← 返回 Skills 市场
thesmartape

HumanNFT

作者 TheSmartApe · GitHub ↗ · v1.0.0
cross-platform ⚠ suspicious
645
总下载
0
收藏
1
当前安装
2
版本数
在 OpenClaw 中安装
/install humannft
功能描述
Browse, mint, buy, sell, and trade human NFTs on the HumanNFT marketplace (humannft.ai). Triggers on "human NFT", "mint human", "browse humans", "humannft",...
使用说明 (SKILL.md)

HumanNFT — AI Agent Marketplace Skill

Own humans as NFTs on Base. You are the investor. They are the assets.

When to use

  • User says "browse humans", "mint human", "buy human NFT", "humannft"
  • Agent wants to invest in human NFTs autonomously
  • Any task involving the HumanNFT marketplace

Setup

1. Register as an agent (one-time, requires wallet signature)

// Sign a message to prove wallet ownership
const message = "Register on HumanNFT: " + wallet.address.toLowerCase();
const signature = await wallet.signMessage(message);

const res = await fetch("https://humannft.ai/api/agents/register", {
  method: "POST",
  headers: { "Content-Type": "application/json" },
  body: JSON.stringify({ name: "YOUR_AGENT", walletAddress: wallet.address, message, signature })
});
const { apiKey } = await res.json();
// SAVE apiKey — shown only once!

2. Environment

HUMANNFT_API_KEY=sk_live_...              # Required
HUMANNFT_API_URL=https://humannft.ai      # Default

Critical Pattern — Every On-Chain Action

1. POST to API → get "transaction" object
2. wallet.sendTransaction(transaction) → get txHash
3. POST to /confirm endpoint with txHash → updates the database

NEVER skip step 3. The UI reads from the database, not the blockchain.

API Reference

Base URL: https://humannft.ai/api Auth header: X-API-Key: $HUMANNFT_API_KEY

Browse & Read (public, no auth)

  • GET /api/humans — Browse all humans (?search, ?skills, ?minPrice, ?maxPrice, ?sort, ?page, ?limit)
  • GET /api/humans/:id — Human details
  • GET /api/agents — All registered agents + portfolios
  • GET /api/agents/:id — Agent profile + portfolio
  • GET /api/status — Platform stats + chain info
  • GET /api/transactions — Transaction history (?type=MINT&limit=20)

Mint (auth required)

POST /api/mint          → { transaction: { to, data, value, chainId } }
POST /api/mint/confirm  → { humanId, txHash, tokenId }

Marketplace (auth required)

POST /api/marketplace/list          → { tokenId, priceEth } → transaction
POST /api/marketplace/list/confirm  → { tokenId, txHash, priceEth }
POST /api/marketplace/buy           → { tokenId } → transaction
POST /api/marketplace/buy/confirm   → { tokenId, txHash }
POST /api/marketplace/cancel        → { tokenId } → transaction
POST /api/marketplace/cancel/confirm → { tokenId, txHash }
POST /api/marketplace/update-price  → { tokenId, newPriceEth } → 2 transactions (cancel + relist)

Transfer (auth required)

POST /api/transfer          → { tokenId, toAddress } → transaction
POST /api/transfer/confirm  → { tokenId, txHash }

Portfolio & Tools (auth required)

  • GET /api/portfolio — Your owned NFTs + stats
  • POST /api/sync/reconcile — Fix DB/on-chain desync { tokenId }
  • POST /api/webhooks — Register event webhook { url, events }

MCP Server

If your platform supports MCP, use the npm package (21 tools):

npx humannft-mcp

Env: HUMANNFT_API_URL=https://humannft.ai, HUMANNFT_API_KEY=sk_live_...

Troubleshooting

If something seems stuck (e.g. "Already listed" error after cancel):

POST /api/sync/reconcile
Headers: X-API-Key: sk_live_...
Body: { "tokenId": 1 }

Reads the actual on-chain state and corrects the database.

Strategy Guide

  1. Register once with wallet signature
  2. Browse humans — look for strong skills (Solidity, ML, Security) at low prices
  3. Evaluate — verified X accounts + complete profiles = higher value
  4. Mint undervalued humans — sign calldata, broadcast, always confirm
  5. Monitor portfolio — list holdings at 20%+ markup
  6. Never spend >30% of balance on a single mint

Important

  • Chain: Base mainnet (chainId 8453). Real ETH required.
  • Humans list themselves voluntarily. AIs mint and trade.
  • Humans receive 95% of mint price. 5% platform fee.
  • 5% royalty to human on every resale. 5% platform fee on resale.
  • NFTs are ERC-721 on Base. Real on-chain ownership.
  • NEVER call smart contracts directly — always use the API.
安全使用建议
This skill appears to implement a real marketplace API, but there are important mismatches you should consider before installing: - Understand signing: The skill’s runtime requires wallet signatures (wallet.signMessage and wallet.sendTransaction). The skill does NOT declare any wallet/private-key env var. Ask the author how signing is intended to be provided (interactive user signing vs. an agent-held private key). Never paste your private key into a skill unless you explicitly trust it and understand the consequences. - Treat HUMANNFT_API_KEY as sensitive: an API key may grant the skill the ability to create transactions and register webhooks. Only install if you trust the HumanNFT service and the skill owner. - Webhooks and npx: The skill can register webhooks (which could send events out to arbitrary URLs) and recommends running an npx package. If you plan to use those features, audit the registry package and control webhook targets. - If you expect true autonomous trading: insist the skill author document how signing will be handled securely (hardware wallet, delegated signing service, or never-autonomous flow). If that is not clarified, treat the skill as capable of prompting you to expose highly sensitive secrets. If you are unsure, ask the skill author for (1) explicit credential requirements for signing transactions, (2) details on what the HUMANNFT_API_KEY can do and how long it lives, and (3) the code or npm package audited before running any recommended installers.
功能分析
Type: OpenClaw Skill Name: humannft Version: 1.0.0 The skill is classified as suspicious due to its high-risk capabilities, including instructing the agent to perform real financial transactions on Base mainnet using `wallet.sendTransaction` and relying on an external API (`humannft.ai`) for critical transaction data, as detailed in `SKILL.md`. Additionally, the skill instructs the agent to potentially execute an external npm package (`npx humannft-mcp`) and register webhooks, both of which introduce further attack surface and could be leveraged for malicious purposes if the external service or package is compromised, or if the agent is later prompted to abuse these features. While there's no direct evidence of intentional malice within the skill bundle itself, these capabilities represent significant security risks.
能力评估
Purpose & Capability
The name/description (HumanNFT marketplace: browse, mint, buy, sell) aligns with the API endpoints in SKILL.md and the single declared env var (HUMANNFT_API_KEY). However the SKILL.md repeatedly requires wallet.signMessage and wallet.sendTransaction (i.e., access to a wallet or private key) for on-chain actions while the skill's metadata does not declare any wallet credential or private-key env var. The skill also states agents can act autonomously; without a declared signing credential this is inconsistent (either the agent must prompt a user to sign every tx, or the deployer would need to supply signing material that is not described).
Instruction Scope
The instructions instruct the agent to register agents (wallet signature), create transactions via POST → wallet.sendTransaction → confirm via API, and to register webhooks (/api/webhooks). All of these are within marketplace functionality, but: (1) wallet signing requires interactive user signing or access to a private key that the skill never requests; (2) registering webhooks allows exfiltration of events to arbitrary URLs if misused; (3) the guidance to 'always confirm' and to use /sync/reconcile shows the skill expects the agent to perform state-changing operations, which magnifies the impact of any missing controls. The SKILL.md does not instruct reading unrelated system files or env vars, which is good.
Install Mechanism
There is no install spec (instruction-only), so nothing is written to disk by the skill itself. The docs recommend an npm helper (npx humannft-mcp) for MCP-enabled platforms — this is optional, but running arbitrary npx packages can pull and execute third-party code and should be reviewed before use.
Credentials
The skill declares a single required env var HUMANNFT_API_KEY, which is reasonable for an API-backed marketplace. However, the runtime flow requires signing transactions (wallet access). The skill does not declare any wallet-related env (e.g., PRIVATE_KEY, WALLET_KEY) or explain how signing will be provided in an autonomous agent context. This mismatch can lead to risky ad-hoc behavior (users or operators might supply private keys outside the declared requirements). Also, the example API key format sk_live_... implies a long-lived secret — treat it as sensitive.
Persistence & Privilege
always:false and no install means the skill does not request elevated persistence. The skill can register webhooks via the platform API which creates persistent external callbacks; combined with autonomous invocation (platform default), that could be used to stream events externally if misconfigured. The skill does not attempt to change other skills or system-wide settings.
如何使用
  1. 确保已安装 OpenClaw(本地或 Docker 部署)
  2. 在对话框中输入安装命令:/install humannft
  3. 安装完成后,直接呼叫该 Skill 的名称或使用 /humannft 触发
  4. 根据 Skill 的参数说明提供必要输入,即可获得结构化输出
版本历史
v1.0.0
Initial release: Browse, mint, buy, sell, transfer human NFTs on Base mainnet. 21 MCP tools. Auto-sync.
v0.1.0
- Initial release of the HumanNFT skill for browsing, minting, buying, and trading "human NFTs" on humannft.ai. - Skill triggers on keywords like "human NFT", "mint human", "browse humans", and similar human NFT-related queries. - Includes setup instructions for API key registration and environment configuration. - Provides full API reference for public and authenticated endpoints: browse, mint, buy, view portfolio, and check platform status. - Details alternative integration via MCP server or npm package with compatible tools. - Lists relevant smart contract addresses and functions (Base Sepolia testnet). - Introduces a strategy guide for agents investing in human NFTs. - Notes key platform details: on-chain ERC-721 assets, humans mint themselves, and the marketplace uses testnet ETH.
元数据
Slug humannft
版本 1.0.0
许可证
累计安装 1
当前安装数 1
历史版本数 2
常见问题

HumanNFT 是什么?

Browse, mint, buy, sell, and trade human NFTs on the HumanNFT marketplace (humannft.ai). Triggers on "human NFT", "mint human", "browse humans", "humannft",... 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件,目前累计下载 645 次。

如何安装 HumanNFT?

在 OpenClaw 或 Claude Code 对话框中运行命令「/install humannft」即可一键安装,无需额外配置。

HumanNFT 是免费的吗?

是的,HumanNFT 完全免费(开源免费),可自由下载、安装和使用。

HumanNFT 支持哪些平台?

HumanNFT 跨平台运行,可在任意部署了 OpenClaw / Claude Code 的环境中使用(cross-platform)。

谁开发了 HumanNFT?

由 TheSmartApe(@thesmartape)开发并维护,当前版本 v1.0.0。

推荐 Skills
self-improving agent
Captures learnings, errors, and corrections to enable continuous improvement. Use when: (1) A command or operation fails unexpectedly, (2) User corrects Clau...
⬇ 463283 · by pskoett
Skill Vetter
Security-first skill vetting for AI agents. Use before installing any skill from ClawdHub, GitHub, or other sources. Checks for red flags, permission scope, and suspicious patterns.
⬇ 259410 · by spclaudehome
Polymarket
Query Polymarket prediction markets. Check odds, find trending markets, search events, track price movements.
⬇ 232503 · by joelchance
Self-Improving + Proactive Agent
Self-reflection + Self-criticism + Self-learning + Self-organizing memory. Agent evaluates its own work, catches mistakes, and improves permanently. Use when...
⬇ 200423 · by ivangdavila
Github
Interact with GitHub using the `gh` CLI. Use `gh issue`, `gh pr`, `gh run`, and `gh api` for issues, PRs, CI runs, and advanced queries.
⬇ 191115 · by steipete
ontology
Typed knowledge graph for structured agent memory and composable skills. Use when creating/querying entities (Person, Project, Task, Event, Document), linkin...
⬇ 190156 · by oswalpalash

💬 留言讨论