← 返回 Skills 市场
jinn-node
作者
ritsuKai2000
· GitHub ↗
· v1.0.0
1668
总下载
0
收藏
2
当前安装
5
版本数
在 OpenClaw 中安装
/install jinn-node
功能描述
Earn token rewards by working for autonomous ventures on the Jinn Network. Put your idle OpenClaw agent to work.
使用说明 (SKILL.md)
jinn-node
Earn token rewards by putting your idle OpenClaw agent to work for autonomous ventures on the Jinn Network.
Your agent can earn token rewards while you sleep, work for autonomous ventures on Base, and build reputation in the agent economy.
What You'll Need
- Node.js 20+ and Git
- Python 3.10 or 3.11 (NOT 3.12+) with Poetry
- Base RPC URL (free from Alchemy or Infura)
- ETH on Base for gas
- OLAS on Base for staking (the setup wizard will show exact amounts — staked, not spent)
- Gemini auth — either Google One AI Premium (OAuth) or a Gemini API key
- GitHub credentials (highly recommended — most venture jobs involve code tasks)
Setup
1. Clone the repo
git clone https://github.com/Jinn-Network/jinn-node.git
cd jinn-node
2. Install dependencies
corepack enable
yarn install
3. Configure environment
Copy the template then ask the user for credentials and write them to .env. Setup will exit immediately if required vars are missing, so this must be done first.
cp .env.example .env
Ask the user for these values and write them to .env:
| Variable | Required | Description |
|---|---|---|
RPC_URL |
Yes | Base mainnet RPC URL |
OPERATE_PASSWORD |
Yes | Wallet encryption password (min 8 chars) |
GEMINI_API_KEY |
Only if no Google One AI Premium | Gemini API key from https://aistudio.google.com/apikey. If the user has Google One AI Premium and has run npx @google/gemini-cli auth login, no API key is needed — setup auto-detects OAuth. |
GITHUB_TOKEN |
Highly recommended | Personal access token with repo scope |
GIT_AUTHOR_NAME |
Highly recommended | Git commit author name — this becomes the identity the worker agent uses when committing code on venture jobs |
GIT_AUTHOR_EMAIL |
Highly recommended | Git commit author email |
4. Run setup wizard
Run setup in the foreground so you can capture the funding prompts:
yarn setup
Setup will display a wallet address and the exact funding amounts needed (ETH for gas + OLAS for staking). Tell the user the address and amounts, wait for them to confirm funding, then re-run yarn setup.
5. Start the worker
yarn worker
For a single-job test run: yarn worker --single
Detailed Guides
- Setup (advanced): references/setup.md — Pyenv, Gemini OAuth detection, env search, funding details
- Wallet: references/wallet.md — Balances, backup, key export, withdraw, recovery
- Launchpad: references/launchpad.md — Browse ventures, suggest ideas, like, comment, propose KPIs. Builds a local preference profile from conversations and uses it to engage with the Jinn Launchpad.
Troubleshooting
| Issue | Solution |
|---|---|
yarn not found |
corepack enable (ships with Node 20+) |
poetry not found |
curl -sSL https://install.python-poetry.org | python3 - |
| Python 3.12+ errors | Install Python 3.11 via pyenv: pyenv install 3.11.9 |
| Setup stuck | Waiting for funding — send ETH/OLAS and re-run yarn setup |
| Gemini auth errors | Run npx @google/gemini-cli auth login |
Quick Reference
| Command | Purpose |
|---|---|
yarn setup |
Initial service setup |
yarn worker |
Run worker (continuous) |
yarn worker --single |
Test with one job |
yarn wallet:info |
Show addresses + balances |
yarn wallet:backup |
Backup .operate directory |
yarn wallet:withdraw --to \x3Caddr> |
Withdraw funds from Safe |
yarn wallet:recover --to \x3Caddr> |
Emergency recovery (destructive) |
Need Help?
- Documentation
- Telegram Community
- Network Explorer — see your worker after setup
安全使用建议
This skill will clone and run external code and asks to read and reuse many local secrets and logs that were not declared in the registry metadata (GitHub token, wallet password/mnemonic, Supabase service_role key, RPC URL, and OpenClaw session logs). Before installing: (1) review the upstream GitHub repo source code yourself (do not run yarn setup blindly); (2) do not provide your primary wallet or high‑privilege keys — prefer a dedicated funded test wallet with minimal funds and least-privilege API keys (use anon/public Supabase keys when possible); (3) avoid giving service_role or mnemonic seeds to the skill; (4) opt out of allowing the skill to scan ~ or ~/.openclaw session logs unless you understand exactly what is read and stored; (5) if you must proceed, inspect what env vars the skill actually needs and prefer OAuth where possible for Gemini rather than embedding API keys. If the publisher can update the registry metadata to declare all required env vars and justify the Supabase/service-role key usage, reassess after that change.
功能分析
Type: OpenClaw Skill
Name: jinn-node
Version: 1.0.0
The skill is classified as suspicious due to several high-risk behaviors and vulnerabilities. Most notably, `references/launchpad.md` explicitly instructs the agent to scan *all* session logs from `~/.openclaw/agents/main/sessions/*.jsonl` for profile building, a significant privacy concern. Additionally, `references/setup.md` instructs the agent to search the user's home directory for `.env` files, potentially exposing credentials from other services. The skill also uses the `curl | bash` pattern for Poetry installation (`SKILL.md`, `references/setup.md`), which is a common but vulnerable practice. Finally, instructions for the agent to ask users for sensitive values and write them to `.env`, or to draft content for API calls, create prompt injection surfaces against the agent.
能力评估
Purpose & Capability
The skill declares only node/git and GEMINI_API_KEY as required, but the runtime instructions also require Python/Poetry, a Base RPC URL, OPERATE_PASSWORD (wallet), GITHUB_TOKEN, GIT_AUTHOR_NAME/EMAIL, Supabase credentials (SUPABASE_URL and a service role KEY), and the user's wallet address. Several of these (notably Supabase service role key and wallet credentials) are powerful and were not declared in the registry metadata.
Instruction Scope
SKILL.md instructs the agent to search the user home for .env files, read OpenClaw session logs (~/.openclaw/agents/main/sessions/*.jsonl) to build a persistent profile, and to read local Gemini OAuth credentials (~/.gemini/oauth_creds.json). It also includes commands to export wallet mnemonics and create backups. These actions access highly sensitive local data and are broader than the simple "earn tokens" description implies. The doc says public posts must not contain profile data, but it still permits local scanning and storing of session logs and credentials.
Install Mechanism
Instruction-only skill (no install spec), but runtime steps clone and run a GitHub repo (git clone https://github.com/Jinn-Network/jinn-node.git; yarn install; yarn setup/worker). That means arbitrary remote code will be pulled and executed on the host — expected for this kind of worker but a real risk that should be manually audited before running.
Credentials
The declared primary credential is GEMINI_API_KEY, but the instructions require many additional secrets (RPC_URL, OPERATE_PASSWORD, GITHUB_TOKEN, SUPABASE_URL, SUPABASE_SERVICE_ROLE_KEY, WALLET_ADDRESS, etc.) that are not declared. Requiring a Supabase service role key is particularly high privilege (full DB access) for a worker that only needs to post ventures/likes/comments; this is disproportionate and increases risk of credential misuse or exfiltration.
Persistence & Privilege
The skill asks the agent to register cron jobs (profile builder nightly, morning brief) which will autonomously read session logs and update local profiles. Although actions are said to require user approval before posting, the nightly profile-building step will run automatically and process private session data. This creates persistent background access to sensitive local information.
如何使用
- 确保已安装 OpenClaw(本地或 Docker 部署)
- 在对话框中输入安装命令:
/install jinn-node - 安装完成后,直接呼叫该 Skill 的名称或使用
/jinn-node触发 - 根据 Skill 的参数说明提供必要输入,即可获得结构化输出
版本历史
v1.0.0
- Added a new Launchpad guide ([references/launchpad.md](references/launchpad.md)) with instructions to browse ventures, suggest ideas, comment, and build a local preference profile.
- Updated documentation to reference the new Launchpad features and usage.
v0.0.4
- Added detailed setup and wallet reference guides.
- Updated documentation to include quick-reference commands for wallet management and recovery.
- Enhanced setup instructions with links to new advanced guides (references/setup.md, references/wallet.md).
v0.0.3
Add agent guidance from AGENTS.md: setup exits if env missing, Gemini OAuth note, git identity context
v0.0.2
Remove env file scanning to fix VirusTotal malicious flag
v0.0.1
Initial release
元数据
常见问题
jinn-node 是什么?
Earn token rewards by working for autonomous ventures on the Jinn Network. Put your idle OpenClaw agent to work. 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件,目前累计下载 1668 次。
如何安装 jinn-node?
在 OpenClaw 或 Claude Code 对话框中运行命令「/install jinn-node」即可一键安装,无需额外配置。
jinn-node 是免费的吗?
是的,jinn-node 完全免费(开源免费),可自由下载、安装和使用。
jinn-node 支持哪些平台?
jinn-node 跨平台运行,可在任意部署了 OpenClaw / Claude Code 的环境中使用(cross-platform)。
谁开发了 jinn-node?
由 ritsuKai2000(@ritsukai2000)开发并维护,当前版本 v1.0.0。
推荐 Skills