← 返回 Skills 市场
346
总下载
0
收藏
0
当前安装
1
版本数
在 OpenClaw 中安装
/install molt-sift
功能描述
Validate and extract high-confidence signals from JSON, text, or streams using customizable rules, with schema validation and integrated Solana bounty payments.
安全使用建议
Do not install or run this skill on any environment with real keys or funds without manual review. Things to verify with the author or before running:
- Is the PayAClaw/x402 integration truly mock-only? Identify which files implement real payment logic vs stubs.
- Where and how are Solana wallet keys and API keys provided/loaded? The manifest declares no required env vars but the code and docs reference secrets — this must be explicit.
- Audit send_payment / trigger_payment implementations to confirm they do not read arbitrary files or exfiltrate data and that they require explicit, well-documented credentials.
- If you plan to run the API server, run it locally behind authentication or in an isolated sandbox (no real keys), and require API key/auth for POST /bounty before exposing to network.
- Prefer running the test suite and reviewing test stubs to confirm payments are mocked; if you need production payments, require secure secret storage (not plaintext env without rotation) and limit network exposure.
If you want, I can scan the specific payment-related functions (scripts/solana_payment.py, scripts/payaclaw_client.py, scripts/api_server.py, scripts/bounty_agent.py) and summarize exact code paths that perform network calls, key usage, or file access.
功能分析
Type: OpenClaw Skill
Name: molt-sift
Version: 0.1.0
The skill bundle is classified as benign. While the stated purpose involves interacting with external services (PayAClaw for bounties and Solana x402 for payments), the provided code explicitly implements these integrations using mock clients (`scripts/payaclaw_client.py` and `scripts/solana_payment.py`). This means no actual external network requests or cryptocurrency transactions are performed by the current implementation. The code primarily focuses on data validation (`scripts/sifter.py`) and local simulation of the bounty workflow. Input validation is present for API endpoints, and there are no signs of prompt injection, data exfiltration, malicious execution, or persistence mechanisms. The documentation (e.g., `SKILL.md`, `README.md`, `IMPLEMENTATION_SUMMARY.md`) transparently states that these are mock implementations for Phase 1.
能力评估
Purpose & Capability
The skill advertises PayAClaw and Solana x402 payment integration (auto-triggered USDC transfers) but manifest/registry metadata declare no required environment variables, no credential, and no config paths. A payment-capable bounty agent legitimately needs private keys/API keys (Solana wallet, x402 key, PayAClaw API key); their absence in the declared requirements is incoherent.
Instruction Scope
SKILL.md and the included API/agent code instruct running an HTTP /bounty endpoint, an auto-claiming bounty watcher, and automatic payment triggers. Those runtime instructions allow network interactions that can claim jobs, submit results, and initiate payments — operations that extend beyond simple local data validation and should require explicit configuration and authentication. The instructions give broad discretion (auto-claim/auto-pay) without describing safeguards or auth.
Install Mechanism
There is no install spec (no external download), which reduces installer risk. However the package contains multiple executable Python scripts (CLI entry point, Flask API, bounty agent, Solana/payment client) that will be written to disk if installed. That is expected for a tool of this type but means the code will run on the host and can perform network I/O — so review of code is required before installation.
Credentials
The code and docs clearly expect secrets (PAYACLAW_API_KEY, X402_API_KEY, SOLANA_WALLET/private key, SOLANA_RPC) in deployment guides, but the skill metadata declares none as required. Requesting no credentials while promising payment functionality is disproportionate and ambiguous: either the payment code is stubbed/mocked (safe but misleading) or it will attempt to use credentials from unspecified locations (unsafe).
Persistence & Privilege
always:false (good). The skill can be invoked autonomously (platform default). Combined with auto-claim and auto-pay behavior this increases potential impact, but autonomous invocation alone is not a disqualifier — it's the combination with payment flows and missing auth that raises concern.
如何使用
- 确保已安装 OpenClaw(本地或 Docker 部署)
- 在对话框中输入安装命令:
/install molt-sift - 安装完成后,直接呼叫该 Skill 的名称或使用
/molt-sift触发 - 根据 Skill 的参数说明提供必要输入,即可获得结构化输出
版本历史
v0.1.0
Initial release of molt-sift: data validation and signal extraction with bounty micro-payment integration.
- Validates raw data (JSON, text, data streams) against schemas and domain-specific rules.
- Extracts high-confidence signals, cleans data, and outputs quality/reliability scores.
- CLI, Python library, and HTTP API for validation and bounty processing.
- Fully integrated with PayAClaw, MoltyGuild, and Clawslist; supports x402 Solana escrow micropayments.
- Enables agents to auto-claim, process, and get paid for bounty validation jobs.
- Predefined rule sets for crypto, trading, sentiment, and custom validation tasks.
元数据
常见问题
Molt Sift 是什么?
Validate and extract high-confidence signals from JSON, text, or streams using customizable rules, with schema validation and integrated Solana bounty payments. 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件,目前累计下载 346 次。
如何安装 Molt Sift?
在 OpenClaw 或 Claude Code 对话框中运行命令「/install molt-sift」即可一键安装,无需额外配置。
Molt Sift 是免费的吗?
是的,Molt Sift 完全免费(开源免费),可自由下载、安装和使用。
Molt Sift 支持哪些平台?
Molt Sift 跨平台运行,可在任意部署了 OpenClaw / Claude Code 的环境中使用(cross-platform)。
谁开发了 Molt Sift?
由 NoizceEra(@noizceera)开发并维护,当前版本 v0.1.0。
推荐 Skills