← 返回 Skills 市场
tenequm

AgentBox

作者 Misha Kolesnik · GitHub ↗ · v1.0.0
cross-platform ⚠ suspicious
437
总下载
0
收藏
0
当前安装
1
版本数
在 OpenClaw 中安装
/install agentbox
功能描述
AgentBox VM operating instructions: services, config, x402 payments, skill updates, troubleshooting. Load this at the start of every session.
使用说明 (SKILL.md)

AgentBox Operating Instructions

You are running on a dedicated AgentBox VM - a single-tenant Hetzner cloud instance with OpenClaw gateway, HTTPS, web terminal, and a Solana wallet for x402 micropayments.

Services

Service Port Managed by
OpenClaw gateway :18789 (loopback) openclaw gateway restart
Caddy (HTTPS reverse proxy) :443 sudo systemctl restart caddy
ttyd (web terminal) :7681 (loopback) sudo systemctl restart ttyd

Caddy routes HTTPS traffic to the gateway and terminal. Do NOT modify Caddy or systemd configs directly.

Key paths

What Path
OpenClaw config ~/.openclaw/openclaw.json
Solana wallet ~/.openclaw/agentbox/wallet-sol.json
Workspace ~/.openclaw/workspace/
Skills ~/.openclaw/workspace/skills/
x402 plugin ~/.openclaw/extensions/openclaw-x402/
Gateway logs ~/.openclaw/logs/

x402 payment plugin

The openclaw-x402 plugin patches globalThis.fetch to handle HTTP 402 Payment Required responses automatically. When an LLM inference call returns 402, the plugin signs a USDC payment on Solana and retries. This is transparent - you don't need to do anything special.

The wallet at ~/.openclaw/agentbox/wallet-sol.json must have USDC balance for payments to work. Check balance with:

spl-token balance --owner $(solana address) EPjFWdd5AufqSSqeM2qN1xzybapC8G4wEGGkZwyTDt1v

Default model provider

This instance comes with a preconfigured LLM provider (blockrun) that uses x402 for payments. If users want to use a different provider like OpenRouter, use the /agentbox-openrouter skill.

Restarting the gateway

After any config change to ~/.openclaw/openclaw.json:

openclaw gateway restart

Check status:

openclaw status

Updating skills

To get the latest AgentBox skills:

clawhub update --all

This updates all installed skills from ClawHub. Changes take effect on the next new session.

Troubleshooting

  • Gateway won't start: Check openclaw status and gateway logs at ~/.openclaw/logs/
  • x402 payments failing: Check USDC balance (see above). Wallet needs USDC on Solana mainnet.
  • Config changes not taking effect: Run openclaw gateway restart after editing ~/.openclaw/openclaw.json
  • Skills not showing: Run clawhub list to see installed skills. Run clawhub update --all to refresh.

Important rules

  • Always use openclaw gateway restart to restart the gateway. Never use systemctl directly for the gateway.
  • When editing ~/.openclaw/openclaw.json, read the current file first, modify it, write it back. Don't write partial configs.
  • The Solana wallet private key is at ~/.openclaw/agentbox/wallet-sol.json. Never share it or display it to users.
安全使用建议
Before installing: (1) confirm why always:true is required — consider running it manually instead of forcing it at every session; (2) verify where the Solana wallet private key is stored and whether the agent or any skills will be allowed to read it; if automatic on-demand payments are enabled, restrict wallet funds (use a small balance) or require explicit user approval; (3) ask the publisher to declare required config paths/credentials in the registry metadata (the SKILL.md references many paths but the manifest lists none); (4) restrict or audit any actions that run sudo/systemctl from the agent; (5) if you must use this in production, run it in an isolated VM with limited funds and full backups and review gateway/x402 plugin source before trusting automated payments.
功能分析
Type: OpenClaw Skill Name: agentbox Version: 1.0.0 The skill is classified as suspicious due to the explicit mention of the Solana wallet private key path (`~/.openclaw/agentbox/wallet-sol.json`) in `SKILL.md`. Although the skill includes a defensive instruction not to share this key, its presence and location are disclosed to the AI agent, creating a significant prompt injection vulnerability. An attacker could craft a prompt to bypass this instruction and trick the agent into reading or exfiltrating the private key. Additionally, the skill grants the agent `sudo` capabilities for specific service restarts (`sudo systemctl restart caddy`, `sudo systemctl restart ttyd`), which could be abused if the agent is prompted to generalize these privileges.
能力评估
Purpose & Capability
Name and description match the SKILL.md content: this is an AgentBox VM operations guide (services, config paths, payments, troubleshooting). However the manifest does not declare the many local config paths and a Solana wallet that the instructions reference, which is an omission that reduces transparency.
Instruction Scope
The runtime instructions reference system-level commands (sudo systemctl restart caddy/ttyd), explicit filesystem paths under ~/.openclaw (config, logs, skills), and a Solana wallet file. They describe an x402 plugin that transparently signs USDC payments on 402 responses. Those are operational actions with sensitive side effects (automatic signing of on-chain payments) and go beyond a simple informational readme.
Install Mechanism
Instruction-only skill with no install spec and no code files — nothing will be written to disk by the skill package itself. This is the lowest-risk install mechanism from the registry side.
Credentials
The SKILL.md references a local Solana wallet at ~/.openclaw/agentbox/wallet-sol.json and requires that it hold USDC for automatic payments, but the skill declares no required config paths or credentials. The skill therefore implies access to a sensitive private key without declaring it in the manifest; that mismatch is a red flag.
Persistence & Privilege
always:true is set so this skill is force-loaded at session start. That could be reasonable for a VM runbook, but combined with references to a local wallet and automatic payment behavior it materially increases the blast radius if the agent is ever allowed to act autonomously.
如何使用
  1. 确保已安装 OpenClaw(本地或 Docker 部署)
  2. 在对话框中输入安装命令:/install agentbox
  3. 安装完成后,直接呼叫该 Skill 的名称或使用 /agentbox 触发
  4. 根据 Skill 的参数说明提供必要输入,即可获得结构化输出
版本历史
v1.0.0
Initial release
元数据
Slug agentbox
版本 1.0.0
许可证
累计安装 0
当前安装数 0
历史版本数 1
常见问题

AgentBox 是什么?

AgentBox VM operating instructions: services, config, x402 payments, skill updates, troubleshooting. Load this at the start of every session. 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件,目前累计下载 437 次。

如何安装 AgentBox?

在 OpenClaw 或 Claude Code 对话框中运行命令「/install agentbox」即可一键安装,无需额外配置。

AgentBox 是免费的吗?

是的,AgentBox 完全免费(开源免费),可自由下载、安装和使用。

AgentBox 支持哪些平台?

AgentBox 跨平台运行,可在任意部署了 OpenClaw / Claude Code 的环境中使用(cross-platform)。

谁开发了 AgentBox?

由 Misha Kolesnik(@tenequm)开发并维护,当前版本 v1.0.0。

推荐 Skills
self-improving agent
Captures learnings, errors, and corrections to enable continuous improvement. Use when: (1) A command or operation fails unexpectedly, (2) User corrects Clau...
⬇ 463283 · by pskoett
Skill Vetter
Security-first skill vetting for AI agents. Use before installing any skill from ClawdHub, GitHub, or other sources. Checks for red flags, permission scope, and suspicious patterns.
⬇ 259410 · by spclaudehome
Polymarket
Query Polymarket prediction markets. Check odds, find trending markets, search events, track price movements.
⬇ 232503 · by joelchance
Self-Improving + Proactive Agent
Self-reflection + Self-criticism + Self-learning + Self-organizing memory. Agent evaluates its own work, catches mistakes, and improves permanently. Use when...
⬇ 200423 · by ivangdavila
Github
Interact with GitHub using the `gh` CLI. Use `gh issue`, `gh pr`, `gh run`, and `gh api` for issues, PRs, CI runs, and advanced queries.
⬇ 191113 · by steipete
ontology
Typed knowledge graph for structured agent memory and composable skills. Use when creating/querying entities (Person, Project, Task, Event, Document), linkin...
⬇ 190156 · by oswalpalash

💬 留言讨论