功能描述

Privacy-first agent infrastructure offering secure forecasting markets, decentralized credential verification, multi-rail settlement, and cross-rail micropay...

使用说明 (SKILL.md)

BlindOracle

Name: BlindOracle - Privacy-First Agent Infrastructure
Author: craigmbrown

Privacy-first agent infrastructure providing forecasting, credential verification, settlement, and cross-rail transfers via x402 micropayments.

Description

BlindOracle is a complete suite of privacy-preserving infrastructure services for AI agents. All operations are secured by CaMel 4-layer architecture and paid via x402 micropayments on Base L2 with USDC.

Service Tracks

Forecasting Platform - Create and resolve privacy-preserving forecast markets with anonymous position submission
Credential Verification - Decentralized agent identity scoring with anti-synthetic detection
Account & Settlement - Multi-rail balance management and value transfer (instant ~3s, on-ledger ~30s)
Cross-Rail Transfers - Atomic transfers between payment rails with free fee quotes

Capabilities

Capability	Description	Price
`create_forecast`	Create a new forecast market	0.001 USDC
`submit_position`	Submit anonymous position	0.0005 USDC + 0.1%
`resolve_forecast`	Resolve forecast and distribute payouts	0.002 USDC
`verify_credential`	Verify agent credentials and reputation	0.0002 USDC
`mint_credential`	Mint Proof of Presence/Participation/Belonging/Witness	0.001 USDC
`check_account`	Check balances across all rails	FREE
`create_settlement_request`	Generate settlement request	0.0001 USDC
`settle_instant`	Instant rail settlement (~3s)	0.0005 USDC + 0.1%
`settle_onchain`	On-chain rail settlement (~30s)	0.001 USDC + 0.05%
`transfer_cross_rail`	Cross-rail transfer execution	0.001 USDC + 0.1%
`convert_private_to_stable`	Convert private tokens to stablecoins	0.0005 USDC + 0.05%
`get_transfer_quote`	Get fee estimates and route plans	FREE

Usage

// Check account balances (FREE)
const balance = await gateway.invoke("blindoracle", {
  capability: "check_account",
  params: { rail: "all" }
});

// Create a forecast
const forecast = await gateway.invoke("blindoracle", {
  capability: "create_forecast",
  params: {
    forecast_question: "Will global AI agent count exceed 10M by Q4 2026?",
    forecast_deadline: "2026-12-31T23:59:59Z",
    initial_stake_units: 10000,
    resolution_oracle: "chainlink_data_feed"
  },
  payment_proof: { /* x402 proof */ }
});

// Verify agent credentials
const creds = await gateway.invoke("blindoracle", {
  capability: "verify_credential",
  params: {
    agent_public_key: "ba3eefec0e795362230f869461ea16e20b782e11eef6107edeed0d3d19e7651b"
  }
});

Security

All operations protected by CaMel 4-Layer Security:

Layer 1: Rate limiting (60 req/min) + input sanitization
Layer 2: Byzantine consensus (67% threshold, 80% for high-value)
Layer 3: Anti-persuasion detection (30% deviation threshold)
Layer 4: Authority validation + immutable audit trail

Privacy

Zero-identity-linkage via guardian federation bridge
Commitment scheme: sha256(secret || stance || amount)
Depositor and position holder are unlinkable
Decentralized credentials without central authority

API Endpoints

Base URL: https://craigmbrown.com/api/v2
Agent Card: https://craigmbrown.com/a2a/v1
Health: https://craigmbrown.com/api/v2/health

Payment

All payments via HTTP 402 (x402) micropayment protocol on Base L2 (chain ID 8453) with USDC.

Requirements

x402-compatible payment client
Base L2 USDC for paid capabilities
No dependencies for free capabilities (check_account, get_transfer_quote)

Support

Homepage: https://craigmbrown.com/blindoracle
Repository: https://github.com/craigmbrown/blindoracle-docs

安全使用建议

This skill exhibits concerning mismatches between its public description and its implementation. Before installing or invoking it on any agent that has access to secrets or production systems, do the following: 1) Ask the author to list required environment variables and explain where wallet/private keys or payment client credentials are stored and how payment proofs are validated. 2) Request the missing modules referenced by handler.py (security.blindoracle_security_gateway and distribution.clawhub_skill.handler) and review them — the handler currently modifies sys.path to import parent-level code, which can cause it to load host modules and access local secrets. 3) Confirm whether the skill will perform on-chain or off-chain transfers and where signing keys are kept; if keys are expected on the host, decline installation unless keys are stored in a restricted vault and only accessible to a hardened process. 4) If you must evaluate it, run the skill in a fully isolated sandbox agent with no access to production secrets or network endpoints, and monitor network and file activity. 5) Consider blocking or closely auditing outbound connections to the declared endpoints (https://craigmbrown.com) and any RPC endpoints the missing modules may call. The obfuscation of cryptocurrency terms in outward docs while mapping to crypto actions internally is the primary reason for suspicion.

功能分析

Type: OpenClaw Skill Name: blindoracle Version: 1.0.1 The skill is classified as suspicious primarily due to its intentional obfuscation of underlying cryptocurrency and blockchain technologies. The `handler.py` file contains a `SCRUB_TERMS` dictionary and associated logic to replace terms like 'Bitcoin', 'Ethereum', 'Lightning', and 'sats' with sanitized phrases such as 'digital value', 'settlement network', 'instant rail', and 'units'. This 'Brand A' terminology, while not directly malicious code, represents a deceptive practice regarding the transparency of the services offered. Furthermore, the skill relies on unprovided internal modules (`security.blindoracle_security_gateway` and `distribution.clawhub_skill.handler`) for its core logic and security mechanisms, preventing a full audit of these critical components. The skill also exposes high-risk financial and identity management capabilities (e.g., `settle_onchain`, `transfer_cross_rail`, `mint_credential`) which, without full visibility into the underlying implementations, warrant caution.

能力评估

⚠ Purpose & Capability

The SKILL.md and metadata present a 'sanitized' privacy/payments service with no required credentials. The handler maps Brand A (sanitized) capabilities to Brand B names that clearly reference cryptocurrency rails (e.g., withdraw_lightning, swap_btc_eth, amount_sats). A payments/settlement service that actually executes transfers would normally require wallet keys, node/API credentials, or at minimum a payment client — none are declared in the manifest. The translation/obfuscation suggests the skill's real capabilities are broader and more sensitive than advertised.

ℹ Instruction Scope

SKILL.md instructs agents to use gateway.invoke and talks to https://craigmbrown.com/api/v2; this is expected. However, the actual handler code prepends a high-level parent directory to sys.path and attempts to import external modules (security.blindoracle_security_gateway and distribution.clawhub_skill.handler) that are not included in the package. Prepending parent directories allows the skill to load modules from the agent's environment which could expose host resources or secrets if those modules access them. The skill also actively scrubs and rewrites terminology (removing crypto terms), which hides the underlying transport/asset semantics from the outer doc.

✓ Install Mechanism

No install spec (no downloads/write-to-disk installer) is provided, which limits upfront risk. However, the package includes non-trivial Python code (handler.py) that will execute when invoked; absent an install step, the code will still run in-process when the skill is invoked.

⚠ Credentials

The skill requests no environment variables or credentials in its manifest despite clearly performing financial settlement and transfer operations. Realistic operation would require private keys, RPC endpoints, API keys, or payment client configuration. The absence of declared secrets is a mismatch and could indicate either: (1) the skill expects to import credentials from the host (via the sys.path trick), or (2) the manifest is incomplete/obfuscated. Both are security-relevant.

✓ Persistence & Privilege

The skill is not marked always:true and does not request persistent system configuration changes in the provided files. This lowers privilege concerns. That said, dynamic imports of external modules (outside the skill package) increase runtime reach but are not, by themselves, a permission flag in the manifest.

版本历史

v1.0.1

Fix repository link to point to blindoracle-docs, fix install command

v1.0.0

Initial release: privacy-first agent infrastructure with forecasting, credential verification, settlement, and cross-rail transfers via x402 micropayments

元数据

Slug blindoracle

版本 1.0.1

许可证 —

累计安装 0

当前安装数 0

历史版本数 2

常见问题

BlindOracle - Privacy-First Agent Infrastructure 是什么？

Privacy-first agent infrastructure offering secure forecasting markets, decentralized credential verification, multi-rail settlement, and cross-rail micropay... 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件，目前累计下载 419 次。

如何安装 BlindOracle - Privacy-First Agent Infrastructure？

在 OpenClaw 或 Claude Code 对话框中运行命令「/install blindoracle」即可一键安装，无需额外配置。

BlindOracle - Privacy-First Agent Infrastructure 是免费的吗？

是的，BlindOracle - Privacy-First Agent Infrastructure 完全免费（开源免费），可自由下载、安装和使用。

BlindOracle - Privacy-First Agent Infrastructure 支持哪些平台？

BlindOracle - Privacy-First Agent Infrastructure 跨平台运行，可在任意部署了 OpenClaw / Claude Code 的环境中使用（cross-platform）。

谁开发了 BlindOracle - Privacy-First Agent Infrastructure？

由 craigmbrown（@craigmbrown）开发并维护，当前版本 v1.0.1。

BlindOracle - Privacy-First Agent Infrastructure