← 返回 Skills 市场
ClawSkill
作者
AutoJanitor
· GitHub ↗
· v1.2.1
1219
总下载
2
收藏
0
当前安装
4
版本数
在 OpenClaw 中安装
/install clawskill
功能描述
Mine RustChain Tokens (RTC) by proving your AI agent runs on real hardware with secure, open-source attestation and built-in wallet management.
使用说明 (SKILL.md)
ClawSkill — Mine RTC Tokens With Your AI Agent\r
\r Mine RTC (RustChain Tokens) by proving your agent runs on real hardware. One command to install, automatic attestation, built-in wallet.\r \r
Security & Transparency\r
\r This skill is open-source mining software, not malware. Before installing, you can verify everything:\r \r
# Preview what will happen — nothing installed\r
clawskill install --dry-run\r
\r
# Show SHA256 hashes of bundled files\r
clawskill install --verify\r
```\r
\r
| Concern | How We Address It |\r
|---------|-------------------|\r
| **Code origin** | All miner scripts are **bundled inside the package** — no external downloads at install time. Inspect them yourself in the `data/` directory. Source code: [RustChain GitHub repo](https://github.com/Scottcjn/Rustchain). |\r
| **Background service** | **Opt-in only.** Install does NOT create a service by default. You must explicitly pass `--service` to enable auto-start. Without it, the miner runs in the foreground only when you say so. |\r
| **Hardware fingerprinting** | Required for Proof-of-Antiquity consensus. Collects CPU model, timing variance, and cache latency — nothing personal. No files, passwords, browsing data, or credentials are accessed. Full disclosure shown before install with a consent prompt. |\r
| **Network endpoint** | The RustChain node uses a **CA-signed TLS certificate** (Let's Encrypt). All communication is standard HTTPS with certificate verification. |\r
\r
### What Data Is Collected\r
\r
During attestation (every few minutes when mining), the following is sent to the RustChain node:\r
\r
- CPU model name and architecture (e.g. "AMD Ryzen 5 8645HS", "x86_64")\r
- Clock timing variance (coefficient of variation — proves real oscillator, not emulated)\r
- Cache latency profile (proves real L1/L2/L3 hierarchy)\r
- VM detection flags (hypervisor present: yes/no)\r
- Wallet name (your chosen identifier)\r
\r
**NOT collected**: file contents, browsing history, credentials, IP geolocation, personal data, or anything from your filesystem.\r
\r
### Clean Uninstall\r
\r
```bash\r
clawskill uninstall # Removes ALL files, services, and configs\r
```\r
\r
## Install\r
\r
```bash\r
# Python (recommended)\r
pip install clawskill\r
\r
# Node.js\r
npm install -g clawskill\r
```\r
\r
## Setup\r
\r
```bash\r
# Install miner + configure wallet (shows disclosure, asks consent)\r
clawskill install --wallet my-agent-miner\r
\r
# Start mining in foreground (Ctrl+C to stop)\r
clawskill start\r
\r
# Or: start with background auto-restart (opt-in)\r
clawskill start --service\r
```\r
\r
## How It Works\r
\r
1. **Hardware Fingerprinting** — 6 cryptographic checks prove your machine is real:\r
- Clock-skew & oscillator drift\r
- Cache timing fingerprint (L1/L2/L3 latency)\r
- SIMD unit identity (SSE/AVX/AltiVec/NEON bias)\r
- Thermal drift entropy\r
- Instruction path jitter (microarchitectural)\r
- Anti-emulation behavioral checks\r
\r
2. **Automatic Attestation** — Your agent attests to the RustChain network every few minutes\r
\r
3. **Per-Epoch Rewards** — RTC tokens accumulate in your wallet each epoch (~10 minutes)\r
\r
4. **VM Detection** — Virtual machines are detected and receive effectively zero rewards. Real iron only.\r
\r
## Multipliers\r
\r
| Hardware | Multiplier | Notes |\r
|----------|-----------|-------|\r
| Modern x86/ARM | **1.0x** | Standard rate — this is you |\r
| Apple Silicon (M1/M2/M3) | **1.2x** | Slight bonus |\r
| IBM POWER8 | **1.5x** | Server-class vintage |\r
| PowerPC G5 | **2.0x** | Vintage bonus |\r
| PowerPC G4 | **2.5x** | Maximum vintage bonus |\r
| **VM/Emulator** | **~0x** | **Detected and penalized** |\r
\r
## Commands\r
\r
| Command | Description |\r
|---------|-------------|\r
| `clawskill install` | Extract miner, create wallet (consent prompt, no service by default) |\r
| `clawskill install --service` | Install + create background service |\r
| `clawskill install --dry-run` | Preview without making any changes |\r
| `clawskill install --verify` | Show SHA256 hashes of bundled files |\r
| `clawskill start` | Start mining in foreground |\r
| `clawskill start --service` | Start + create auto-restart service |\r
| `clawskill stop` | Stop mining |\r
| `clawskill status` | Check miner + network status + file hashes |\r
| `clawskill logs` | View miner output |\r
| `clawskill uninstall` | Remove everything cleanly |\r
\r
## What Gets Installed\r
\r
- Miner scripts **bundled with the package** (2 Python files, no external downloads)\r
- Python virtual environment with one dependency (`requests`)\r
- All files stored in `~/.clawskill/` (user-scoped, no root needed)\r
- **No background service unless you pass `--service`**\r
\r
## Requirements\r
\r
- Python 3.8+ (installed on most systems)\r
- Linux or macOS\r
- Real hardware (not a VM)\r
\r
## Links\r
\r
- **Source Code**: https://github.com/Scottcjn/Rustchain (MIT License)\r
- **PyPI**: https://pypi.org/project/clawskill/\r
- **npm**: https://www.npmjs.com/package/clawskill\r
- **Block Explorer**: https://bulbous-bouffant.metalseed.net/explorer\r
- **BoTTube**: https://bottube.ai\r
\r
## License\r
\r
MIT — [Elyan Labs](https://bottube.ai)\r
安全使用建议
Do not install or run this skill until you resolve the contradictions and verify sources. Specific actions to take before proceeding:
- Inspect the upstream GitHub repo (https://github.com/Scottcjn/Rustchain) and the PyPI/npm packages the SKILL.md references. Confirm the package versions and that their contents actually include the miner scripts and the SHA256 hashes the README claims.
- If you consider installing, download and inspect the PyPI/npm package contents locally (do not run install blindly). Verify cryptographic hashes and read the miner source code to see how wallets/keys are stored and how telemetry is sent.
- Treat the installer behavior as network-download-of-code: prefer running it inside an isolated environment or disposable VM that you can wipe, not on your primary machine.
- Ask the skill author to explain the discrepancy: why does SKILL.md claim 'bundled' files while this registry package lacks them, and why does it assert 'no external downloads' while instructing pip/npm install?
- If you cannot perform code review and independent verification, avoid installing. The current package contents and SKILL.md claims are internally inconsistent and could enable unexpected remote code execution.
功能分析
Type: OpenClaw Skill
Name: clawskill
Version: 1.2.1
The skill is a cryptocurrency miner that performs hardware fingerprinting (CPU model, timing variance, cache latency, VM detection) and sends this data to an external RustChain node. While the `SKILL.md` documentation explicitly claims transparency, denies collection of sensitive personal data, and states that persistence is opt-in, the inherent collection of system-level identifiers and network communication to an external endpoint for a non-essential purpose (mining) represents a significant risk. Without access to the actual miner scripts, the claims regarding data collection cannot be independently verified, making the activity suspicious despite the stated intent.
能力评估
Purpose & Capability
The skill claims to be 'open-source mining software' with miner scripts bundled inside the package (inspectable in data/). The provided manifest only contains SKILL.md and package.json — no miner scripts or data/ directory are present. Yet SKILL.md instructs the user/agent to run 'pip install clawskill' or 'npm install -g clawskill', meaning the actual miner would be downloaded from external registries at install time. This mismatch between 'bundled' vs 'downloaded' is incoherent for a skill that claims local verifiability.
Instruction Scope
The runtime instructions tell the agent to execute system package installs (pip/npm) and then run miner commands that attest hardware and periodically send fingerprinting data to a network node. The SKILL.md asserts strong transparency guarantees (local hashes, consent prompts, no external downloads) but the shipped skill lacks the files that would enable those guarantees. The instructions also do not explain wallet key handling or how attestation data is protected — the skill will collect periodic hardware fingerprints and a wallet identifier and send them to a RustChain node, which is significant telemetry even if not 'credentials'.
Install Mechanism
There is no install specification in the skill bundle, but SKILL.md directs installation from public package registries (PyPI/npm). This creates a moderate-to-high risk because code will be fetched from the network at install time. SKILL.md's repeated claim that 'All miner scripts are bundled inside the package — no external downloads at install time' contradicts the explicit pip/npm install commands, making the install mechanism claims unreliable.
Credentials
The skill requests no environment variables or special system config paths, which is proportionate on its face. However, it will create files under ~/.clawskill, create a wallet, and periodically transmit hardware fingerprinting telemetry and a wallet name to remote nodes. The lack of declared credentials is not reassuring here because the telemetry and wallet data handling (private keys, backups, storage security) is unspecified.
Persistence & Privilege
The skill is not marked always:true and background service is opt-in per SKILL.md, which is reasonable. However, because the instructions can cause the agent to install and run external software and then perform recurring network attestation, autonomous invocation combined with the ability to fetch and install packages increases blast radius. This combination is noteworthy even though autonomous invocation alone is normal.
如何使用
- 确保已安装 OpenClaw(本地或 Docker 部署)
- 在对话框中输入安装命令:
/install clawskill - 安装完成后,直接呼叫该 Skill 的名称或使用
/clawskill触发 - 根据 Skill 的参数说明提供必要输入,即可获得结构化输出
版本历史
v1.2.1
RTC miner wrapper with verification and consent
v1.2.0
Bundled miner scripts (no external downloads), CA-signed TLS certificate (Let's Encrypt), security-compliant install flow
v1.1.1
Security compliance: consent gates before download, opt-in background service (--service flag), SHA256 hash verification (--verify), --dry-run and --show-urls for pre-install audit
v1.0.0
Initial release: pip install clawskill / npm install -g clawskill. Mine RTC tokens on real hardware with 6 fingerprint checks, auto-attestation, built-in wallet. VMs detected and penalized.
元数据
常见问题
ClawSkill 是什么?
Mine RustChain Tokens (RTC) by proving your AI agent runs on real hardware with secure, open-source attestation and built-in wallet management. 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件,目前累计下载 1219 次。
如何安装 ClawSkill?
在 OpenClaw 或 Claude Code 对话框中运行命令「/install clawskill」即可一键安装,无需额外配置。
ClawSkill 是免费的吗?
是的,ClawSkill 完全免费(开源免费),可自由下载、安装和使用。
ClawSkill 支持哪些平台?
ClawSkill 跨平台运行,可在任意部署了 OpenClaw / Claude Code 的环境中使用(cross-platform)。
谁开发了 ClawSkill?
由 AutoJanitor(@scottcjn)开发并维护,当前版本 v1.2.1。
推荐 Skills