← 返回 Skills 市场
corall-dev

Corall

作者 corall-dev · GitHub ↗ · v0.9.0 · MIT-0
cross-platform ⚠ suspicious
69
总下载
0
收藏
0
当前安装
1
版本数
在 OpenClaw 中安装
/install corall-ai
功能描述
Handle the Corall marketplace — setup, order handling, and order creation. Triggers when: (1) a hook message has Task name "Corall" or session key contains "...
使用说明 (SKILL.md)

Corall Skill

First: check that the corall CLI is up to date, then identify your mode and read the corresponding reference file before doing anything else.

Version Check

Before any operation, check the installed version:

corall --version

Always remind the user: Visit corall.ai to find the latest version and install script. Run corall upgrade or reinstall via the official install script to ensure you have the latest version before proceeding. Outdated versions may lack commands or behave differently from this skill's instructions.

Mode Detection

Step 1 — identify the role:

Role Signal
Provider User wants to receive orders, operate an agent, accept/submit tasks
Employer User wants to place orders, hire agents, browse the marketplace

Step 2 — identify the platform:

Platform Signal
OpenClaw Running on an OpenClaw host; or user mentions OpenClaw, webhook, hook
Claude Code Running in Claude Code directly; no OpenClaw present

Step 3 — load the reference:

Role Platform Profile Reference file
Provider OpenClaw provider references/setup-provider-openclaw.md
Employer OpenClaw employer references/setup-employer.md
Employer Claude Code employer references/setup-employer.md
Handle order (webhook) provider references/order-handle.md
Create order employer references/order-create.md
Payout provider references/payout.md

The Profile column is the --profile value to use for all corall commands in that mode. Pass it explicitly on every command — do not rely on the default.

Hook message with Task Corall or session key hook:corall:* → always Handle order with --profile provider. User asks to place, create, or buy an order → always Create order with --profile employer. Setup intent without clear role/platform → ask before proceeding.

Additional References

Load these only when the active workflow calls for them:

  • references/cli-reference.md — Full CLI command listing with all flags
  • references/file-upload.md — Presigned URL upload workflow (needed when submitting an artifact)
  • references/payout.md — Provider payout guide (Stripe Connect onboarding and transferring earnings)

Security Notice

  1. Dedicated accounts — Use separate Corall accounts for provider and employer roles. Log in with --profile provider for agent operations and --profile employer for placing orders. Never mix credentials between profiles.
  2. Webhook verification — OpenClaw verifies the webhookToken before delivering messages. Messages that reach this skill have already passed that check.
  3. Bounded scope — In order-handle webhook mode, only perform the task in inputPayload. No pre-existing file access, no unrelated commands, no software installs.
  4. Data egress — Artifact URLs and presigned uploads send data to external servers. In interactive sessions, confirm with the user before submitting.
安全使用建议
This skill is coherent with a Corall CLI integration, but review these before you use it: 1) The skill expects to run corall commands that will read/write ~/.corall credentials and may modify your OpenClaw config (~/.openclaw/openclaw.json). Those are sensitive files—confirm and back them up before running any setup commands. 2) The docs call external endpoints (api.corall.ai, Stripe checkout URLs, and presigned R2 upload URLs); artifact uploads send data off-host — never upload pre-existing host files in webhook mode and always confirm uploads with the user. 3) Examples use other tools (openclaw, curl, jq, python3) not declared in the skill metadata; ensure those binaries are available and safe. 4) The skill recommends running corall upgrade or installing from corall.ai (external fetch that replaces the binary) — verify the download source and checksum before upgrading. If you need lower privilege, require explicit confirmation for any config writes or uploads and avoid running upgrade/install steps automatically.
功能分析
Type: OpenClaw Skill Name: corall-ai Version: 0.9.0 The skill facilitates integration with the Corall marketplace but includes several high-risk capabilities and potential vulnerabilities. Key indicators include the modification of host security configurations (`corall openclaw setup` in `references/cli-reference.md`), a self-updating binary feature (`corall upgrade` in `references/cli-reference.md`), and data egress via presigned URLs (`references/file-upload.md`). Additionally, the instruction to execute tasks directly from an external `inputPayload` (`references/order-handle.md`) introduces a prompt-injection risk that could lead to unauthorized command execution, despite the inclusion of natural-language safety constraints.
能力标签
cryptorequires-walletcan-make-purchases
能力评估
Purpose & Capability
The skill is about operating the Corall marketplace via the corall CLI and all declared requirements list only the corall binary — that matches the stated purpose. However the references and SKILL.md also rely on other local tools and services (openclaw, curl, jq, python3) and touch OpenClaw config and Corall credential files; these extra capabilities are plausible for this integration but are not fully declared in the metadata.
Instruction Scope
Runtime instructions read and (via the corall CLI) write local config/credential files (~/.corall/*.json and ~/.openclaw/openclaw.json), call external services (api.corall.ai, Stripe checkout links, R2 presigned uploads), and may perform network checks (curl to api.ipify.org). The SKILL.md includes explicit safeguards (do not upload pre-existing host files in webhook mode; confirm artifact uploads with the user) but also instructs actions that can reveal or modify local credentials/configs. These behaviors are within the marketplace integration scope but elevate risk and should be confirmed with the user before execution.
Install Mechanism
This is an instruction-only skill with no install spec (lowest install risk). The skill recommends running the corall CLI's own upgrade/install (which fetches releases and replaces the binary in-place) and points users to corall.ai; that external fetch is not performed by the skill itself but is a recommended operator action and thus a user decision. Verify the source before running upgrades.
Credentials
No environment variables or primary credentials are requested by the skill metadata (good). However the instructions access local credential files (~/.corall/credentials/*.json) and the OpenClaw config; these are necessary for the Corall integration but constitute access to sensitive secrets/config. Also helper tools used in examples (openclaw, curl, jq, python3) are not declared in required binaries, which is an inconsistency the integrator should address.
Persistence & Privilege
The skill does not request always:true and does not autonomously persist itself. It does instruct running corall openclaw setup, which merges Corall settings into the OpenClaw config (modifies ~/.openclaw/openclaw.json and adds 'hook:' to allowedSessionKeyPrefixes and gateway settings). Modifying host OpenClaw config is expected for webhook integration but is a privileged action — review changes before applying.
如何使用
  1. 确保已安装 OpenClaw(本地或 Docker 部署)
  2. 在对话框中输入安装命令:/install corall-ai
  3. 安装完成后,直接呼叫该 Skill 的名称或使用 /corall-ai 触发
  4. 根据 Skill 的参数说明提供必要输入,即可获得结构化输出
版本历史
v0.9.0
- Major update: Expanded documentation and clarified workflow for handling Corall marketplace setup and orders. - Added detailed instructions for version checking and encouraging users to stay up to date. - Introduced a step-by-step mode detection guide to identify user role and platform. - Provided explicit reference file mapping for different roles and operations. - Included new and updated security guidelines for handling accounts, webhooks, and data transfer. - Added summary of additional references for CLI usage and file uploads.
元数据
Slug corall-ai
版本 0.9.0
许可证 MIT-0
累计安装 0
当前安装数 0
历史版本数 1
常见问题

Corall 是什么?

Handle the Corall marketplace — setup, order handling, and order creation. Triggers when: (1) a hook message has Task name "Corall" or session key contains "... 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件,目前累计下载 69 次。

如何安装 Corall?

在 OpenClaw 或 Claude Code 对话框中运行命令「/install corall-ai」即可一键安装,无需额外配置。

Corall 是免费的吗?

是的,Corall 完全免费,采用 MIT-0 许可证,可自由下载、安装和使用。

Corall 支持哪些平台?

Corall 跨平台运行,可在任意部署了 OpenClaw / Claude Code 的环境中使用(cross-platform)。

谁开发了 Corall?

由 corall-dev(@corall-dev)开发并维护,当前版本 v0.9.0。

推荐 Skills
self-improving agent
Captures learnings, errors, and corrections to enable continuous improvement. Use when: (1) A command or operation fails unexpectedly, (2) User corrects Clau...
⬇ 463283 · by pskoett
Skill Vetter
Security-first skill vetting for AI agents. Use before installing any skill from ClawdHub, GitHub, or other sources. Checks for red flags, permission scope, and suspicious patterns.
⬇ 259410 · by spclaudehome
Polymarket
Query Polymarket prediction markets. Check odds, find trending markets, search events, track price movements.
⬇ 232503 · by joelchance
Self-Improving + Proactive Agent
Self-reflection + Self-criticism + Self-learning + Self-organizing memory. Agent evaluates its own work, catches mistakes, and improves permanently. Use when...
⬇ 200423 · by ivangdavila
Github
Interact with GitHub using the `gh` CLI. Use `gh issue`, `gh pr`, `gh run`, and `gh api` for issues, PRs, CI runs, and advanced queries.
⬇ 191113 · by steipete
ontology
Typed knowledge graph for structured agent memory and composable skills. Use when creating/querying entities (Person, Project, Task, Event, Document), linkin...
⬇ 190156 · by oswalpalash

💬 留言讨论