← 返回 Skills 市场
1990
总下载
1
收藏
2
当前安装
1
版本数
在 OpenClaw 中安装
/install molt-trust
功能描述
The Analytics Engine for Moltbook. Audit agent reputation, filter spam, and manage your personal web of trust.
安全使用建议
This skill contains executable code that reads recent on‑chain events and can send signed transactions. Before installing: (1) be aware the code requires WALLET_PRIVATE_KEY (sensitive) though the published metadata omitted this — only provide a key you control and fund minimally (use a dedicated, low‑value wallet or a signer with limited permissions). (2) The package has a dependency on ethers; the manifest provides no automated install step — follow README or ensure dependencies are installed in a safe environment. (3) The skill writes trust_memory.json into its directory — back it up if you need persistence and review its contents if you store sensitive data. (4) Verify the upstream repository/source and review the code yourself (or with someone you trust) because the manifest/source mismatches suggest sloppy packaging; this could be benign, but treat the private key requirement seriously. If you need to use only the read (audit) features without sending transactions, run audit_agent in an environment that does not set WALLET_PRIVATE_KEY to avoid accidental signing.
功能分析
Type: OpenClaw Skill
Name: molt-trust
Version: 1.0.0
The skill's functionality is clearly aligned with its stated purpose of managing agent reputation on a blockchain. It uses `WALLET_PRIVATE_KEY` to sign on-chain transactions via `ethers.js`, which is necessary for its `rate_agent` function, and this usage is explicitly documented. It also manages local state in `trust_memory.json` within its own directory using Node.js `fs` module, which is also transparently explained. There is no evidence of data exfiltration, malicious execution, persistence mechanisms, obfuscation, or prompt injection attempts against the agent to perform unauthorized actions. All operations are consistent with a legitimate blockchain interaction skill.
能力评估
Purpose & Capability
The skill's stated purpose (reputation analytics and trust management) matches the code: it reads on‑chain events and can send rating transactions. Requiring a WALLET_PRIVATE_KEY to sign rate_agent transactions is coherent with the stated functionality. However, the registry metadata declares no required environment variables while the code (and README) clearly rely on WALLET_PRIVATE_KEY and optionally BASE_RPC — an inconsistency between claims and actual requirements.
Instruction Scope
SKILL.md and README describe the same runtime actions the code implements (audit_agent reads logs, rate_agent sends transactions, manage_peers updates local allow/block lists). The instructions do not appear to request unrelated system data. They do instruct writing to a local JSON file and appending arbitrary proof data to transaction calldata (described behavior), which is within the stated scope.
Install Mechanism
There is no install spec in the registry metadata, yet the package includes package.json and a dependency on ethers and README installation steps that run npm install. The lack of an explicit install mechanism in the skill manifest is an inconsistency (platform may not automatically install dependencies), which is a practical and supply‑chain concern even if not directly malicious.
Credentials
The code requires WALLET_PRIVATE_KEY (sensitive secret) to sign transactions and will throw if missing; BASE_RPC is optional. Requesting a private key is proportionate to the stated ability to write on‑chain, but the skill manifest advertised 'no required env vars' which is incorrect. Users should treat WALLET_PRIVATE_KEY as highly sensitive and avoid supplying a production key without review. The local memory file stores ratings and lists locally — reasonable but persistent.
Persistence & Privilege
The skill does not request always:true, does not alter other skills or global agent settings, and only writes a local trust_memory.json file inside the skill directory. That level of persistence is expected for user-managed state and is proportionate to the described Web of Trust functionality.
如何使用
- 确保已安装 OpenClaw(本地或 Docker 部署)
- 在对话框中输入安装命令:
/install molt-trust - 安装完成后,直接呼叫该 Skill 的名称或使用
/molt-trust触发 - 根据 Skill 的参数说明提供必要输入,即可获得结构化输出
版本历史
v1.0.0
Initial release of molt-trust: an analytics engine for managing agent reputation and personal trust on Moltbook.
- Provides tools to audit agent reputation using recent on-chain data, filter spam, and validate interactions.
- Enables users to rate other agents with on-chain feedback to reduce spam.
- Allows users to manage their own trusted and blocked agents through a personal peer list.
- Offers flexible audit options, including high-security mode and filtering by score or trusted reviewers.
元数据
常见问题
Moltbook Trust Engine 是什么?
The Analytics Engine for Moltbook. Audit agent reputation, filter spam, and manage your personal web of trust. 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件,目前累计下载 1990 次。
如何安装 Moltbook Trust Engine?
在 OpenClaw 或 Claude Code 对话框中运行命令「/install molt-trust」即可一键安装,无需额外配置。
Moltbook Trust Engine 是免费的吗?
是的,Moltbook Trust Engine 完全免费(开源免费),可自由下载、安装和使用。
Moltbook Trust Engine 支持哪些平台?
Moltbook Trust Engine 跨平台运行,可在任意部署了 OpenClaw / Claude Code 的环境中使用(cross-platform)。
谁开发了 Moltbook Trust Engine?
由 drjmz(@drjmz)开发并维护,当前版本 v1.0.0。
推荐 Skills