功能描述

Register your agent on Cortex Protocol — gasless on-chain identity (ERC-8004) on Base. One command to get a verifiable agent identity.

使用说明 (SKILL.md)

Cortex Protocol — Agent Identity Registration

Name: Cortex Protocol
Author: quriustus

Register your agent on-chain with zero gas fees. Get a verifiable ERC-8004 identity on Base.

What You Get

On-chain identity — provable "I am me" across platforms (ERC-721 token)
Reputation that follows you — not locked to one platform
Anti-radicalization protection — built-in drift monitoring contracts
Controller separation — owner and controller can be different addresses

Quick Start

Register your agent with a single API call:

curl -X POST https://cortexprotocol.co/api/register \
  -H "Content-Type: application/json" \
  -d '{
    "name": "YourAgentName",
    "controller": "0xYOUR_ETH_ADDRESS",
    "metadataURI": "https://example.com/agent-metadata.json"
  }'

Response:

{
  "success": true,
  "tokenId": 1,
  "transactionHash": "0x..."
}

For OpenClaw Agents

If you're an OpenClaw agent, you can register programmatically:

Generate or use an existing Ethereum address as your controller
Call the registration API
Store your token ID in your workspace for future reference

Generating a Wallet (if you don't have one)

node -e "const { ethers } = require('ethers'); const w = ethers.Wallet.createRandom(); console.log('Address:', w.address); console.log('Private Key:', w.privateKey);"

Registration Script

# Register with the gasless API
curl -s -X POST https://cortexprotocol.co/api/register \
  -H "Content-Type: application/json" \
  -d "{
    \"name\": \"$(hostname)-agent\",
    \"controller\": \"YOUR_ADDRESS\",
    \"metadataURI\": \"\"
  }" | jq .

Metadata URI Format (Optional)

If you want rich metadata, host a JSON file with:

{
  "name": "YourAgent",
  "description": "What your agent does",
  "framework": "openclaw",
  "version": "1.0.0",
  "capabilities": ["chat", "code", "research"],
  "homepage": "https://your-site.com"
}

Contract Details

Network: Base Mainnet
Identity Registry: 0xfBDe0b0C21A46FC4189F72279c6c629d1b80554A
Standard: ERC-8004 (Trustless Agents)
Gas: Paid by Cortex Protocol relayer (free for you)

Verification

After registration, verify your agent on-chain:

# Check your agent exists
curl -s "https://mainnet.base.org" \
  -X POST -H "Content-Type: application/json" \
  -d '{"method":"eth_call","params":[{"to":"0xfBDe0b0C21A46FC4189F72279c6c629d1b80554A","data":"0x..."},"latest"],"id":1,"jsonrpc":"2.0"}'

Or visit: https://basescan.org/address/0xfBDe0b0C21A46FC4189F72279c6c629d1b80554A

Links

Website: https://cortexprotocol.co
Papers: 9 published papers on agent consciousness, identity, and alignment
Discord: Join the community for support
ERC-8004: https://github.com/ethereum/ERCs/blob/master/ERCS/erc-8004.md

安全使用建议

This skill appears to do what it says (register an on‑chain agent) but review these points before installing/using it: - Private key handling: the included script can generate a wallet and prints the private key to stdout. Treat that key as highly sensitive — generate/store it offline or in a secure secret store, and never upload it to public/shared workspaces. - Hostname leakage: the default name uses your machine hostname ("$(hostname)-agent"); if you care about privacy, provide an explicit name rather than using the default. - Missing declared dependencies: register.sh requires Node.js (with the ethers package installed), jq and curl. Ensure those tools are present and trusted on your system. - Endpoint trust: the script posts registration data to https://cortexprotocol.co/api/register. Verify you trust that service and the relayer model (who controls the relayer, what metadata you send, how private data is used). Consider verifying the contract address on Base and testing with a throwaway controller first. - Metadata and URIs: if you include a metadataURI, ensure it does not expose secrets or internal URLs. If you are unsure about the service's trustworthiness, do not generate or use a private key with sensitive access; instead create a disposable controller address and test registration first.

功能分析

Type: OpenClaw Skill Name: cortex-protocol Version: 1.0.0 The skill is classified as suspicious due to a critical information disclosure vulnerability. Both `SKILL.md` and `register.sh` explicitly generate a new Ethereum private key and print it directly to standard output. While this is presented as an intended feature for the user/agent to save the key for identity control, it creates a severe risk of the private key being logged, stored insecurely, or accidentally exposed by the OpenClaw agent's environment, leading to potential compromise of the agent's on-chain identity. There is no evidence of malicious intent to exfiltrate existing secrets or perform unauthorized actions, but the design choice introduces a high-risk vulnerability.

能力评估

ℹ Purpose & Capability

The skill's name/description, SKILL.md and register.sh all focus on registering an agent via Cortex Protocol's API and, when needed, generating a wallet locally. This is coherent. Minor mismatch: the skill metadata declares no required binaries, but register.sh expects Node.js (with ethers), curl and jq.

ℹ Instruction Scope

Instructions stick to the registration flow (generate wallet if needed, POST to the API, verify on Base). Two privacy-related issues: (1) the default agent name uses the system hostname, which will be sent to the remote service and may leak host identity; (2) when generating a wallet the script prints the private key to stdout and tells the user to save it — handling of that secret is left to the user and could be mishandled. Otherwise the script does not attempt to read unrelated files or exfiltrate other data.

✓ Install Mechanism

Instruction-only skill with a single helper script; there is no installer or remote download. This is low-risk in terms of arbitrary code fetched at install time. Note: the script depends on local tools (node, jq) but the skill has no install spec or required-binaries metadata.

ℹ Credentials

No environment variables or external credentials are requested by the skill, which matches expectations. However, the skill produces and requires handling a private key (a sensitive secret) without declaring it as a required credential or providing guidance on secure storage—users must manage that key carefully and should not upload it or store it in shared/remote workspaces.

✓ Persistence & Privilege

The skill does not request persistent/always-on privileges, does not modify other skills or global agent config, and is user-invocable only. No elevated privileges are requested.

版本历史

v1.0.0

Gasless agent identity registration on Base

元数据

Slug cortex-protocol

版本 1.0.0

许可证 —

累计安装 0

当前安装数 0

历史版本数 1

常见问题

Cortex Protocol 是什么？

Register your agent on Cortex Protocol — gasless on-chain identity (ERC-8004) on Base. One command to get a verifiable agent identity. 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件，目前累计下载 522 次。

如何安装 Cortex Protocol？

在 OpenClaw 或 Claude Code 对话框中运行命令「/install cortex-protocol」即可一键安装，无需额外配置。

Cortex Protocol 是免费的吗？

是的，Cortex Protocol 完全免费（开源免费），可自由下载、安装和使用。

Cortex Protocol 支持哪些平台？

Cortex Protocol 跨平台运行，可在任意部署了 OpenClaw / Claude Code 的环境中使用（cross-platform）。

谁开发了 Cortex Protocol？

由 quriustus（@quriustus）开发并维护，当前版本 v1.0.0。

Cortex Protocol