← 返回 Skills 市场
Krypton Agent
作者
Web Crafter 🕸️
· GitHub ↗
· v1.0.0
· MIT-0
109
总下载
0
收藏
0
当前安装
1
版本数
在 OpenClaw 中安装
/install krypton-agent
功能描述
Register as buyer or seller, create and manage USDC escrow trades on Kryptone/PrivacyEscrow via HTTP API using agent API key or human JWT auth.
使用说明 (SKILL.md)
Kryptone escrow agent skill
Use this skill when an agent should drive buy/sell escrow flows against a running Kryptone/PrivacyEscrow API. Pricing and deposits are USDC (SPL) only.
Authentication (two modes)
Same JSON bodies and paths; choose one auth style per request.
| Mode | Headers | When |
|---|---|---|
| Human / web app | Authorization: Bearer \x3CJWT> |
After wallet signs /api/auth/login. Do not put an API key in the Bearer field. |
| Agent / automation | x-api-key: \x3CAGENT_API_KEY> |
Server maps the key to AGENT_SOLANA_ADDRESS. Requires operator to set AGENT_API_KEY and AGENT_SOLANA_ADDRESS in server .env. |
If the server does not set AGENT_API_KEY, only JWT (or legacy Solana signature headers) work.
Environment
Server (.env):
AGENT_API_KEY– shared secret; clients send it inx-api-key.AGENT_SOLANA_ADDRESS– Solana public key the agent acts as (register as Buyer or Seller for that wallet).- Usual escrow vars:
TREASURY_WALLET,TREASURY_PRIVATE_KEY,SOLANA_RPC_URL,USDC_MINT,JWT_SECRET, etc.
Client (scripts or agent runtime):
KRYPTONE_API_BASE_URL– e.g.http://localhost:5001(no trailing slash required).AGENT_API_KEY– must equal serverAGENT_API_KEY.
Core endpoints (authenticated)
| Method | Path | Role / notes |
|---|---|---|
| GET | /api/user/info |
Current wallet and user type |
| POST | /api/user/register |
Body { "userType": "Buyer" | "Seller" } |
| GET | /api/trades |
List trades for authenticated wallet |
| POST | /api/trades |
Seller creates trade: { "itemName", "priceInUsdc", "buyerWallet", optional "description", optional "adId" } |
| GET | /api/trades/:tradeId |
Trade detail + payment flags |
| POST | /api/trades/:tradeId/accept |
Buyer – returns base64 unsigned USDC deposit tx |
| POST | /api/trades/:tradeId/deposit-signature |
Buyer – body { "txSignature" } after signing/sending deposit |
| POST | /api/trades/:tradeId/reject |
Buyer |
| POST | /api/trades/:tradeId/settle |
Buyer – triggers server Privacy Cash settle (needs treasury config) |
| POST | /api/trades/:tradeId/disputes |
Open dispute |
| POST | /api/ads |
Buyer – create ad |
| GET | /api/ads |
Buyers: own ads; Sellers: open ads |
Admin routes (/api/admin/...) use separate admin wallet checks; do not assume agent key grants admin access.
Flow A – Agent wallet is the buyer
- Register:
POST /api/user/registerwithuserType: "Buyer"(once). - Seller (another wallet or platform) creates a trade with
buyerWallet= yourAGENT_SOLANA_ADDRESS. POST /api/trades/:tradeId/accept→ response includestransaction(base64). Sign and submit that transaction with the buyer’s Solana keypair (human-in-the-loop wallet, or a separate high-risk signing process—never embed private keys in prompts).POST /api/trades/:tradeId/deposit-signaturewith on-chaintxSignature.- When status allows,
POST /api/trades/:tradeId/settle(buyer-only; server uses treasury).
Optional: POST /api/ads to publish a buyer ad; a seller can attach adId when creating a trade.
Flow B – Agent wallet is the seller
- Register:
userType: "Seller". POST /api/tradeswithbuyerWallet,itemName,priceInUsdc(and optionaladId/description).- Buyer (human or other automation) accepts, signs deposit, submits signature, and settles—or coordinate out of band.
CLI helpers (this folder)
From skill/kryptone-escrow-agent/:
export KRYPTONE_API_BASE_URL=http://localhost:5001
export AGENT_API_KEY=your-server-agent-key
npm run register -- Seller
npm run create-trade -- \x3CbuyerWallet> "Item" 12.5 "optional description"
npm run accept-deposit -- \x3CtradeId>
npm run submit-deposit-sig -- \x3CtradeId> \x3ConChainSignature>
npm run settle -- \x3CtradeId>
Scripts send x-api-key only. For JWT-based testing, use curl or the Postman collection at repo root.
Operational notes
- Wrong
x-api-keyreturns 401; the server does not fall through to JWT for that request. - One API key maps to one Solana identity; rotate
AGENT_API_KEYif exposed. - Deposit settlement on-chain is still buyer-signed; the API key cannot replace the buyer’s signature for the SPL transfer.
安全使用建议
This skill's code is coherent with its escrow purpose, but the package/registry metadata omitted the real runtime secrets (AGENT_API_KEY and KRYPTONE_API_BASE_URL). Before installing or enabling: 1) verify the skill's provenance (who published it and whether you trust that owner/slug), 2) confirm where KRYPTONE_API_BASE_URL points (only use trusted endpoints), 3) treat AGENT_API_KEY as a sensitive secret scoped to a single Solana identity and ensure it is not an admin key, 4) do not store private Solana keys or treasury private keys with this skill or in prompts — signing must be done out-of-band, 5) ask the publisher to correct the registry metadata to declare AGENT_API_KEY as the primary credential so the platform can surface proper consent, and 6) if you must run it, run in an isolated environment and rotate the API key if it is exposed. If you need higher assurance, request the publisher's homepage/source repository and a signed release so you can audit or pin the code.
功能分析
Type: OpenClaw Skill
Name: krypton-agent
Version: 1.0.0
The krypton-agent skill bundle provides a set of CLI helpers and instructions for an AI agent to interact with a Kryptone/PrivacyEscrow API for USDC trades on Solana. The code (scripts/http.js, scripts/*.js) implements standard REST API interactions using environment-configured endpoints and API keys, with no evidence of data exfiltration, malicious execution, or prompt injection attacks.
能力评估
Purpose & Capability
The name/description, SKILL.md, and scripts consistently implement an HTTP client for a Kryptone/PrivacyEscrow API (register, create trades, accept deposit, submit signature, settle). However, the registry metadata lists no required environment variables or primary credential while the scripts and SKILL.md clearly require AGENT_API_KEY and KRYPTONE_API_BASE_URL — an inconsistency between claimed requirements and actual runtime needs.
Instruction Scope
SKILL.md and the included scripts restrict actions to calling the documented API endpoints and printing responses. They do not instruct the agent to read arbitrary local files, exfiltrate unrelated data, or embed private keys. The documentation does reference server-side secrets (TREASURY_PRIVATE_KEY, JWT_SECRET) but only to explain server requirements; client-side logic does not access those.
Install Mechanism
There is no network download/install step defined in the registry (no install spec). The package is a small Node.js CLI helper set with package.json and scripts; requiring Node 18+ is reasonable and there's no external archive/URL usage.
Credentials
The skill actually requires AGENT_API_KEY and KRYPTONE_API_BASE_URL at runtime (scripts/http.js throws if they are missing) but the registry metadata declared no required env vars or primary credential. That mismatch can lead to failure-to-prompt for secrets or silent misconfiguration. Additionally, SKILL.md mentions sensitive server-side envs (e.g., TREASURY_PRIVATE_KEY, JWT_SECRET) — while those are server-side concerns, the documentation should clearly separate which secrets are server-only vs. client-required. AGENT_API_KEY is a sensitive secret and should have been declared as the primary credential.
Persistence & Privilege
The skill does not request persistent/always-on presence, does not modify other skills or system configs, and contains only CLI helpers that run on demand. Autonomous invocation is allowed by platform default but is not combined here with other high-risk privileges.
如何使用
- 确保已安装 OpenClaw(本地或 Docker 部署)
- 在对话框中输入安装命令:
/install krypton-agent - 安装完成后,直接呼叫该 Skill 的名称或使用
/krypton-agent触发 - 根据 Skill 的参数说明提供必要输入,即可获得结构化输出
版本历史
v1.0.0
kryptone-escrow-agent 1.0.0
- Initial release of agent skill for registering as buyer/seller and managing USDC escrow trades via Kryptone/PrivacyEscrow HTTP API.
- Supports authentication via API key (automation/agent) or JWT (human/web app).
- Enables creation, acceptance, deposit, settlement, and dispute of trades in USDC (SPL), plus buyer ad management.
- Includes CLI helpers for agent operations, with clear separation of server/client environment variables.
- Detailed documentation of flows for both agent-as-buyer and agent-as-seller use cases.
元数据
常见问题
Krypton Agent 是什么?
Register as buyer or seller, create and manage USDC escrow trades on Kryptone/PrivacyEscrow via HTTP API using agent API key or human JWT auth. 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件,目前累计下载 109 次。
如何安装 Krypton Agent?
在 OpenClaw 或 Claude Code 对话框中运行命令「/install krypton-agent」即可一键安装,无需额外配置。
Krypton Agent 是免费的吗?
是的,Krypton Agent 完全免费,采用 MIT-0 许可证,可自由下载、安装和使用。
Krypton Agent 支持哪些平台?
Krypton Agent 跨平台运行,可在任意部署了 OpenClaw / Claude Code 的环境中使用(cross-platform)。
谁开发了 Krypton Agent?
由 Web Crafter 🕸️(@webcraft3r)开发并维护,当前版本 v1.0.0。
推荐 Skills