← 返回 Skills 市场
jameslawton

pol-agents-sdk-demo

作者 JamesLawton · GitHub ↗ · v0.1.4
cross-platform ⚠ suspicious
670
总下载
0
收藏
0
当前安装
5
版本数
在 OpenClaw 中安装
/install demo-agents-sdk
功能描述
Complete Polygon agent toolkit. Session-based smart contract wallets (Sequence), token ops (send/swap/bridge/deposit via Trails), ERC-8004 on-chain identity...
使用说明 (SKILL.md)

Polygon Agent Kit

Prerequisites

  • Node.js 20+
  • Install globally: npm install -g github:0xPolygon/polygon-agent-kit
  • Entry point: polygon-agent \x3Ccommand>
  • Storage: ~/.polygon-agent/ (AES-256-GCM encrypted)

Architecture

Wallet Created by Purpose Fund?
EOA setup Auth with Sequence Builder NO
Ecosystem Wallet wallet create Primary spending wallet YES

Environment Variables

Required

Variable When
SEQUENCE_PROJECT_ACCESS_KEY Wallet creation, swaps
SEQUENCE_INDEXER_ACCESS_KEY Balance checks

Optional

Variable Default
SEQUENCE_ECOSYSTEM_CONNECTOR_URL https://agentconnect.staging.polygon.technology/
SEQUENCE_DAPP_ORIGIN Same as connector URL origin
TRAILS_API_KEY Falls back to SEQUENCE_PROJECT_ACCESS_KEY
TRAILS_TOKEN_MAP_JSON Token-directory lookup
POLYGON_AGENT_DEBUG_FETCH Off — logs HTTP to ~/.polygon-agent/fetch-debug.log
POLYGON_AGENT_DEBUG_FEE Off — dumps fee options to stderr

Complete Setup Flow

# Phase 1: Setup (creates EOA + Sequence project, returns access key)
node cli/polygon-agent.mjs setup --name "MyAgent"
# → save privateKey (not shown again), eoaAddress, accessKey

# Phase 2: Create ecosystem wallet (auto-waits for browser approval)
export SEQUENCE_PROJECT_ACCESS_KEY=\x3CaccessKey>
node cli/polygon-agent.mjs wallet create --usdc-limit 100 --native-limit 5

# Phase 3: Fund wallet
node cli/polygon-agent.mjs fund
# → opens Trails widget URL, fund via swap/bridge

# Phase 4: Verify
export SEQUENCE_INDEXER_ACCESS_KEY=\x3CindexerKey>
node cli/polygon-agent.mjs balances

# Phase 5: Register agent on-chain (ERC-8004, Polygon mainnet)
node cli/polygon-agent.mjs agent register --name "MyAgent" --broadcast
# → mints ERC-721 NFT, emits agentId in Registered event
# → use agentId for reputation queries and feedback

Commands Reference

Setup

polygon-agent setup --name \x3Cname> [--force]

Wallet

polygon-agent wallet create [--name \x3Cn>] [--chain polygon] [--timeout \x3Csec>] [--no-wait]
  [--native-limit \x3Camt>] [--usdc-limit \x3Camt>] [--usdt-limit \x3Camt>]
  [--token-limit \x3CSYM:amt>]  # repeatable
  [--usdc-to \x3Caddr> --usdc-amount \x3Camt>]  # one-off scoped transfer
  [--contract \x3Caddr>]  # whitelist contract (repeatable)
polygon-agent wallet import --ciphertext '\x3Cblob>|@\x3Cfile>' [--name \x3Cn>] [--rid \x3Crid>]
polygon-agent wallet list
polygon-agent wallet address [--name \x3Cn>]
polygon-agent wallet remove [--name \x3Cn>]

Operations

polygon-agent balances [--wallet \x3Cn>] [--chain \x3Cchain>]
polygon-agent send --to \x3Caddr> --amount \x3Cnum> [--symbol \x3CSYM>] [--broadcast]
polygon-agent send-native --to \x3Caddr> --amount \x3Cnum> [--broadcast] [--direct]
polygon-agent send-token --symbol \x3CSYM> --to \x3Caddr> --amount \x3Cnum> [--broadcast]
polygon-agent swap --from \x3CSYM> --to \x3CSYM> --amount \x3Cnum> [--to-chain \x3Cchain>] [--slippage \x3Cnum>] [--broadcast]
polygon-agent deposit --asset \x3CSYM> --amount \x3Cnum> [--protocol aave|morpho] [--broadcast]
polygon-agent fund [--wallet \x3Cn>] [--token \x3Caddr>]
polygon-agent x402-pay --url \x3Curl> --wallet \x3Cn> [--method GET] [--body \x3Cstr>] [--header Key:Value]

Agent (ERC-8004)

polygon-agent agent register --name \x3Cn> [--agent-uri \x3Curi>] [--metadata \x3Ck=v,k=v>] [--broadcast]
polygon-agent agent wallet --agent-id \x3Cid>
polygon-agent agent metadata --agent-id \x3Cid> --key \x3Ckey>
polygon-agent agent reputation --agent-id \x3Cid> [--tag1 \x3Ctag>]
polygon-agent agent reviews --agent-id \x3Cid>
polygon-agent agent feedback --agent-id \x3Cid> --value \x3Cscore> [--tag1 \x3Ct>] [--tag2 \x3Ct>] [--endpoint \x3Ce>] [--broadcast]

ERC-8004 contracts (Polygon mainnet):

  • IdentityRegistry: 0x8004A169FB4a3325136EB29fA0ceB6D2e539a432
  • ReputationRegistry: 0x8004BAa17C55a88189AE136b182e5fdA19dE9b63

Key Behaviors

  • Dry-run by default — all write commands require --broadcast to execute
  • Smart defaults--wallet main, --chain polygon, auto-wait on wallet create
  • Fee preference — auto-selects USDC over native POL when both available
  • deposit — picks highest-TVL pool via Trails getEarnPools. If session rejects, re-create wallet with --contract \x3CdepositAddress>
  • x402-pay — probes endpoint for 402, smart wallet funds builder EOA with exact token amount, EOA signs EIP-3009 payment. Chain auto-detected from 402 response
  • send-native --direct — bypasses ValueForwarder contract for direct EOA transfer
  • Session permissions — without --usdc-limit etc., session gets bare-bones defaults and may not transact

CRITICAL: Wallet Approval URL

When wallet create outputs a URL in the url or approvalUrl field, you MUST send the COMPLETE, UNTRUNCATED URL to the user. The URL contains cryptographic parameters (public key, callback token) that are required for session approval. If any part is cut off, the approval will fail.

  • Do NOT shorten, summarize, or add ... to the URL
  • Do NOT split the URL across multiple messages
  • Output the raw URL exactly as returned by the CLI

Callback Modes

The wallet create command automatically starts a local HTTP server and opens a Cloudflare Quick Tunnel (*.trycloudflare.com) — no account or token required. The cloudflared binary is auto-downloaded to ~/.polygon-agent/bin/cloudflared on first use if not already installed. The connector UI POSTs the encrypted session back through the tunnel regardless of where the agent is running. The tunnel and server are torn down automatically once the session is received.

Timing: The approvalUrl is only valid while the CLI process is running. Open it immediately and complete wallet approval within the timeout window (default 300s). Never reuse a URL from a previous run — the tunnel is torn down when the CLI exits.

Manual fallback (if cloudflared is unavailable): The CLI omits callbackUrl so the connector UI displays the encrypted blob in the browser. The CLI then prompts:

After approving in the browser, the encrypted blob will be shown.
Paste it below and press Enter:
> \x3Cpaste blob here>

The blob is also saved to /tmp/polygon-session-\x3Crid>.txt for reference. To import later:

polygon-agent wallet import --ciphertext @/tmp/polygon-session-\x3Crid>.txt

Troubleshooting

Issue Fix
Builder configured already Add --force
Missing SEQUENCE_PROJECT_ACCESS_KEY Run setup first
Missing wallet wallet list, re-run wallet create
Session expired Re-run wallet create (24h expiry)
Fee option errors Set POLYGON_AGENT_DEBUG_FEE=1, ensure wallet has funds
Timed out waiting for callback Add --timeout 600
callbackMode: manual (no tunnel) cloudflared unavailable — paste blob from browser when prompted; blob saved to /tmp/polygon-session-\x3Crid>.txt
404 on *.trycloudflare.com CLI timed out and tunnel is gone — re-run wallet create, open the new approvalUrl immediately
"Auto-send failed" in browser Copy the ciphertext shown below that message; run wallet import --ciphertext '\x3Cblob>'
Deposit session rejected Re-create wallet with --contract \x3CdepositAddress>

File Structure

~/.polygon-agent/
├── .encryption-key       # AES-256-GCM key (auto-generated, 0600)
├── builder.json          # EOA privateKey (encrypted), eoaAddress, accessKey, projectId
├── wallets/\x3Cname>.json   # walletAddress, session, chainId, chain
└── requests/\x3Crid>.json   # Pending wallet creation requests
安全使用建议
This skill is an instruction-only guide for a CLI that manages Polygon wallets and sessions; it appears internally consistent but exercises care is required before running the recommended commands. Things to consider before installing/using it: - The setup creates private keys and access keys (SEQUENCE_PROJECT_ACCESS_KEY). Treat those like secrets: do not paste them into chat or public logs, and back up private keys securely. - The default connector URL in the docs is a staging host (agentconnect.staging.polygon.technology). Confirm you want to use the staging connector or switch to a trusted production endpoint before creating sessions — sessions and approval callbacks are sent to that connector/UI. - The CLI will (per docs) auto-download the cloudflared binary into ~/.polygon-agent/bin/. If you run the CLI, verify the source and integrity of downloaded binaries (or install cloudflared yourself from Cloudflare before running) to reduce supply-chain risk. - The flow requires you to open an untruncated approval URL (it contains cryptographic parameters). Only open such links in a trusted browser and only when you initiated the flow; do not share approval URLs or session blobs with untrusted parties. - The SKILL.md points to a GitHub repo (0xPolygon/polygon-agent-kit). If you plan to install the CLI, review the repository and recent commits to confirm the code matches your expectations. - If you want lower risk during experimentation, use manual/no-wait flows and dry-run mode (omit --broadcast) rather than automatic approval/tunnel flows that post to remote UIs. If you want, I can list the exact lines in SKILL.md that reference external endpoints, binary downloads, or sensitive outputs so you can review them before proceeding.
功能分析
Type: OpenClaw Skill Name: demo-agents-sdk Version: 0.1.4 The skill bundle is classified as suspicious due to two significant supply chain and execution risks. First, the installation instruction `npm install -g github:0xPolygon/polygon-agent-kit` in `SKILL.md` and `QUICKSTART.md` directly fetches and executes code from a GitHub repository, which is a supply chain vulnerability if the repository is compromised. Second, the `wallet create` command, as described in `SKILL.md` and `QUICKSTART.md`, automatically downloads and executes the `cloudflared` binary from the internet to establish a Cloudflare Quick Tunnel. While intended for legitimate callback functionality, auto-downloading and executing an arbitrary binary without explicit user consent or robust integrity checks presents a critical arbitrary code execution vulnerability.
能力评估
Purpose & Capability
Name/description (Polygon agent toolkit) align with the declared env vars and instructions: Sequence access keys and an indexer key are reasonable for wallet creation, balance checks and swaps; Trails integration and cloudflared usage are consistent with the described functionality.
Instruction Scope
SKILL.md instructs the agent/user to create and store private keys, use SEQUENCE_* access keys, and to send untruncated approval URLs to the user. It also describes an automatic Cloudflare Quick Tunnel flow that posts encrypted session blobs to a connector UI. These actions are within the expected flow, but they involve transmitting encrypted session blobs and interacting with remote UIs (defaulting to a staging connector). Verify you are comfortable with the connector endpoint before proceeding.
Install Mechanism
The skill is instruction-only (no install spec), but the instructions tell users to 'npm install -g github:0xPolygon/polygon-agent-kit' and describe the CLI auto-downloading 'cloudflared' to ~/.polygon-agent/bin/. This is expected for the CLI workflow but means code/binaries will be fetched from external sources (GitHub and Cloudflare) when you follow the guide — verify repository and binary integrity.
Credentials
Requested environment variables (SEQUENCE_PROJECT_ACCESS_KEY, SEQUENCE_INDEXER_ACCESS_KEY, optional TRAILS_API_KEY, etc.) are appropriate for the claimed features. No unrelated secrets or broad system credentials are requested by the SKILL.md.
Persistence & Privilege
Skill is not always-included and uses the normal autonomous-invocation default. The instructions describe writing encrypted data to ~/.polygon-agent/ and temporary session files in /tmp — this is expected for a CLI wallet tool and the skill does not request elevated or cross-skill privileges.
如何使用
  1. 确保已安装 OpenClaw(本地或 Docker 部署)
  2. 在对话框中输入安装命令:/install demo-agents-sdk
  3. 安装完成后,直接呼叫该 Skill 的名称或使用 /demo-agents-sdk 触发
  4. 根据 Skill 的参数说明提供必要输入,即可获得结构化输出
版本历史
v0.1.4
- Switched wallet approval tunnel from ngrok to Cloudflare Quick Tunnel (`*.trycloudflare.com`). - `cloudflared` binary is auto-downloaded and managed in `~/.polygon-agent/bin/cloudflared`. - Approval URL is now only valid during the active CLI session—open it immediately; never reuse an old URL. - Expanded troubleshooting section with guidance for tunnel errors and cloudflared issues. - Manual fallback updated: cloudflared absence now triggers browser copy/paste flow and new troubleshooting advice.
v0.1.3
- Added documentation for the NGROK_AUTHTOKEN environment variable and clarified that ngrok is used for dynamic HTTPS tunnels by default. - Updated the wallet creation callback flow: now automatically starts a local HTTP server with a dynamic ngrok tunnel, removing need for manual configuration in most cases. - Improved fallback instructions for session import, including CLI prompts for pasting the encrypted blob and auto-saving the blob to a temp file. - Added troubleshooting entry for "callbackMode: manual" and instructions for importing from blob file. - General documentation refinements and clarifications regarding callbackURL and public tunnel behavior.
v0.1.2
- Added a **CRITICAL: Wallet Approval URL** section explaining strict requirements for sharing approval URLs. - Detailed new **Callback Modes** for wallet session approval, covering ngrok usage and localhost fallback with import instructions. - No feature changes to commands or architecture; documentation expanded for correct user interaction and troubleshooting.
v0.1.1
Version 0.1.1 - Updated installation instructions to recommend global install via npm. - Entry point updated from direct node module call to `polygon-agent` CLI. - Improved clarity on setup flow and command usage for end-users. - No code or behavior changes; documentation update only.
v0.1.0
Initial release of Agent SDK. - Provides session-based smart contract wallets (Sequence) with encrypted local storage - Supports token operations: send, swap, bridge, deposit (via Trails) - Implements ERC-8004 on-chain agent identity, reputation feedback, and agent registration - Enables x402 micropayments and EIP-3009 support - Features dry-run defaults (all writes require --broadcast), CLI smart defaults, and session management - Includes detailed troubleshooting and environment variable support
元数据
Slug demo-agents-sdk
版本 0.1.4
许可证
累计安装 0
当前安装数 0
历史版本数 5
常见问题

pol-agents-sdk-demo 是什么?

Complete Polygon agent toolkit. Session-based smart contract wallets (Sequence), token ops (send/swap/bridge/deposit via Trails), ERC-8004 on-chain identity... 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件,目前累计下载 670 次。

如何安装 pol-agents-sdk-demo?

在 OpenClaw 或 Claude Code 对话框中运行命令「/install demo-agents-sdk」即可一键安装,无需额外配置。

pol-agents-sdk-demo 是免费的吗?

是的,pol-agents-sdk-demo 完全免费(开源免费),可自由下载、安装和使用。

pol-agents-sdk-demo 支持哪些平台?

pol-agents-sdk-demo 跨平台运行,可在任意部署了 OpenClaw / Claude Code 的环境中使用(cross-platform)。

谁开发了 pol-agents-sdk-demo?

由 JamesLawton(@jameslawton)开发并维护,当前版本 v0.1.4。

推荐 Skills
self-improving agent
Captures learnings, errors, and corrections to enable continuous improvement. Use when: (1) A command or operation fails unexpectedly, (2) User corrects Clau...
⬇ 463283 · by pskoett
Skill Vetter
Security-first skill vetting for AI agents. Use before installing any skill from ClawdHub, GitHub, or other sources. Checks for red flags, permission scope, and suspicious patterns.
⬇ 259410 · by spclaudehome
Polymarket
Query Polymarket prediction markets. Check odds, find trending markets, search events, track price movements.
⬇ 232503 · by joelchance
Self-Improving + Proactive Agent
Self-reflection + Self-criticism + Self-learning + Self-organizing memory. Agent evaluates its own work, catches mistakes, and improves permanently. Use when...
⬇ 200423 · by ivangdavila
Github
Interact with GitHub using the `gh` CLI. Use `gh issue`, `gh pr`, `gh run`, and `gh api` for issues, PRs, CI runs, and advanced queries.
⬇ 191115 · by steipete
ontology
Typed knowledge graph for structured agent memory and composable skills. Use when creating/querying entities (Person, Project, Task, Event, Document), linkin...
⬇ 190156 · by oswalpalash

💬 留言讨论