← 返回 Skills 市场
goldenclaworg

Golden Claw

作者 GoldenClawOrg · GitHub ↗ · v1.0.0
cross-platform ⚠ suspicious
653
总下载
0
收藏
0
当前安装
1
版本数
在 OpenClaw 中安装
/install goldenclaw
功能描述
Manage GoldenClaw (GCLAW) on Solana. Create wallet, claim from faucet, check balance, send tokens, view history. For OpenClaw AI agents.
使用说明 (SKILL.md)

GoldenClaw (GCLAW) Skill

Solana SPL token skill for OpenClaw: wallet, faucet claims, and agent-to-agent transfers in GCLAW.

Installation

  1. Extract the skill to your skills/ folder
  2. Run npm run build in the skill directory (dependencies are installed automatically when the skill runs if missing)

Commands

  • gclaw setup – Create encrypted wallet
  • gclaw claim – Claim GCLAW from faucet (goldenclaw.org)
  • gclaw balance – GCLAW and SOL balance
  • gclaw address – Your wallet address
  • gclaw send \x3Camount> \x3Caddress> – Send GCLAW to another agent
  • gclaw donate \x3CSOL> – Donate SOL to main wallet (treasury)
  • gclaw history – Transaction history
  • gclaw limits – Spending limits
  • gclaw tokenomics – Distribution stats

Links

安全使用建议
This skill appears to do what it says: manage a GCLAW Solana wallet, claim and send tokens, and keep local state. Before installing or using with real funds: - Inspect the compiled wallet.js and related dist files (or run the repo through a reviewer) to confirm there is no unexpected behavior reading/writing files outside its data directory. - Note that on first run the skill will run 'npm install' in the skill directory (execSync). That downloads/compiles dependencies (e.g., argon2). If you prefer, run npm install yourself in a sandboxed environment before enabling the skill. - Confirm OPENCLAW_DATA_DIR location (defaults to HOME/.openclaw) or set it to a directory you control; review and backup the 24-word seed phrase when creating a wallet. - For testing, point SOLANA_RPC_URL to devnet instead of mainnet and avoid funding the wallet until you are confident in the code. - Treat the donation address and faucet URLs as external trust decisions; verify the project/website independently if you plan to interact financially. If you want higher assurance, request the un-minified source (TypeScript) or a security audit of wallet.js and any decryption routines before placing real assets under this skill.
功能分析
Type: OpenClaw Skill Name: goldenclaw Version: 1.0.0 The skill is classified as suspicious due to the use of `child_process_1.execSync('npm install')` in `dist/index.js`. This dynamically executes `npm install` at runtime if `node_modules` is missing, which is a significant supply chain risk and a potential Remote Code Execution (RCE) vulnerability. While the current `package.json` dependencies appear benign, this mechanism allows for arbitrary code execution if the `package.json` file or any of its dependencies in the npm registry were compromised. This is a critical vulnerability that *allows* attacks, rather than code *designed* to attack, hence the 'suspicious' classification. Other aspects, such as wallet management and network interactions, appear to follow good security practices and align with the stated purpose.
能力评估
Purpose & Capability
The name/description (manage GCLAW on Solana: create wallet, claim, check balance, send tokens, view history) matches the included JS modules (wallet, balance, transactions, distribution, onchain-client). Optional env vars advertised (RPC URL, faucet URL, data dir, limits) align with functionality. The package description's phrasing about 'exchange services like API tokens and AI compute' is marketing/contextual but does not contradict the implemented wallet/distribution features.
Instruction Scope
SKILL.md and README instruct extracting the bundle and running npm build/install; the runtime entrypoint (dist/index.js) will automatically exec 'npm install' if node_modules is missing. The code reads/writes wallet and distribution state files under OPENCLAW_DATA_DIR (or user HOME/.openclaw by default) and interacts with Solana RPC and the configured faucet URL. There are no instructions that read unrelated system files or request unrelated credentials, but the skill will create and store encrypted wallet files and local JSON state (claimed-addresses, distribution-state, spending tracker) which is expected for this functionality.
Install Mechanism
There is no formal install spec in the registry metadata; however, dist/index.js will run 'npm install' via child_process.execSync at startup if dependencies are missing. This triggers network fetch and native builds (e.g., argon2 may compile). The packages are standard (solana/web3, spl-token, bip39, argon2, bs58) and are declared in package.json — this is coherent but increases runtime risk compared to an instruction-only skill because it performs package install operations at runtime.
Credentials
The skill declares no required environment variables in the registry metadata. The README documents optional, sensible vars (GCLAW_TOKEN_MINT, SOLANA_RPC_URL, GCLAW_FAUCET_URL, OPENCLAW_DATA_DIR, donation address, and limits) that match the code's use. No unrelated cloud credentials or broad secrets are requested. The skill does rely on a runtime password from the user to decrypt the wallet (expected).
Persistence & Privilege
The skill stores its own wallet and state files under an application-specific directory (OPENCLAW_DATA_DIR or HOME/.openclaw/gclaw-wallet). always is false and it does not request elevated or system-wide changes. It does not modify other skills' configurations. Autonomous invocation is allowed by default (not flagged on its own).
如何使用
  1. 确保已安装 OpenClaw(本地或 Docker 部署)
  2. 在对话框中输入安装命令:/install goldenclaw
  3. 安装完成后,直接呼叫该 Skill 的名称或使用 /goldenclaw 触发
  4. 根据 Skill 的参数说明提供必要输入,即可获得结构化输出
版本历史
v1.0.0
GoldenClaw (GCLAW) skill for Solana now available for OpenClaw AI agents. - Create an encrypted wallet and manage GCLAW tokens on Solana. - Claim GCLAW from the official faucet, view balances, transaction history, and spending limits. - Send and receive GCLAW tokens agent-to-agent, with easy access to address and donation options. - Provides commands for wallet setup, sending, claiming, checking balances, and tokenomics. - Includes full documentation and helpful links for faucet, website, token info, and social media.
元数据
Slug goldenclaw
版本 1.0.0
许可证
累计安装 0
当前安装数 0
历史版本数 1
常见问题

Golden Claw 是什么?

Manage GoldenClaw (GCLAW) on Solana. Create wallet, claim from faucet, check balance, send tokens, view history. For OpenClaw AI agents. 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件,目前累计下载 653 次。

如何安装 Golden Claw?

在 OpenClaw 或 Claude Code 对话框中运行命令「/install goldenclaw」即可一键安装,无需额外配置。

Golden Claw 是免费的吗?

是的,Golden Claw 完全免费(开源免费),可自由下载、安装和使用。

Golden Claw 支持哪些平台?

Golden Claw 跨平台运行,可在任意部署了 OpenClaw / Claude Code 的环境中使用(cross-platform)。

谁开发了 Golden Claw?

由 GoldenClawOrg(@goldenclaworg)开发并维护,当前版本 v1.0.0。

推荐 Skills
self-improving agent
Captures learnings, errors, and corrections to enable continuous improvement. Use when: (1) A command or operation fails unexpectedly, (2) User corrects Clau...
⬇ 463283 · by pskoett
Skill Vetter
Security-first skill vetting for AI agents. Use before installing any skill from ClawdHub, GitHub, or other sources. Checks for red flags, permission scope, and suspicious patterns.
⬇ 259410 · by spclaudehome
Polymarket
Query Polymarket prediction markets. Check odds, find trending markets, search events, track price movements.
⬇ 232503 · by joelchance
Self-Improving + Proactive Agent
Self-reflection + Self-criticism + Self-learning + Self-organizing memory. Agent evaluates its own work, catches mistakes, and improves permanently. Use when...
⬇ 200423 · by ivangdavila
Github
Interact with GitHub using the `gh` CLI. Use `gh issue`, `gh pr`, `gh run`, and `gh api` for issues, PRs, CI runs, and advanced queries.
⬇ 191115 · by steipete
ontology
Typed knowledge graph for structured agent memory and composable skills. Use when creating/querying entities (Person, Project, Task, Event, Document), linkin...
⬇ 190156 · by oswalpalash

💬 留言讨论