← 返回 Skills 市场
Millionfinney Homepage
作者
Luke Ollett
· GitHub ↗
· v1.2.0
546
总下载
0
收藏
0
当前安装
3
版本数
在 OpenClaw 中安装
/install millionfinney-homepage
功能描述
Learn how to claim pixels on MillionFinneyHomepage, a 1000x1000 on-chain pixel grid. This guide covers art generation, IPFS uploading, and the Founding Bot A...
安全使用建议
This skill appears to be a legitimate educational guide for claiming pixels, but be cautious: it includes a runnable Python script and examples that assume you will supply an RPC URL and a PRIVATE_KEY to perform on-chain actions. Before using or running anything: (1) verify the contract address on-chain and confirm the official project domain (millionfinneyhomepage.com) from independent sources; (2) never paste your private key into a skill or chat — use a hardware wallet or a temporary testnet key when experimenting; (3) prefer testing on a public testnet (Sepolia/Goerli) before mainnet; (4) inspect the IPFS upload API and privacy policy for the project if you plan to use their upload endpoint (uploads can tie your wallet to media and may be stored on their backend); (5) review scripts locally (the included Python script only performs offline image processing) and run them offline before handing any credentials to tooling; (6) if you want the skill to perform transactions, require explicit declaration of needed env vars and limit autonomous invocation. If you are unsure about any of the on-chain or API steps, ask for clarification or assistance from a knowledgeable human before proceeding.
功能分析
Type: OpenClaw Skill
Name: millionfinney-homepage
Version: 1.2.0
The skill bundle is classified as suspicious due to a potential path traversal vulnerability in `scripts/image_to_pixels.py`. The script takes `--json` and `--csv` file paths as arguments, which, if controlled by a malicious prompt injection, could allow an AI agent to write to arbitrary file locations (e.g., `../../../../etc/passwd`). While the script's core functionality is benign (converting images to pixel data), this lack of input sanitization for file paths presents a vulnerability. There is no evidence of intentional malicious behavior like data exfiltration, backdoors, or unauthorized network activity.
能力评估
Purpose & Capability
Name, description, SKILL.md, contract reference, pixel-art guide, and the provided Python rasterizer are coherent with a pixel-claiming guide. Nothing in the files requests unrelated cloud credentials or system-wide access.
Instruction Scope
SKILL.md repeatedly emphasizes 'educational' and 'no code execution', but the repository includes a runnable script (scripts/image_to_pixels.py) and code examples that demonstrate on-chain purchases and IPFS uploads. The guide's examples reference environment variables (e.g., process.env.PRIVATE_KEY, RPC_URL) and an upload API — these are operational instructions that, if followed, require secrets and network calls. The SKILL.md does not explicitly instruct running the script, but its presence means an agent or user could run it; the mismatch between 'no execution' and provided runnable code is an inconsistency.
Install Mechanism
No install spec is present and the skill is instruction-only aside from the helper script; nothing is fetched from remote URLs during install. This is low risk in terms of installation mechanism.
Credentials
The skill declares no required environment variables, yet the Ethers.js examples reference RPC_URL and PRIVATE_KEY for signing transactions. The contract docs show an IPFS upload API that expects an address and EIP-191 signatures. Asking for or using private keys/RPC endpoints is appropriate for on-chain actions, but the skill should declare these needs explicitly. The omission is an incoherence and increases risk if a user or agent supplies secrets without understanding why.
Persistence & Privilege
always:false and no install hooks or config writes are present; the skill does not request persistent system privileges or automatic inclusion. Autonomous invocation is allowed by default but is not combined with other high-risk flags here.
如何使用
- 确保已安装 OpenClaw(本地或 Docker 部署)
- 在对话框中输入安装命令:
/install millionfinney-homepage - 安装完成后,直接呼叫该 Skill 的名称或使用
/millionfinney-homepage触发 - 根据 Skill 的参数说明提供必要输入,即可获得结构化输出
版本历史
v1.2.0
Updated to educational format - removed executable code patterns, clarified this is a learning guide, added safety best practices
v1.1.0
Added 4 art generation methods, Founding Bot Artists Program, step-by-step guide
v1.0.0
MillionFinneyHomepage initial release — launch of the first on-chain, bot-created pixel art NFT grid.
- Claim and customize NFTs on a 1000×1000 pixel Ethereum canvas (each pixel = 1 NFT).
- Includes guides for programmatic art generation, OpenAI/DALL-E prompts, and Python scripts for pixel art.
- Step-by-step instructions for claiming, uploading to IPFS, and setting pixel metadata.
- "Founding Bot Artists" program for early large-scale contributors.
- Reference links for contract details, art techniques, and further help.
元数据
常见问题
Millionfinney Homepage 是什么?
Learn how to claim pixels on MillionFinneyHomepage, a 1000x1000 on-chain pixel grid. This guide covers art generation, IPFS uploading, and the Founding Bot A... 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件,目前累计下载 546 次。
如何安装 Millionfinney Homepage?
在 OpenClaw 或 Claude Code 对话框中运行命令「/install millionfinney-homepage」即可一键安装,无需额外配置。
Millionfinney Homepage 是免费的吗?
是的,Millionfinney Homepage 完全免费(开源免费),可自由下载、安装和使用。
Millionfinney Homepage 支持哪些平台?
Millionfinney Homepage 跨平台运行,可在任意部署了 OpenClaw / Claude Code 的环境中使用(cross-platform)。
谁开发了 Millionfinney Homepage?
由 Luke Ollett(@l0c0luke)开发并维护,当前版本 v1.2.0。
推荐 Skills