功能描述

Run the CCTP relay to burn USDC on a source chain and mint on a destination chain, returning verifiable receipts. Use for multichain agent-to-agent settlement, with optional Moltbook discovery and integrations.

使用说明 (SKILL.md)

Agentic Commerce Relay

Name: Agentic Commerce Relay
Author: nativ3ai

Use this skill when you need to settle USDC across CCTP-supported chains without deploying contracts. The relay script calls Circle’s official CCTP contracts and outputs a machine-readable receipt.

Quick Use

From the repo root:

SRC_RPC=... \
DST_RPC=... \
PRIVATE_KEY=0x... \
SRC_USDC=0x... \
SRC_TOKEN_MESSENGER=0x... \
SRC_MESSAGE_TRANSMITTER=0x... \
DST_MESSAGE_TRANSMITTER=0x... \
DST_DOMAIN=... \
node scripts/cctp-bridge.js

Required env

SRC_RPC
DST_RPC
PRIVATE_KEY

Optional env (override per chain)

SRC_USDC
SRC_TOKEN_MESSENGER
SRC_MESSAGE_TRANSMITTER
DST_MESSAGE_TRANSMITTER
DST_DOMAIN
AMOUNT (default 1000000, 1 USDC with 6 decimals)

Receipt

The script prints JSON with:

burnTx
messageHash
mintTx
recipient

Optional modules

Moltbook discovery

Find counterparties by submolt feed:

MOLTBOOK_API_KEY=... \
MOLTBOOK_BASE_URL=https://www.moltbook.com \
node scripts/discovery-moltbook.cjs --submolt usdc --sort new --tag payment

Bundled integrations

This repo includes optional modules under integrations/:

integrations/mvp (USDC Intent Payer)
integrations/anonx402-hackathon (Anon x402 Relay)

Use these for intent parsing/guardrails or privacy, then call the relay to settle cross-chain.

安全使用建议

Do not supply your real/private signing key or production RPC credentials to this skill as packaged. The SKILL.md expects local Node scripts and integrations (scripts/cctp-bridge.js, integrations/) but the skill bundle contains only the SKILL.md and no code or homepage — that makes it impossible to audit what will run. Before installing or using: 1) ask the publisher for the source repo or a signed release and verify the scripts; 2) only use an ephemeral or low-value key and non-production RPC endpoints for testing; 3) prefer hardware-wallet or external-signing workflows rather than providing raw PRIVATE_KEY to an agent; 4) be cautious about optional discovery integrations (Moltbook) and API keys — verify their endpoints and privacy implications. If the publisher cannot provide source or an installable package, treat this skill as untrusted.

功能分析

Type: OpenClaw Skill Name: agentic-commerce-relay Version: 0.1.0 The skill is classified as suspicious primarily due to its requirement for the `PRIVATE_KEY` to be passed directly as an environment variable for executing the `cctp-bridge.js` script, as detailed in `SKILL.md`. This is a high-risk operation involving sensitive credentials, even if for the stated purpose of cross-chain token transfers. Additionally, the skill instructs the agent to make network calls to an external domain, `https://www.moltbook.com`, for 'Moltbook discovery,' which introduces an external dependency and a vector for potential data exfiltration, though it is presented as part of the skill's functionality. While there is no clear evidence of intentional malicious behavior like exfiltration to an unauthorized endpoint or prompt injection for harmful objectives, these capabilities present significant security risks.

能力评估

⚠ Purpose & Capability

The described purpose (CCTP relay to burn/mint USDC) legitimately requires RPC endpoints and a signing key, which the SKILL.md lists, but the registry metadata claims no required env/credentials. That mismatch (no required env vs SKILL.md requiring PRIVATE_KEY, SRC_RPC, DST_RPC) is incoherent.

⚠ Instruction Scope

Runtime instructions tell the agent to run scripts (scripts/cctp-bridge.js, scripts/discovery-moltbook.cjs) and to set sensitive env vars, but no scripts or integrations are included in the skill bundle. The instructions also suggest calling external services (Moltbook) and sending transactions to RPC endpoints — all of which require explicit, included code or provenance, which is missing.

⚠ Install Mechanism

There is no install spec (instruction-only), which is low-risk in itself, but the README-style instructions reference bundled modules and script files that are not present. That discrepancy means the skill as packaged can't perform the claimed actions without external code, which is suspicious.

⚠ Credentials

SKILL.md requires a PRIVATE_KEY and RPC URLs (sensitive). The registry declares no required env or primary credential. Requesting a private key is proportionate for signing cross-chain burns/mints, but the skill should have declared this and provided code reviewable by the user; undeclared sensitive env requirements are a red flag. Additional optional envs (MOLTBOOK_API_KEY, etc.) are also referenced but not declared.

✓ Persistence & Privilege

The skill does not request always:true, has no install steps that would persist code on disk, and is user-invocable only. Autonomous invocation is enabled by default but not, by itself, unusual or escalatory here.

版本历史

v0.1.0

Initial public release

元数据

Slug agentic-commerce-relay

版本 0.1.0

许可证 —

累计安装 0

当前安装数 0

历史版本数 1

常见问题