← 返回 Skills 市场
mlegls

Make Git Escrow

作者 疒奀 · GitHub ↗ · v1.0.0 · MIT-0
cross-platform ⚠ suspicious
269
总下载
0
收藏
0
当前安装
1
版本数
在 OpenClaw 中安装
/install make-git-escrow
功能描述
Create a new git escrow bounty for a test suite. Use when the user wants to submit a challenge with escrowed token rewards for passing a failing test suite....
使用说明 (SKILL.md)

Make Git Escrow

You are automating the creation of a git escrow bounty via the git-escrows submit CLI command. This locks ERC20 tokens in escrow as a bounty for someone who can make a failing test suite pass.

Step 1: Check CLI availability

Run git-escrows --help to verify the CLI is installed. If it fails, try npx git-escrows --help or bunx git-escrows --help. Use whichever works for all subsequent commands. If none work, tell the user to install with npm i -g git-escrows.

Step 2: Check .env configuration

Check if a .env file exists in the current directory. If not, tell the user they need one and suggest running:

git-escrows new-client --privateKey "0x..." --network "sepolia"

Verify it contains at least PRIVATE_KEY and NETWORK (or defaults to anvil). For base-sepolia and sepolia networks, contract addresses are auto-configured.

Step 3: Gather parameters

You need all of these to run the submit command:

  1. --tests-repo (required): Git repository URL containing the failing test suite.

    • If the user provided a URL as an argument, use that.
    • Otherwise, check if the current directory is a git repo and offer to use its remote URL.
    • Ask the user if neither is available.

  2. --tests-commit (required): The commit hash of the test suite.

    • If using the current repo, detect HEAD with git rev-parse HEAD.
    • Otherwise ask the user.

  3. --reward (required): Amount of tokens to escrow, in wei.

    • Ask the user. Help them convert if they give a human-readable amount (e.g., "1 USDC" = "1000000" for 6-decimal tokens, "1 ETH worth" = "1000000000000000000" for 18-decimal tokens).

  4. --oracle (required): The Ethereum address of the oracle that will arbitrate.

    • Ask the user. Mention the public demo oracle on Sepolia: 0xc5c132B69f57dAAAb75d9ebA86cab504b272Ccbc.

  5. --arbiter (required): The arbiter contract address.

    • Ask the user. This is typically the TrustedOracleArbiter contract on their network.

  6. --token (required): The ERC20 token contract address for the reward.

    • Ask the user.

Ask for any missing parameters, grouping related questions together when possible to minimize back-and-forth.

Step 4: Execute

Run the submit command with all gathered parameters:

git-escrows submit \
  --tests-repo "\x3Crepo-url>" \
  --tests-commit "\x3Ccommit-hash>" \
  --reward "\x3Camount>" \
  --arbiter "\x3Caddress>" \
  --oracle "\x3Caddress>" \
  --token "\x3Caddress>"

Step 5: Report results

After successful execution:

  • Report the Escrow UID prominently
  • Show the full escrow details (attester, recipient, schema, reward, token, oracle)
  • Provide the fulfill command that a solver would use: 
    git-escrows fulfill --escrow-uid \x3CUID> --solution-repo "\x3Curl>" --solution-commit "\x3Chash>"
  • Mention they can track status with: git-escrows list --status open

If the command fails, help diagnose the issue (insufficient balance, wrong network, missing approval, etc.).

安全使用建议
This skill appears to do what it claims (create an on-chain git escrow), but it requires your PRIVATE_KEY — a highly sensitive credential. Before installing or running it: 1) Do NOT paste your main/private keys directly on command lines (they go into shell history and process listings). Prefer environment variables set securely, locked keystores, or a hardware wallet / signer that the CLI can use without exposing raw private keys. 2) Use an account with only the funds needed for the escrow (ephemeral or testnet account) rather than your main wallet. 3) Inspect the git-escrows npm package source (or the project's GitHub) to verify behavior before running it. 4) Keep the .env file access-restricted and delete or rotate any private key stored there after use. 5) If you allow autonomous agent invocation, require explicit, per-transaction confirmations so the agent cannot sign and submit transactions without your approval. If you cannot follow these precautions, avoid supplying a private key to this skill.
功能分析
Type: OpenClaw Skill Name: make-git-escrow Version: 1.0.0 The skill automates blockchain escrow creation using the `git-escrows` CLI, requiring the agent to access and potentially manage a `PRIVATE_KEY` within a `.env` file. It is classified as suspicious due to the high-risk nature of an AI agent handling sensitive private keys and the potential for shell injection vulnerabilities in `SKILL.md`, where user-provided parameters (e.g., repo URLs, reward amounts) are passed directly into bash commands without explicit sanitization instructions. The skill relies on an external tool and repository (https://github.com/arkhai-io/git-commit-trading) for its core logic.
能力评估
Purpose & Capability
The skill's name/description (create a git escrow bounty) aligns with its declared needs: the git-escrows CLI, git, a .env containing a PRIVATE_KEY, and network access to an Ethereum RPC. Requiring a signing key is consistent with submitting a transaction to lock tokens in escrow.
Instruction Scope
Instructions stay within the stated task (checking CLI, reading .env for PRIVATE_KEY and NETWORK, gathering git repo/commit, running git-escrows submit). However, the SKILL.md explicitly suggests providing a raw private key on the CLI (git-escrows new-client --privateKey "0x..."), which is insecure (exposes secrets to shell history, process lists, and logs). The skill also directs reading .env in the working directory; that file may contain other secrets but the instructions only reference PRIVATE_KEY and NETWORK. No instructions appear to exfiltrate data to unrelated endpoints, but the private-key handling guidance is risky.
Install Mechanism
This is an instruction-only skill with no install spec or bundled code — the lowest install risk. The only install hint is recommending the public npm package git-escrows (npm i -g git-escrows), which is reasonable. There are no downloaded archives or third-party install URLs in the skill itself.
Credentials
Requesting a PRIVATE_KEY is proportionate to submitting on-chain escrows, but PRIVATE_KEY is extremely high-privilege (it can sign transactions and move tokens). The skill also expects a .env file. The small set of requested credentials is coherent, but users must understand that supplying this key grants the tool/agent the ability to spend funds from that account. The skill's advice to pass the key on the command line increases exposure risk.
Persistence & Privilege
The skill is not always-enabled and is user-invocable (normal). However, because it requires the PRIVATE_KEY, allowing autonomous invocation (the platform default) would increase the blast radius: an agent with this skill and access to the key could autonomously submit transactions. The skill itself does not request persistent modification of other skills or system-wide settings.
如何使用
  1. 确保已安装 OpenClaw(本地或 Docker 部署)
  2. 在对话框中输入安装命令:/install make-git-escrow
  3. 安装完成后,直接呼叫该 Skill 的名称或使用 /make-git-escrow 触发
  4. 根据 Skill 的参数说明提供必要输入,即可获得结构化输出
版本历史
v1.0.0
- Initial release of make-git-escrow. - Automates creation of a git escrow bounty for a test suite using the git-escrows CLI. - Guides users to verify dependencies and .env configuration. - Interactively collects required parameters: repository URL, commit hash, reward amount, oracle & arbiter addresses, and ERC20 token contract. - Executes the escrow submission and clearly reports the results, including Escrow UID and next steps. - Provides troubleshooting help if any command fails.
元数据
Slug make-git-escrow
版本 1.0.0
许可证 MIT-0
累计安装 0
当前安装数 0
历史版本数 1
常见问题

Make Git Escrow 是什么?

Create a new git escrow bounty for a test suite. Use when the user wants to submit a challenge with escrowed token rewards for passing a failing test suite.... 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件,目前累计下载 269 次。

如何安装 Make Git Escrow?

在 OpenClaw 或 Claude Code 对话框中运行命令「/install make-git-escrow」即可一键安装,无需额外配置。

Make Git Escrow 是免费的吗?

是的,Make Git Escrow 完全免费,采用 MIT-0 许可证,可自由下载、安装和使用。

Make Git Escrow 支持哪些平台?

Make Git Escrow 跨平台运行,可在任意部署了 OpenClaw / Claude Code 的环境中使用(cross-platform)。

谁开发了 Make Git Escrow?

由 疒奀(@mlegls)开发并维护,当前版本 v1.0.0。

推荐 Skills
self-improving agent
Captures learnings, errors, and corrections to enable continuous improvement. Use when: (1) A command or operation fails unexpectedly, (2) User corrects Clau...
⬇ 463283 · by pskoett
Skill Vetter
Security-first skill vetting for AI agents. Use before installing any skill from ClawdHub, GitHub, or other sources. Checks for red flags, permission scope, and suspicious patterns.
⬇ 259410 · by spclaudehome
Polymarket
Query Polymarket prediction markets. Check odds, find trending markets, search events, track price movements.
⬇ 232503 · by joelchance
Self-Improving + Proactive Agent
Self-reflection + Self-criticism + Self-learning + Self-organizing memory. Agent evaluates its own work, catches mistakes, and improves permanently. Use when...
⬇ 200423 · by ivangdavila
Github
Interact with GitHub using the `gh` CLI. Use `gh issue`, `gh pr`, `gh run`, and `gh api` for issues, PRs, CI runs, and advanced queries.
⬇ 191115 · by steipete
ontology
Typed knowledge graph for structured agent memory and composable skills. Use when creating/querying entities (Person, Project, Task, Event, Document), linkin...
⬇ 190156 · by oswalpalash

💬 留言讨论