← 返回 Skills 市场

Agnic Authenticate Wallet (x402)

Name: Agnic Authenticate Wallet (x402)
Author: agnicpay-prog

作者 Agnic.AI · GitHub ↗ · v2.0.2 · MIT-0

cross-platform ✓ 安全检测通过

234

总下载

当前安装

版本数

在 OpenClaw 中安装

/install agnic-authenticate-wallet

功能描述

Authenticate Agnic wallet via browser OAuth or headless API token. Use when the user wants to sign in, log in, authenticate, connect wallet, set up CLI, or r...

使用说明 (SKILL.md)

Authenticating the Agnic Wallet

Check Current Status

npx agnic@latest status --json

If already authenticated, no further action needed. If not, choose the appropriate mode below.

Mode 1: Headless / Token Auth (CI, servers, agents)

Preferred when no browser is available. Generate an API token at app.agnic.ai > Settings > API Tokens.

Option A -- Environment variable (recommended for automation):

export AGNIC_TOKEN=\x3Cyour-api-token>
npx agnic@latest status --json

The CLI reads AGNIC_TOKEN automatically. All subsequent commands in the same shell session use it without extra flags.

Option B -- Inline flag (one-off commands):

npx agnic@latest --token \x3Cyour-api-token> status --json

Mode 2: Browser OAuth (interactive terminals)

Use when a browser is available:

npx agnic@latest auth login

This command:

Starts a temporary local server on a random port
Opens the default browser to the Agnic OAuth consent screen
The user signs in (email, Google, or wallet) and approves spending limits
The browser redirects back to http://localhost:\x3Cport>/callback
The CLI exchanges the authorization code for tokens and saves them locally

Wait for the CLI to print Authenticated! before proceeding.

Verify Authentication

npx agnic@latest status --json

Expected output:

{
  "authenticated": true,
  "userId": "did:privy:...",
  "email": "[email protected]",
  "walletAddress": "0x...",
  "tokenExpiry": "2026-05-22T14:30:00Z"
}

Logout

To remove stored credentials:

npx agnic@latest auth logout

Token Storage

Browser mode: credentials stored in ~/.agnic/config.json with 0600 permissions. Tokens auto-refresh on 401 responses. Refresh token expires after 90 days.
Token mode: no local storage. The token is read from AGNIC_TOKEN env var or --token flag per invocation.

Error Handling

"Not authenticated" -- Set AGNIC_TOKEN env var, pass --token, or run auth login
"Authentication failed" -- User cancelled the browser flow or the 5-min timeout expired
"Could not open browser" -- The CLI prints a URL to copy and open manually
"Token expired" -- Browser tokens auto-refresh; API tokens must be regenerated at app.agnic.ai
"Invalid token" -- Check the token value; it may have been revoked or malformed

安全使用建议

This skill appears to do what it says: it instructs the agent to run the Agnic CLI via 'npx' to perform OAuth or token-based authentication and to store tokens under ~/.agnic/config.json. Before using it: (1) ensure you have Node/npm and are comfortable with running 'npx' (it downloads and executes code from the npm registry); consider pinning to a specific version instead of @latest; (2) prefer setting AGNIC_TOKEN for non-interactive environments and avoid storing long-lived tokens on shared machines; (3) after browser auth, verify ~/.agnic/config.json permissions and contents; (4) if you need stronger assurance, review the agnic npm package/source (or install from an official release) before running commands that fetch code.

功能分析

Type: OpenClaw Skill Name: agnic-authenticate-wallet Version: 2.0.2 The skill bundle provides standard instructions and tool definitions for authenticating with the Agnic CLI via OAuth or API tokens. It uses legitimate patterns such as 'npx agnic@latest' for status checks and authentication flows, and it correctly identifies sensitive file locations like ~/.agnic/config.json for credential storage. No evidence of data exfiltration, malicious execution, or prompt injection was found in SKILL.md or _meta.json.

能力标签

cryptorequires-walletrequires-oauth-tokenrequires-sensitive-credentials

能力评估

ℹ Purpose & Capability

The skill's name/description match the instructions: it tells users how to authenticate via browser OAuth or an API token. However the manifest lists no required binaries while the instructions require 'npx' (Node/npm) to run the CLI; that's a small mismatch but explainable.

ℹ Instruction Scope

SKILL.md restricts actions to running 'npx agnic' commands, reading an optional AGNIC_TOKEN env var, and storing credentials in ~/.agnic/config.json. Those behaviors are within scope for an auth helper, but the manifest did not declare the config path (~/.agnic/config.json) that the CLI writes, which is a disclosure gap.

ℹ Install Mechanism

No install spec (instruction-only), but the runtime uses 'npx agnic@latest' which fetches and executes the package from npm on demand. That's expected for a CLI helper but carries the usual supply-chain risk of running remotely fetched code, especially when using the @latest tag.

ℹ Credentials

The only credential surface is the optional AGNIC_TOKEN env var and tokens stored locally by the CLI. No unrelated secrets or multiple unrelated credentials are requested. The manifest did not list AGNIC_TOKEN in requires.env even though SKILL.md documents it, which is a minor proportionality/documentation mismatch.

✓ Persistence & Privilege

The skill does not request elevated/platform-wide persistence. It documents storing auth tokens in its own config file (~/.agnic/config.json) with 0600 — expected for an auth flow. always:false and normal invocation flags are appropriate.

如何使用

确保已安装 OpenClaw（本地或 Docker 部署）
在对话框中输入安装命令：/install agnic-authenticate-wallet
安装完成后，直接呼叫该 Skill 的名称或使用 /agnic-authenticate-wallet 触发
根据 Skill 的参数说明提供必要输入，即可获得结构化输出

版本历史

v2.0.2

v2.0.2 — Synced with upstream agnic-wallet-skills authenticate-wallet skill: - Added headless authentication (AGNIC_TOKEN env var + --token flag) - Rebranded references from "AgnicPay" to "Agnic"

v1.0.0

- Initial release of authenticate-wallet skill. - Provides authentication for AgnicPay wallets via browser OAuth or token-based headless mode. - New CLI commands support login, token status checking, and logout. - Step-by-step documentation for both interactive and headless authentication flows. - Includes guidance on error handling and credential removal.

元数据

Slug agnic-authenticate-wallet

版本 2.0.2

许可证 MIT-0

累计安装 0

当前安装数 0

历史版本数 2

常见问题