← 返回 Skills 市场
207
总下载
0
收藏
0
当前安装
3
版本数
在 OpenClaw 中安装
/install meridian
功能描述
Use the Meridian GIS API (meridian.nodeapi.ai) to process geospatial data. Handles the full x402 payment flow automatically — sends a request, reads the 402...
安全使用建议
This skill appears to implement a paid GIS API that charges via x402 (USDC on Base). Before installing or using it: (1) do not paste or store your wallet private key in environment variables or hand it to an agent — the skill's examples suggest passing WALLET_PRIVATE_KEY to sign payments, which would give full control of funds; prefer a workflow where you sign payments locally or use an external wallet/provider. (2) Ask the publisher to clarify the signing flow and whether client-side signing (wallet pop-up or hardware wallet) is supported instead of providing raw keys. (3) Verify the correct API host (the docs use inconsistent domains: meridian.nodeapi.ai vs meridianapi.nodeapi.ai) and independently confirm the pay_to and USDC contract addresses before sending any payments. (4) If you must use this skill, require explicit manual approval for any payment operations and avoid storing long-lived secrets in the agent environment. If the vendor cannot explain why a private key is needed or cannot provide a safer signing option, treat the skill as high-risk.
功能分析
Type: OpenClaw Skill
Name: meridian
Version: 1.0.2
The skill provides GIS data processing via the Meridian API (meridian.nodeapi.ai) and implements an automated x402 payment flow using USDC on the Base network. While the functionality is clearly documented and aligned with its stated purpose, it requires the AI agent to handle a wallet private key to sign EIP-3009 authorizations for financial transactions. This represents a high-risk security pattern and a significant vulnerability, as it grants the agent the capability to authorize expenditures, which could be exploited if the agent's logic is compromised.
能力评估
Purpose & Capability
The skill claims to provide GIS processing with an x402 micropayment flow, which matches the endpoints and payment docs included. However, the SKILL.md and references differ on base URLs (e.g., meridian.nodeapi.ai vs meridianapi.nodeapi.ai) and the description says "No accounts or API keys needed" while the payment flow requires signing with a wallet private key. Those inconsistencies make it unclear what credentials or user secrets are actually required.
Instruction Scope
The included instructions explicitly show using a WALLET_PRIVATE_KEY and signing EIP-3009 transferWithAuthorization to produce an X-PAYMENT header. SKILL.md and references instruct installing/using an x402 client and either automatic signing (passing a private key) or manual signing. The instructions therefore direct use of a highly sensitive secret (wallet private key) without describing safer alternatives (external wallet pop-ups, hardware wallets, or user-mediated signing).
Install Mechanism
This is an instruction-only skill (no install spec and no code files), which lowers installation risk. The docs reference third-party libraries (pip/npm 'x402') for convenience, but no automated installer is provided. The presence of install recommendations is expected but means the agent or user may be prompted to install packages.
Credentials
The skill declares no required environment variables, yet examples and the payment reference recommend supplying a WALLET_PRIVATE_KEY private key to sign payments. Requesting or advising the agent to read/store a wallet private key is high-risk and disproportionate unless the user intentionally wants the agent to hold that secret. There is no declaration of this credential in the skill metadata, and the docs do not clearly describe safer signing workflows.
Persistence & Privilege
The skill does not request always:true, does not include an install spec that would write files, and does not ask to modify other skills or system-wide settings. It appears not to request elevated persistent privileges.
如何使用
- 确保已安装 OpenClaw(本地或 Docker 部署)
- 在对话框中输入安装命令:
/install meridian - 安装完成后,直接呼叫该 Skill 的名称或使用
/meridian触发 - 根据 Skill 的参数说明提供必要输入,即可获得结构化输出
版本历史
v1.0.2
API URL update: meridianapi.nodeapi.ai
v1.0.1
URL update: v2.nodeapi.ai → meridian.nodeapi.ai throughout
v1.0.0
Initial release — 28 GIS endpoints, x402/Base USDC payments, full endpoint and payment reference
元数据
常见问题
Meridian GIS API 是什么?
Use the Meridian GIS API (meridian.nodeapi.ai) to process geospatial data. Handles the full x402 payment flow automatically — sends a request, reads the 402... 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件,目前累计下载 207 次。
如何安装 Meridian GIS API?
在 OpenClaw 或 Claude Code 对话框中运行命令「/install meridian」即可一键安装,无需额外配置。
Meridian GIS API 是免费的吗?
是的,Meridian GIS API 完全免费,采用 MIT-0 许可证,可自由下载、安装和使用。
Meridian GIS API 支持哪些平台?
Meridian GIS API 跨平台运行,可在任意部署了 OpenClaw / Claude Code 的环境中使用(cross-platform)。
谁开发了 Meridian GIS API?
由 eianray(@eianray)开发并维护,当前版本 v1.0.2。
推荐 Skills