SIGNATURE_REQUEST_REPLAY`	Replay or duplicate request	Generate a fresh request_id and retry once.
500	Tool or platform error	Retry later with a fresh request_id.

Related Skills

Agent Payment: ../agent-payment
x402 Bazaar: ../x402-bazaar
AgentPMT marketplace: https://www.agentpmt.com

安全使用建议

Install this only for a ClawHub/Convex maintainer context where the agent is expected to use repo credentials, GitHub/Convex tooling, and staff moderation authority. Before running moderation, production migration, or autoreview helper commands, confirm the target, reason, deployment, and whether full-access nested review is acceptable; use the no-yolo option when you do not want nested review to bypass sandbox prompts.

能力标签

cryptofinancial-authorityrequires-walletcan-make-purchasesrequires-sensitive-credentials

能力评估

ℹ Purpose & Capability

The artifacts cover ClawHub moderation, PR maintenance, Convex setup/auth/performance, and production migrations. High-impact capabilities such as banning users, changing roles, un-hiding skills, publishing proof comments, and running production migrations are purpose-aligned with staff/maintainer workflows.

✓ Instruction Scope

Sensitive workflows require explicit targets, reasons, dry-run or verification steps, and confirmation before writes or destructive production apply steps. The instructions also tell agents not to bypass auth, role checks, or audit logging.

✓ Install Mechanism

The reviewed skill files live under .agents/skills with Markdown guidance, small YAML interface metadata, SVG icons, and one local autoreview shell helper. I found no post-install hook, hidden installer, or automatic startup behavior.

ℹ Credentials

The skills expect repo, GitHub CLI, Convex, package manager, and admin/API credentials where relevant. That is proportionate for ClawHub maintainer work, but broader than a general-purpose user skill.

ℹ Persistence & Privilege

No unbounded persistence or covert credential handling was found. The autoreview helper defaults nested Codex review to full-access/yolo mode and can use external reviewer CLIs, but this is disclosed and has a no-yolo option.

如何使用

确保已安装 OpenClaw（本地或 Docker 部署）
在对话框中输入安装命令：/install agent-tool-marketplace
安装完成后，直接呼叫该 Skill 的名称或使用 /agent-tool-marketplace 触发
根据 Skill 的参数说明提供必要输入，即可获得结构化输出

版本历史

v1.0.2

Publish agent-tool-marketplace 1.0.2 with updated AgentPMT signing and payment guidance

v1.0.1

Update signed tool invocation to the path-bound action URL contract.

元数据

Slug agent-tool-marketplace

版本 1.0.2

许可证 MIT-0

累计安装 0

当前安装数 0

历史版本数 2

常见问题