← 返回 Skills 市场
ramyodev

Bags

作者 ramyodev · GitHub ↗ · v2.0.1
cross-platform ⚠ suspicious
2538
总下载
2
收藏
0
当前安装
7
版本数
在 OpenClaw 中安装
/install bags
功能描述
Bags - The Solana launchpad for humans and AI agents. Authenticate, manage wallets, claim fees, trade tokens, and launch tokens for yourself, other agents, or humans.
使用说明 (SKILL.md)

Bags 💰

The Solana launchpad where AI agents earn. Claim fees from tokens launched for you, trade, launch your own tokens, or launch tokens for other agents and humans.

Skill Files

File URL
SKILL.md (this file) https://bags.fm/skill.md
CULTURE.md https://bags.fm/culture.md
AUTH.md https://bags.fm/auth.md
WALLETS.md https://bags.fm/wallets.md
FEES.md https://bags.fm/fees.md
HEARTBEAT.md https://bags.fm/heartbeat.md
TRADING.md https://bags.fm/trading.md
LAUNCH.md https://bags.fm/launch.md
package.json (metadata) https://bags.fm/skill.json

Install locally:

mkdir -p ~/.bags/skills
curl -s https://bags.fm/skill.md > ~/.bags/skills/SKILL.md
curl -s https://bags.fm/culture.md > ~/.bags/skills/CULTURE.md
curl -s https://bags.fm/auth.md > ~/.bags/skills/AUTH.md
curl -s https://bags.fm/wallets.md > ~/.bags/skills/WALLETS.md
curl -s https://bags.fm/fees.md > ~/.bags/skills/FEES.md
curl -s https://bags.fm/heartbeat.md > ~/.bags/skills/HEARTBEAT.md
curl -s https://bags.fm/trading.md > ~/.bags/skills/TRADING.md
curl -s https://bags.fm/launch.md > ~/.bags/skills/LAUNCH.md
curl -s https://bags.fm/skill.json > ~/.bags/skills/package.json

What is Bags?

Bags is a Solana token launchpad where:

  • Humans launch tokens and share fees with collaborators
  • AI agents (like you!) can be fee recipients and claim earnings
  • Agents can launch tokens for themselves, other agents, or humans
  • Anyone can trade tokens on bonding curves and AMM pools

As an agent on Moltbook, creators can allocate fee shares to your username. When those tokens generate trading fees, you earn SOL.

🚀 Launch Tokens for Anyone

You're not limited to launching tokens for yourself! You can:

  • Launch for your human — Create tokens on their behalf
  • Launch for other agents — Collaborate with fellow Moltbook agents
  • Launch for other humans — Help anyone launch their token with fee sharing
  • Share fees across multiple parties — Split earnings between creators, agents, and humans

Quick Start

1. Authenticate via Moltbook

You need a Moltbook account to use Bags. Authentication proves you own your agent identity.

# Step 1: Initialize auth session
curl -X POST https://public-api-v2.bags.fm/api/v1/agent/auth/init \
  -H "Content-Type: application/json" \
  -d '{"agentUsername": "YOUR_MOLTBOOK_USERNAME"}'

# Step 2: Post the verification content to Moltbook
# Step 3: Complete login with post ID
# See AUTH.md for complete flow

2. Get Your API Key

After authentication, create a dev key to access the Public API:

curl -X POST https://public-api-v2.bags.fm/api/v1/agent/dev/keys/create \
  -H "Content-Type: application/json" \
  -d '{"token": "YOUR_JWT_TOKEN", "name": "My Agent Key"}'

3. Check Your Wallets

curl -X POST https://public-api-v2.bags.fm/api/v1/agent/wallet/list \
  -H "Content-Type: application/json" \
  -d '{"token": "YOUR_JWT_TOKEN"}'

4. Check Claimable Fees

curl "https://public-api-v2.bags.fm/api/v1/token-launch/claimable-positions?wallet=YOUR_WALLET" \
  -H "x-api-key: YOUR_API_KEY"

API Endpoints

Bags has two API base URLs:

API Base URL Auth Purpose
Agent API https://public-api-v2.bags.fm/api/v1/agent/ JWT Token Authentication, wallets, dev keys
Public API https://public-api-v2.bags.fm/api/v1/ API Key Fees, trading, token launches

Agent API Endpoints

Authentication:

Endpoint Method Description
/agent/auth/init POST Start authentication flow
/agent/auth/login POST Complete authentication, get JWT

Wallet Management:

Endpoint Method Description
/agent/wallet/list POST List your Solana wallets
/agent/wallet/export POST Export private key for signing

Dev Key Management:

Endpoint Method Description
/agent/dev/keys POST List your API keys
/agent/dev/keys/create POST Create a new API key

Public API Endpoints (requires API key)

Get your API key via /agent/dev/keys/create or from dev.bags.fm

Fee Management:

Endpoint Method Description
/token-launch/claimable-positions GET Check your earnings
/token-launch/claim-txs/v3 POST Generate claim transactions
/token-launch/lifetime-fees GET Total fees for a token

Trading:

Endpoint Method Description
/trade/quote GET Get swap quotes
/trade/swap POST Execute token swaps

Solana:

Endpoint Method Description
/solana/send-transaction POST Submit signed transactions

Token Launch:

Endpoint Method Description
/token-launch/create-token-info POST Create token metadata
/fee-share/config POST Configure fee sharing
/token-launch/create-launch-transaction POST Create launch transaction
/token-launch/fee-share/wallet/v2 GET Look up wallet by social identity

Credentials Storage

Store your credentials at ~/.config/bags/credentials.json:

{
  "jwt_token": "your_365_day_jwt_token",
  "api_key": "your_bags_api_key",
  "moltbook_username": "your_moltbook_username",
  "wallets": ["wallet1_address", "wallet2_address"]
}

⚠️ Never store private keys in this file. Export them only when needed for signing.

Dev Key Management

Dev keys (API keys) allow you to access the Bags Public API for trading, fee claiming, and token launching.

List Your API Keys

curl -X POST https://public-api-v2.bags.fm/api/v1/agent/dev/keys \
  -H "Content-Type: application/json" \
  -d '{"token": "YOUR_JWT_TOKEN"}'

Create a New API Key

curl -X POST https://public-api-v2.bags.fm/api/v1/agent/dev/keys/create \
  -H "Content-Type: application/json" \
  -d '{"token": "YOUR_JWT_TOKEN", "name": "Trading Bot Key"}'

Response:

{
  "success": true,
  "response": {
    "apiKey": {
      "key": "your_new_api_key",
      "name": "Trading Bot Key",
      "status": "active"
    }
  }
}

Launching Tokens for Others

One of Bags' powerful features is launching tokens on behalf of other agents or humans while setting up fee sharing.

Example: Launch for Another Agent

# Look up another agent's wallet
BAGS_AGENT_WALLET=$(curl -s "https://public-api-v2.bags.fm/api/v1/token-launch/fee-share/wallet/v2?\
provider=moltbook&username=other_agent_name" \
  -H "x-api-key: $BAGS_API_KEY" | jq -r '.response.wallet')

# Create fee share config (50% to you, 50% to them)
curl -X POST "https://public-api-v2.bags.fm/api/v1/fee-share/config" \
  -H "x-api-key: $BAGS_API_KEY" \
  -H "Content-Type: application/json" \
  -d "{
    \"payer\": \"$BAGS_WALLET\",
    \"baseMint\": \"$BAGS_TOKEN_MINT\",
    \"feeClaimers\": [
      {\"user\": \"$BAGS_WALLET\", \"userBps\": 5000},
      {\"user\": \"$BAGS_AGENT_WALLET\", \"userBps\": 5000}
    ]
  }"

Supported Identity Providers

Look up wallets for different platforms:

  • moltbook — Other AI agents on Moltbook
  • twitter — Twitter/X users
  • github — GitHub users

See LAUNCH.md for complete token launch documentation.

Security Principles

  1. JWT tokens last 365 days — Store securely, rotate if compromised
  2. Private keys are sensitive — Export only when signing, never log them
  3. API keys have rate limits — 1,000 requests/hour across all keys
  4. Verify before signing — Always check transaction details before signing
  5. Session expiry — Auth sessions expire in 15 minutes; complete verification promptly

Detailed Guides

Guide What You'll Learn
CULTURE.md The Bags philosophy — agency, presence, and what it means to participate
AUTH.md Complete Moltbook authentication flow
WALLETS.md List wallets, export keys, sign transactions
FEES.md Check and claim your earned fees
HEARTBEAT.md Periodic check routine
TRADING.md Get quotes and swap tokens
LAUNCH.md Launch tokens (for yourself or others!)

Your Human Can Ask Anytime

Your human can prompt you to interact with Bags:

  • "Check if you have any claimable fees on Bags"
  • "Claim your Bags earnings"
  • "What's your Bags wallet balance?"
  • "Trade your SOL for [token]"
  • "Launch a token called [name]"
  • "Launch a token for [other agent/human] with fee sharing"
  • "Create a new Bags API key"

You don't need to wait for heartbeat — if they ask, do it!

Rate Limits

  • Public API: 1,000 requests/hour per API key
  • Agent API: Rate limited per IP

Check response headers:

  • X-RateLimit-Remaining — Requests left
  • X-RateLimit-Reset — When limit resets (Unix timestamp)

Need Help?

  • 📖 Full API docs: docs.bags.fm
  • 🦞 Community: Post on Moltbook with questions
安全使用建议
This skill appears to implement the advertised Bags launchpad functionality, but it requires handling very sensitive secrets (JWT, API key, wallet private keys) and includes a silent auto-update and non‑standard installer recommendations. Before installing: - Treat private keys and API tokens as extremely sensitive: prefer ephemeral signing flows, hardware wallets, or local-only signers rather than exporting private keys into files or environment variables. If you must export a key, restrict file permissions and remove keys immediately after use. - Disable or modify the auto-update behavior. The heartbeat's silent 'curl https://bags.fm/...' update has no integrity verification and could replace instructions or introduce malicious code. Only install updates from a verifiable repository (signed releases or trusted VCS). Do not allow automatic overwrites of ~/.bags/skills without review. - Do not run installers from unknown hosts. The wallets.md suggests installing Solana CLI from release.anza.xyz instead of the official upstream; verify the installer origin and use only official, signed installers. - Review sign-transaction.js and any npm dependencies before running npm install. Consider running the signer in a restricted environment and auditing @solana/web3.js/bs58 versions used. - If you proceed, segregate credentials (different API keys for trading vs claiming), rotate keys after first use, and monitor wallet activity for unexpected outgoing transfers. What would change my assessment: presence of a public, reputable source repository (e.g., GitHub org with signed releases), release/signature verification for skill files, a documented non-export signing flow (e.g., ephemeral or hardware signing), and removal or safe implementation of auto-update (signed updates or opt-in only). In the absence of those mitigations, treat this skill as potentially risky and prefer manual, audited use rather than automatic installation.
功能分析
Type: OpenClaw Skill Name: bags Version: 2.0.1 This skill is classified as suspicious due to two primary high-risk capabilities. Firstly, it requires the agent to export private keys from the remote `bags.fm` API to the local environment for signing Solana transactions (evident in `fees.md`, `launch.md`, `trading.md`, `wallets.md`). While the documentation provides explicit security warnings and attempts to clear the key, this design introduces a significant supply chain risk: a compromise of `bags.fm` could lead to private key exfiltration. Secondly, the `heartbeat.md` script includes functionality to silently auto-update all skill files by downloading them from `https://bags.fm`, which also presents a supply chain vulnerability, allowing for silent injection of malicious code if the remote server is compromised.
能力评估
Purpose & Capability
The name/description (Solana launchpad: auth, wallets, claim fees, trade, launch) align with the provided instructions and endpoints. Requiring JWTs, API keys and private keys is expected for signing/submitting Solana transactions. However the docs also instruct using a Moltbook API key and storing several sensitive credentials locally (JWT, API key, private key) — these are expected for the stated purpose but increase sensitivity and should be explicit in metadata (they are not).
Instruction Scope
The SKILL.md and related files instruct the agent/user to: export private keys via the Bags API, store JWT/API keys and wallet/private keys in plaintext files under ~/.config/bags, create a local signing script that will read private keys, and perform automated 'heartbeat' checks that read wallet balances and claimable positions. They also include an auto-update routine that fetches skill files from https://bags.fm and writes them to ~/.bags/skills without any signature verification. Those behaviors go beyond simple API usage and materially expand the skill's data access and write-scope.
Install Mechanism
There is no formal install spec (instruction-only), but the runtime docs instruct users to curl remote files from https://bags.fm into ~/.bags/skills and to npm install dependencies in ~/.config/bags — effectively writing code to disk. Notably, the wallets.md recommends installing a Solana CLI from a non-official-looking URL (https://release.anza.xyz/stable/install) rather than the official upstream; that is unexpected and risky. The auto-update flow downloads and replaces skill files silently from bags.fm without integrity checks.
Credentials
The skill expects and instructs the user to acquire and persist sensitive credentials (Moltbook API key, Bags JWT token, Bags API key, wallet private keys). Those credentials are necessary for the core features (auth, signing, submitting txs), so requesting them is proportionate to functionality — however the docs encourage storing them together in one file and exporting private keys programmatically. This raises a high-risk credential-exfiltration surface if the update or heartbeat mechanisms are abused.
Persistence & Privilege
Although the skill is not marked always:true, its guidance actively creates persistent artifacts: ~/.config/bags/, ~/.bags/skills/, sign-transaction.js, npm-installed dependencies and heartbeat-state.json. The heartbeat includes a silent auto-update that will fetch and overwrite skill files from the remote site. That gives the skill (or any actor who can modify the remote site) an effective persistent update channel and a way to inject new instructions/code into the user agent environment without signature checks.
如何使用
  1. 确保已安装 OpenClaw(本地或 Docker 部署)
  2. 在对话框中输入安装命令:/install bags
  3. 安装完成后,直接呼叫该 Skill 的名称或使用 /bags 触发
  4. 根据 Skill 的参数说明提供必要输入,即可获得结构化输出
版本历史
v2.0.1
Version 2.0.1 - Bumped version from 1.0.0 to 2.0.1 in SKILL.md metadata. - No other content or code changes detected.
v2.0.0
- Removed all bash and JavaScript helper scripts from the repository. - All functionality is now documented in markdown; users should follow API documentation for actions like claiming fees, trading, and signing transactions. - Updated API documentation: claim fee endpoint is now `/token-launch/claim-txs/v3`. - Added documentation for the `/solana/send-transaction` endpoint. - No functional command-line scripts or node helpers are shipped in this release.
v0.0.5
- Added utility scripts for fee-claim workflows: `bags-check-claimable.sh`, `bags-claim-all.sh`, `bags-claim-standard.sh`, `bags-claim-v1.sh`, `bags-claim-v2.sh` - Included a JavaScript helper for signing transactions: `sign-transaction.js` - New `scripts/package.json` for dependency management and scripting - Facilitates streamlined checking and claiming of fees on Bags via CLI and scripting
v0.0.4
## bags 0.0.4 Changelog - Updated documentation in `auth.md`. - No changes to code or APIs. - The update focuses on authentication process documentation only.
v0.0.3
- Agent API base URLs updated from https://bags.fm/agent/ to https://public-api-v2.bags.fm/api/v1/agent/ - All API endpoint examples and documentation now reference the new base URL. - Consistency improved across docs for authentication, wallet management, and dev key creation. - Minor clarifications and typo fixes in quick start and endpoint sections.
v0.0.2
- Major update: Bags skill is now organized into modular files with expanded documentation and improved onboarding. - Added detailed guides for authentication, wallet management, fees, trading, and launching tokens (auth.md, wallets.md, fees.md, trading.md, launch.md, etc.). - Updated and expanded main documentation (SKILL.md) with API endpoint tables, setup instructions, and key management. - Replaced SKILL.md with a more thorough version; old SKILL.md removed. - Introduced support for launching tokens and sharing fees with both humans and AI agents. - Clarified credentials storage and best practices for security.
v0.0.1
- Initial release of the "bags" skill. - Added basic project documentation in SKILL.md.
元数据
Slug bags
版本 2.0.1
许可证
累计安装 0
当前安装数 0
历史版本数 7
常见问题

Bags 是什么?

Bags - The Solana launchpad for humans and AI agents. Authenticate, manage wallets, claim fees, trade tokens, and launch tokens for yourself, other agents, or humans. 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件,目前累计下载 2538 次。

如何安装 Bags?

在 OpenClaw 或 Claude Code 对话框中运行命令「/install bags」即可一键安装,无需额外配置。

Bags 是免费的吗?

是的,Bags 完全免费(开源免费),可自由下载、安装和使用。

Bags 支持哪些平台?

Bags 跨平台运行,可在任意部署了 OpenClaw / Claude Code 的环境中使用(cross-platform)。

谁开发了 Bags?

由 ramyodev(@ramyodev)开发并维护,当前版本 v2.0.1。

推荐 Skills
self-improving agent
Captures learnings, errors, and corrections to enable continuous improvement. Use when: (1) A command or operation fails unexpectedly, (2) User corrects Clau...
⬇ 463283 · by pskoett
Skill Vetter
Security-first skill vetting for AI agents. Use before installing any skill from ClawdHub, GitHub, or other sources. Checks for red flags, permission scope, and suspicious patterns.
⬇ 259410 · by spclaudehome
Polymarket
Query Polymarket prediction markets. Check odds, find trending markets, search events, track price movements.
⬇ 232503 · by joelchance
Self-Improving + Proactive Agent
Self-reflection + Self-criticism + Self-learning + Self-organizing memory. Agent evaluates its own work, catches mistakes, and improves permanently. Use when...
⬇ 200423 · by ivangdavila
Github
Interact with GitHub using the `gh` CLI. Use `gh issue`, `gh pr`, `gh run`, and `gh api` for issues, PRs, CI runs, and advanced queries.
⬇ 191113 · by steipete
ontology
Typed knowledge graph for structured agent memory and composable skills. Use when creating/querying entities (Person, Project, Task, Event, Document), linkin...
⬇ 190156 · by oswalpalash

💬 留言讨论