← 返回 Skills 市场

Bobine Contract Caller

Name: Bobine Contract Caller
Author: ccamel

作者 Chris · GitHub ↗ · v0.1.0 · MIT-0

linuxdarwinwin32 ⚠ suspicious

总下载

当前安装

版本数

在 OpenClaw 中安装

/install bobine-contract-caller

功能描述

Use when you need to call deployed Bobine modules with typed params or perform a signed Ed25519 call through an auth module.

使用说明 (SKILL.md)

Bobine Contract Caller

Default entrypoint: scripts/call_bobine.mjs.

Upstream references

Concept overview: \x3Chttps://www.bobine.tech/>
Bobine project: \x3Chttps://github.com/hazae41/bobine>
Standard libraries for Bobine WebAssembly VM: \x3Chttps://github.com/hazae41/stdbob>

Scope

Calling a Bobine module through /api/execute
Preparing typed Bobine params for contract methods
Generating Ed25519 keys for Bobine auth sessions
Performing an authenticated ed25519 call with nonce handling and signature

Runtime requirements

Node.js 20+
Network access to a Bobine server

Load on demand

Read references/params.md only when params use packed arrays or quoted text: payloads
Read references/runtime.md only when spark handling, outputs, or failure modes are unclear
Use scripts/keygen.mjs only when the call needs ed25519 auth
Use scripts/call_bobine.mjs for all unsigned and signed calls

Quick workflow

Use scripts/call_bobine.mjs as the default entrypoint for Bobine interactions.
Read references/params.md only if params are nested, packed, or need quoted text:.
Generate keys if the call needs ed25519 auth:
```
node ./scripts/keygen.mjs
```

Call the target contract with explicit arguments:

node ./scripts/call_bobine.mjs \
  --server http://localhost:8080 \
  --module \x3Ctarget-module> \
  --method \x3Ctarget-method> \
  --param text:Alice

Inputs

call_bobine.mjs
- --server: Bobine server base URL
- --module: target module address
- --method: target method name
- --param: repeat once per typed param
- --auth-module: optional deployed ed25519 auth module address
- --sigkey: required when --auth-module is provided
- --pubkey: required when --auth-module is provided
- --spark-hex: optional one-off spark value for this exact call
- --spark-effort: optional inline spark generation target

Param rules

Scalars:
- null
- blob:\x3Chex>
- bigint:\x3Cvalue>
- number:\x3Cvalue>
- text:\x3Cvalue>
Arrays:
- pack:[...]
- array:[...]
Nesting is allowed
Quote the whole shell argument when it contains brackets, commas, or spaces
Quote the text: payload itself when it contains , or ], for example text:"a,b]"

Gotchas

--param is one top-level Bobine param per flag; nested arrays stay inside a single typed param string
text: values containing , or ] must quote the payload itself, for example text:"a,b]"
Signed calls require all of --auth-module, --sigkey, and --pubkey
--spark-hex is a one-off override for a specific call; prefer --spark-effort when you want a fresh spark
keygen.mjs prints secret material, so do not paste its output back to the user unless they explicitly ask for it

Signed call behavior

Read --server, target module, target method, and typed params
Build the Bobine session payload [auth_module, pubkey]
Derive the session address from sha256(pack(session))
Query \x3Cauth_module>.get_nonce(session_address)
Sign [domain, module, method, params, nonce]
Call \x3Cauth_module>.call(module, method, params, pubkey, signature)
Print a JSON object with logs, returned value, spark hex, and reported sparks

Output contract

Scripts print a single JSON object on stdout on success
Usage and failure diagnostics go to stderr
Returned Bobine values are normalized into tagged JSON:
- { "type": "text", "value": "hello" }
- { "type": "bigint", "value": "42" }
- { "type": "array", "value": [...] }
keygen.mjs prints { "sigkey": "...", "pubkey": "..." }

Safety

Do not echo private keys back to the user unless they explicitly ask for them
Treat sigkey as sensitive
Prefer a fresh inline spark by default; use --spark-hex only when you deliberately want to supply a one-off spark
Surface server errors and decoded logs instead of retrying blindly

Troubleshooting

Missing required call arguments: re-run with --server, --module, --method, and any required auth flags
Unknown value type: read references/params.md
Failed Bobine execute request: report the HTTP status and response body
Invalid session or Unauthorized: the auth module, nonce, keys, or target contract assumptions are wrong

安全使用建议

Install only if you intend to let the agent call Bobine contracts. Use a trusted server, carefully confirm every signed module/method/param set, avoid long-lived private keys in CLI arguments, and treat keygen output and sigkeys as sensitive. No hardcoded secret or hidden exfiltration was evident in the supplied source.

功能分析

Type: OpenClaw Skill Name: bobine-contract-caller Version: 0.1.0 The bobine-contract-caller skill bundle is a legitimate utility for interacting with Bobine WebAssembly modules. It provides scripts for Ed25519 key generation (scripts/keygen.mjs) and performing authenticated API calls (scripts/call_bobine.mjs) using a custom binary serialization format. The code uses standard Node.js native modules (node:crypto) and includes explicit safety instructions in SKILL.md advising the AI agent to protect private keys and avoid unauthorized disclosure. No evidence of data exfiltration, obfuscation, or malicious intent was found.

能力标签

cryptorequires-walletrequires-sensitive-credentials

能力评估

⚠ Purpose & Capability

The purpose is coherent and disclosed: it calls Bobine modules and can perform Ed25519-authenticated calls. The concern is the high-impact authority: signed mode can authorize arbitrary target module, method, and params.

⚠ Instruction Scope

The workflow requires explicit arguments, but the artifacts do not add confirmation, dry-run, allowlisting, or reversibility guidance before signed or potentially state-changing contract calls.

ℹ Install Mechanism

There is no install spec or external package install; the bundled Node scripts are run directly. The source is listed as unknown, so users should review the included scripts and provenance.

⚠ Credentials

Network access and local signing are proportionate to the stated purpose, but signed mode takes a raw private key as a command-line argument and sends signed requests to a user-specified server.

⚠ Persistence & Privilege

No background persistence or self-propagation is shown. The privilege concern comes from the user-supplied Ed25519 signing key used to authorize contract calls.

如何使用

确保已安装 OpenClaw（本地或 Docker 部署）
在对话框中输入安装命令：/install bobine-contract-caller
安装完成后，直接呼叫该 Skill 的名称或使用 /bobine-contract-caller 触发
根据 Skill 的参数说明提供必要输入，即可获得结构化输出

版本历史

v0.1.0

Initial release of bobine-contract-caller. - Enables typed Bobine contract calls via `/api/execute` - Supports unsigned and authenticated Ed25519-signed calls to Bobine modules - Provides scripts for contract interaction (`call_bobine.mjs`) and Ed25519 key generation (`keygen.mjs`) - Handles complex param structures and signed call nonce/signature flow - Outputs results as normalized tagged JSON; logs diagnostics to stderr - Includes robust safety practices for handling sensitive key material

元数据

Slug bobine-contract-caller

版本 0.1.0

许可证 MIT-0

累计安装 0

当前安装数 0

历史版本数 1

常见问题