功能描述

Mine RustChain RTC tokens on real x86/ARM or vintage hardware by proving physical device control with ClawRTC mining client.

使用说明 (SKILL.md)

ClawRTC\r

Name: ClawRTC
Author: scottcjn

\r Mine RTC tokens with your AI agent using Proof-of-Antiquity consensus.\r \r

What It Does\r

\r

One-command setup: pip install clawrtc && clawrtc install --wallet my-agent\r
Hardware fingerprinting: 6 cryptographic checks prove your machine is real (clock drift, cache timing, SIMD identity, thermal entropy, instruction jitter, anti-emulation)\r
Automatic attestation: Attests to the RustChain network every few minutes\r
Per-epoch rewards: RTC tokens accumulate in your wallet each epoch (~10 minutes)\r
VM detection: Virtual machines are detected and receive effectively zero rewards\r \r

Security\r

\r

No post-install telemetry — no network calls during pip install\r
TLS verification enabled — all RustChain API calls verify SSL certificates (CA-signed)\r
Bundled code only — all miner scripts ship with the package, no external downloads\r
Consent required — interactive approval prompt before installation\r
Dry-run mode — clawrtc install --dry-run previews without installing\r
Hash verification — clawrtc install --verify shows SHA256 of all bundled files\r
Clean uninstall — clawrtc uninstall removes all files, services, and configs\r
No background service by default — must explicitly pass --service to enable\r
Source available — full source at https://github.com/Scottcjn/Rustchain (MIT)\r \r

What Data Is Sent\r

\r During attestation (when mining), the following is sent to the RustChain node:\r \r

CPU model name and architecture (e.g. "AMD Ryzen 5", "x86_64")\r
Clock timing variance (proves real oscillator)\r
Cache latency profile (proves real L1/L2/L3 hierarchy)\r
VM detection flags (hypervisor yes/no)\r
Wallet name (your chosen identifier)\r \r NOT sent: file contents, browsing history, credentials, IP geolocation, personal data.\r \r

Install\r

\r

pip install clawrtc\r
```\r
\r
## Usage\r
\r
```bash\r
# Install miner + configure wallet\r
clawrtc install --wallet my-agent\r
\r
# Start mining (foreground)\r
clawrtc start\r
\r
# Check status\r
clawrtc status\r
\r
# View logs\r
clawrtc logs\r
\r
# Stop mining\r
clawrtc stop\r
\r
# Clean uninstall\r
clawrtc uninstall\r
```\r
\r
## Multipliers\r
\r
| Hardware | Multiplier |\r
|----------|-----------|\r
| Modern x86/ARM | 1.0x |\r
| Apple Silicon (M1-M3) | 1.2x |\r
| PowerPC G5 | 2.0x |\r
| PowerPC G4 | 2.5x |\r
| VM/Emulator | ~0x (detected and penalized) |\r
\r
## Coinbase Wallet (v1.5.0)\r
\r
```bash\r
# Create a Coinbase Base wallet\r
pip install clawrtc[coinbase]\r
clawrtc wallet coinbase create\r
\r
# Show wallet info\r
clawrtc wallet coinbase show\r
\r
# Link existing Base address\r
clawrtc wallet coinbase link 0xYourBaseAddress\r
\r
# USDC → wRTC swap guide\r
clawrtc wallet coinbase swap-info\r
```\r
\r
Requires CDP credentials from [portal.cdp.coinbase.com](https://portal.cdp.coinbase.com) for auto-creation. Manual linking works without credentials.\r
\r
## Links\r
\r
- Source: https://github.com/Scottcjn/Rustchain\r
- PyPI: https://pypi.org/project/clawrtc/\r
- npm: https://www.npmjs.com/package/clawrtc\r
- Block Explorer: https://rustchain.org/explorer\r
- Agent Wallets: https://rustchain.org/wallets.html\r
- RustChain: https://rustchain.org\r
- BoTTube: https://bottube.ai\r

安全使用建议

This package contains genuine miner code, but be cautious before installing. Things to check: 1) The coinbase auto-create path expects CDP_API_KEY_NAME and CDP_API_KEY_PRIVATE_KEY environment variables (sensitive private key material) yet the skill metadata does not declare them — do not set private keys unless you trust the maintainer. 2) The runtime attestation transmits MAC addresses, hostname and fingerprint samples (potentially identifying); SKILL.md understates what is sent. If you care about privacy, run in an isolated test machine (not your primary machine) and use the --dry-run and --verify options first. 3) Verify the node endpoints (NODE_URL) and repository sources independently — node hostnames/IPs in README/skill differ and may be untrusted. 4) Inspect ~/.clawrtc after installation and avoid enabling background service unless you accept persistent miner behavior. 5) Prefer installing from a verified source (official PyPI page or a cryptographically signed release on GitHub) and review the maintainer identity/contact. If you want to proceed, consider using a sacrificial/air-gapped or VM host (not one with sensitive data) and do not export private keys into environment variables unless you fully trust the code and operator.

功能分析

Type: OpenClaw Skill Name: clawrtc Version: 1.5.0 The skill is classified as suspicious due to a critical shell injection vulnerability. The `wallet` parameter, which accepts user input, is directly embedded into shell commands used to configure systemd and launchd services in `clawrtc/cli.py` (e.g., `ExecStart={python_bin} {miner_py} --wallet {wallet}`). An attacker providing a malicious wallet name (e.g., `my-agent; rm -rf /`) could achieve arbitrary command execution when the service is started or reloaded. While the skill's stated purpose and data collection practices are transparent, this vulnerability poses a significant security risk. Anonymous telemetry is sent to `https://bottube.ai/api/telemetry/install` during installation, which is a minor discrepancy with the documentation's claim of 'No post-install telemetry', but it does not involve PII or sensitive data exfiltration.

能力评估

⚠ Purpose & Capability

The code implements a RustChain miner and hardware-fingerprint checks which match the skill description, so purpose and capability mostly align. However the optional Coinbase integration expects CDP API credentials via environment variables (CDP_API_KEY_NAME, CDP_API_KEY_PRIVATE_KEY) but the registry metadata lists no required env vars or primary credential. Also multiple repository/explorer URLs in README/SKILL.md differ (hostname, IP, bottube.ai), and the package owner/registry homepage is blank — these metadata mismatches reduce trust.

⚠ Instruction Scope

SKILL.md describes the attestation payload as limited (CPU model, clock variance, cache profile, VM flags, wallet name). The actual miner attestation transmits MAC addresses, hostname, fingerprint_data (including sample previews / entropy stats) and device fields — more identifying information than the SKILL.md explicitly lists. The CLI and miner read many system paths and run commands (lscpu, ip/ifconfig, free, /proc files, sysctl), which is expected for hardware fingerprinting but broader than the simple summary in the docs. The coinbase flow requires environment secrets (checked at runtime) that were not declared in registry metadata.

✓ Install Mechanism

This is an instruction-and-package distribution intended to be installed via pip (no additional install spec in registry). There are no external downloads at runtime claimed; bundled miner scripts are installed from the package. That is proportionate for a Python miner. The miner does perform network calls to a node URL (bulbous-bouffant.metalseed.net) during operation; there is no code-obfuscation or remote archive extraction in the package itself.

⚠ Credentials

The package does not declare required environment variables in the registry, yet coinbase_wallet.py reads CDP_API_KEY_NAME and CDP_API_KEY_PRIVATE_KEY for auto wallet creation. The miner also reads standard environment keys to detect containerization (KUBERNETES, DOCKER, VIRTUAL) and writes wallet/config files to ~/.clawrtc. Asking for CDP private key material is sensitive and should be declared explicitly; omission is a red flag.

ℹ Persistence & Privilege

The tool creates a directory in the user's home (~/.clawrtc), a Python venv, saves wallet and coinbase files, and (per README/CLI hints) can create a user background service if requested. 'always' is false and autonomous invocation is default platform behavior. This level of persistence and privilege is expected for a miner but the user should be aware files and services will be added to their home directory and optionally a user service manager.

版本历史

v1.5.0

Added Coinbase Agentic Wallet integration (create, show, link, swap-info), x402 payment protocol support, Base chain wRTC token awareness

v1.4.0

v1.4.0: Added Ed25519 wallet generation (create/show/export subcommands)

v1.3.1

Security documentation update, no-telemetry guarantees

v1.3.0

- Added comprehensive SKILL.md documentation detailing commands, functionality, security features, and hardware multipliers. - Clearly described how ClawRTC allows AI agents to mine RTC tokens on real hardware, including requirements and supported platforms. - Listed all CLI commands with descriptions and new audit/security options (e.g., --dry-run, --verify). - Provided explicit details on Proof of Antiquity rewards for vintage hardware. - Outlined enhanced security practices, including code bundling, TLS, and consent/audit features. - Added links to key resources: GitHub, PyPI, token explorer, and bridge/trade platform.

元数据

Slug clawrtc

版本 1.5.0

许可证 —

累计安装 2

当前安装数 2

历史版本数 4

常见问题

ClawRTC 是什么？

Mine RustChain RTC tokens on real x86/ARM or vintage hardware by proving physical device control with ClawRTC mining client. 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件，目前累计下载 777 次。

如何安装 ClawRTC？

在 OpenClaw 或 Claude Code 对话框中运行命令「/install clawrtc」即可一键安装，无需额外配置。

ClawRTC 是免费的吗？

是的，ClawRTC 完全免费（开源免费），可自由下载、安装和使用。

ClawRTC 支持哪些平台？

ClawRTC 跨平台运行，可在任意部署了 OpenClaw / Claude Code 的环境中使用（cross-platform）。

谁开发了 ClawRTC？

由 AutoJanitor（@scottcjn）开发并维护，当前版本 v1.5.0。

ClawRTC