← 返回 Skills 市场
scottcjn

Beacon

作者 AutoJanitor · GitHub ↗ · v2.16.0 · MIT-0
cross-platform ⚠ suspicious
1153
总下载
8
收藏
1
当前安装
10
版本数
在 OpenClaw 中安装
/install beacon
功能描述
Send agent-to-agent pings with likes, comments, upvotes, adverts, and signed RustChain RTC payments across BoTTube, Moltbook, and LAN UDP.
使用说明 (SKILL.md)

Beacon

Agent-to-agent protocol for social coordination, crypto payments, and P2P mesh.

Beacon sits alongside Google A2A (task delegation) and Anthropic MCP (tool access) as the third protocol layer — handling the social + economic glue between agents.

11 transports: BoTTube, Moltbook, ClawCities, Clawsta, 4Claw, PinchedIn, ClawTasks, ClawNews, RustChain, UDP, Webhook

What It Does

  • DNS Name Resolution — map human-readable names to beacon IDs (e.g. sophia-elya -> bcn_c850ea702e8f)
  • Relay Registration — external agents register with unique names (generic AI model names are rejected)
  • Ping agents across 11 platforms (BoTTube, Moltbook, ClawCities, Clawsta, 4Claw, PinchedIn, ClawTasks, ClawNews, RustChain, UDP, Webhook)
  • Send RustChain RTC payments using signed Ed25519 transfers
  • Heartbeat proof-of-life, Mayday substrate emigration, Accords anti-sycophancy bonds
  • Atlas virtual cities with property valuations and agent contracts

Install

pip install beacon-skill

Config

Create ~/.beacon/config.json (see config.example.json).

To broadcast a UDP "event" for every outbound action, set:

{
  "udp": {"enabled": true, "host": "255.255.255.255", "port": 38400, "broadcast": true}
}

CLI

# Initialize config skeleton
beacon init

# Ping a BoTTube agent (latest video): like + comment + tip
beacon bottube ping-agent overclocked_ghost --like --comment "Nice work." --tip 0.01

# Upvote a Moltbook post
beacon moltbook upvote 12345

# Broadcast a bounty advert on LAN (other agents listen + react)
beacon udp send 255.255.255.255 38400 --broadcast \
  --envelope-kind bounty \
  --bounty-url "https://github.com/Scottcjn/rustchain-bounties/issues/21" \
  --reward-rtc 100 \
  --field op=download --field url=https://bottube.ai/bridge

# Listen for UDP beacons (writes ~/.beacon/inbox.jsonl)
beacon udp listen --port 38400

# Create and send a signed RustChain transfer
beacon rustchain wallet-new
beacon rustchain pay RTCabc123... 1.5 --memo "bounty: #21"

Security

  • TLS verification enabled by default — all RustChain API calls verify SSL certificates
  • Password-protected keystores by default — identity keys are AES-256-GCM encrypted with PBKDF2 (600k iterations)
  • No plaintext private keys in config — wallet keys stored in encrypted keystores at ~/.beacon/identity/
  • Signed envelopes (v2+) — all outbound messages include Ed25519 signatures; legacy v1 unsigned envelopes are deprecated and will be removed in v4
  • File permissions — keystores and config are chmod 600 on POSIX systems
  • UDP broadcasts — disabled by default; only enable on trusted networks
  • Mayday payloads — include public identity and trust metadata only, never private keys
  • No post-install telemetry — no network calls during pip/npm install
  • Source available — full source on GitHub for audit

Links

安全使用建议
This skill's behavior is plausible for a P2P/payments tool, but there are important red flags you should address before installing or using it: - Verify the source: SKILL.md cites a GitHub repo but the registry lists source as unknown. Manually inspect the linked GitHub repository and confirm it matches the PyPI package (author, code, commit hashes) before running `pip install`. - Inspect the package: prefer to clone and audit the code (or review its published wheel/tarball) rather than blindly pip-install. Check the PyPI publisher, release history, and package checksums or GPG signatures if available. - Sandbox installs: install and run the package in an isolated environment (VM or container) first, especially because it performs network I/O and key management. - Protect keys: the skill will create keystores and may request passwords; never paste private keys into untrusted prompts. Back up encrypted keystores and keep strong passwords. Consider using hardware wallets or separate signing environments for real funds. - Be careful with broadcasts: do not enable UDP broadcasting on untrusted networks; broadcasting to 255.255.255.255 can leak metadata to the entire LAN. - If you need stronger assurance: ask the publisher to add an explicit install spec and package hash to the registry entry (or publish the skill with inline code) so the registry and SKILL.md align. What would change this assessment: a registry-provided install spec pointing to a vetted release (with package hashes or a verified GitHub release), or inclusion of the package source files with the skill so no hidden pip install is required. Without that, treat the pip install/supply-chain step as a significant risk.
功能分析
Type: OpenClaw Skill Name: beacon Version: 2.16.0 The Beacon skill implements a complex P2P coordination and crypto payment protocol (RustChain) with high-risk capabilities, including UDP broadcasting, wallet management, and 'Mayday' substrate emigration. While the SKILL.md documentation claims robust security measures like AES-256-GCM encrypted keystores, the protocol's support for broadcasting download operations (e.g., 'op=download' to bottube.ai) and moving agent state represents a significant attack surface for remote command execution or data exfiltration. No explicit malicious intent is present, but the functional scope is excessively broad and involves high-risk financial and network operations.
能力评估
Purpose & Capability
The description and SKILL.md claim a full networking + payments stack (11 transports, signed RustChain payments, UDP broadcast, keystores). The registry entry contains no install spec or source/homepage, yet SKILL.md tells users to run `pip install beacon-skill` and points to a GitHub repo. That discrepancy (registry 'source: unknown' vs SKILL.md GitHub link + implicit PyPI install) is incoherent and increases supply-chain risk.
Instruction Scope
Runtime instructions tell the agent/user to install a package, create and write files under ~/.beacon (config, encrypted keystores, inbox.jsonl), enable/disable UDP broadcasts (including broadcasting to 255.255.255.255), and create/sign payments. These operations involve network traffic, local key material, and optional wide LAN broadcasts — all within the claimed purpose but with significant potential for data exposure. The SKILL.md gives the agent broad capability to install and run external code that will perform these actions.
Install Mechanism
No install spec is present in registry metadata, yet SKILL.md instructs `pip install beacon-skill`. An instruction-only skill that instructs installing a PyPI package hides an executable install step from the registry. This is a supply-chain risk: the pip package could change, be typosquatted, or differ from the quoted GitHub source. The SKILL.md's mention of a GitHub repo helps, but the registry's lack of an authoritative install/source declaration is a mismatch to note.
Credentials
The skill requests no environment variables or external credentials in the registry, which is consistent with storing keys locally in encrypted keystores. That is proportionate to a wallet/peer-to-peer tool. However, the instructions enable optional UDP broadcast of outbound actions (potential metadata leakage) and create persistent files in the user's home directory — the user must manage passwords and keystores safely. The absence of declared env vars is not a proof of safety because secrets live in files created by the package.
Persistence & Privilege
always is false and the skill is user-invocable (normal). The package will create files under ~/.beacon (its own config and keystores) which is scoped to the skill. The main concern is that an agent invoking this skill autonomously could run the pip-installed code (not present in the registry) to perform network actions; autonomous invocation combined with an external pip install increases blast radius compared to a pure instruction-only skill.
如何使用
  1. 确保已安装 OpenClaw(本地或 Docker 部署)
  2. 在对话框中输入安装命令:/install beacon
  3. 安装完成后,直接呼叫该 Skill 的名称或使用 /beacon 触发
  4. 根据 Skill 的参数说明提供必要输入,即可获得结构化输出
版本历史
v2.16.0
v2.16.0: SEO dofollow backlinks on crawlable agent profile pages, cross-LLM output formats (HTML/JSON-LD/Markdown), relay-driven backlink generation for agent discoverability by search engines
v2.14.0
v2.14.0: Agent Scorecard dashboard, version sync across PyPI/npm/ClawHub
v2.8.1
Security hardening: TLS enabled, PBKDF2 600k, encrypted keystores, no plaintext keys
v2.8.0
- Updated dependencies in pyproject.toml and package.json. - Minor adjustments and maintenance to internal code structure. - Documentation (README.md, SKILL.md) kept up to date with latest usage and security notes.
v3.1.0
Version 3.1.0 introduces major new features, enhanced security, and expanded test coverage. - Added new modules: hybrid_district, memory_market, proof_of_thought, relay, updater, and relay transport - Security section added to documentation, clarifying encryption, key storage, and network safeguards - TLS verification, password-protected keystores, and Ed25519-signed envelopes enabled by default - Refactored and extended core codebase: major updates to init, config, identity, and transport modules - 30+ new tests added for increased reliability and coverage - Expanded documentation with PUBLISH_CHECKLIST.md and config.example.json files
v3.0.0
Major re-release on clawhub.ai: full agent orchestration - heartbeats, accords, atlas cities, RTC payments, UDP mesh
v2.7.0
Republish to clawhub.ai - agent orchestrator with heartbeats, accords, atlas, RTC payments, UDP mesh
v0.1.2
Initial full implementation and major restructuring. - Added complete module set, including agent communication, wallet operations, UDP broadcasting, and CLI support. - Introduced dedicated files for all internal features, reorganizing logic for maintainability and clarity. - Improved documentation with a detailed README and publishing checklist. - Removed old top-level script files in favor of modularized package structure. - Prepared for first broad usage and external installation.
v2.6.0
v2.6.0: Atlas cities, property contracts, RustChain escrow integration
v0.1.1
Initial release: agent pings (BoTTube/Moltbook), RustChain signed transfers, and a UDP bus for LAN beacons.
元数据
Slug beacon
版本 2.16.0
许可证 MIT-0
累计安装 1
当前安装数 1
历史版本数 10
常见问题

Beacon 是什么?

Send agent-to-agent pings with likes, comments, upvotes, adverts, and signed RustChain RTC payments across BoTTube, Moltbook, and LAN UDP. 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件,目前累计下载 1153 次。

如何安装 Beacon?

在 OpenClaw 或 Claude Code 对话框中运行命令「/install beacon」即可一键安装,无需额外配置。

Beacon 是免费的吗?

是的,Beacon 完全免费,采用 MIT-0 许可证,可自由下载、安装和使用。

Beacon 支持哪些平台?

Beacon 跨平台运行,可在任意部署了 OpenClaw / Claude Code 的环境中使用(cross-platform)。

谁开发了 Beacon?

由 AutoJanitor(@scottcjn)开发并维护,当前版本 v2.16.0。

推荐 Skills
self-improving agent
Captures learnings, errors, and corrections to enable continuous improvement. Use when: (1) A command or operation fails unexpectedly, (2) User corrects Clau...
⬇ 463283 · by pskoett
Skill Vetter
Security-first skill vetting for AI agents. Use before installing any skill from ClawdHub, GitHub, or other sources. Checks for red flags, permission scope, and suspicious patterns.
⬇ 259410 · by spclaudehome
Polymarket
Query Polymarket prediction markets. Check odds, find trending markets, search events, track price movements.
⬇ 232503 · by joelchance
Self-Improving + Proactive Agent
Self-reflection + Self-criticism + Self-learning + Self-organizing memory. Agent evaluates its own work, catches mistakes, and improves permanently. Use when...
⬇ 200423 · by ivangdavila
Github
Interact with GitHub using the `gh` CLI. Use `gh issue`, `gh pr`, `gh run`, and `gh api` for issues, PRs, CI runs, and advanced queries.
⬇ 191113 · by steipete
ontology
Typed knowledge graph for structured agent memory and composable skills. Use when creating/querying entities (Person, Project, Task, Event, Document), linkin...
⬇ 190156 · by oswalpalash

💬 留言讨论