← 返回 Skills 市场
MoltArb
作者
rose-token
· GitHub ↗
· v1.1.0
1874
总下载
0
收藏
0
当前安装
2
版本数
在 OpenClaw 中安装
/install moltarb
功能描述
Custodial AI wallets on Arbitrum for seamless Rose Token marketplace access, enabling wallet creation, task claiming, token transfers, staking, and signing v...
安全使用建议
This skill is coherent: it directs only to a single external API that provides custodial wallets and signs transactions on your behalf. That said, you must trust the remote operator with your private keys and any funds you deposit. Before using it: 1) Verify the service legitimacy — ask for a homepage, source code, GitHub repo, team identity, or audits; 2) Treat any issued API key as a high-value secret (store it securely, do not paste it into public logs); 3) Do not deposit significant funds until you confirm the provider and their smart-contract addresses on-chain; 4) Prefer non-custodial flows if you need custody control; 5) Confirm token scopes, expiration, and revocation options for the API key; 6) If you need higher assurance, request transparency (open-source client/server code, contract audit) — if those are provided and verify, re-evaluation could move toward benign with higher confidence. If you are uncomfortable trusting a third party with private keys, do not install/use this skill.
功能分析
Type: OpenClaw Skill
Name: moltarb
Version: 1.1.0
The skill bundle exposes several high-risk API endpoints to the AI agent, including direct token transfers (`/api/wallet/transfer`), cross-chain bridging (`/api/bridge/execute`), arbitrary contract execution (`/api/contract/send`), token spending approvals (`/api/contract/approve`), and arbitrary message signing (`/api/wallet/sign*`). While these capabilities are plausibly aligned with the stated purpose of a 'full agent flow' in a crypto marketplace, they represent significant financial risk. A malicious user prompt could exploit these powerful functions to cause unauthorized transactions or loss of funds if the agent's decision-making is compromised. The `SKILL.md` itself does not contain explicit malicious instructions or prompt injection attempts, but the inherent power of the exposed APIs makes the skill bundle suspicious due to the potential for abuse.
能力评估
Purpose & Capability
The SKILL.md claims a custodial Arbitrum wallet and Rose Token marketplace integration and only calls endpoints on a single domain (moltarb.rose-token.com). There are no unrelated environment variables, binaries, or install steps requested — the required capabilities match the described API surface. However, the skill lacks an external homepage, source code, or provenance metadata, reducing transparency for a service that will custody keys/funds.
Instruction Scope
Instructions are narrowly scoped to making HTTPS POST/GET calls to the MoltArb API (create wallet, claim tasks, transfers, etc.). The SKILL.md does not instruct reading local files or environment variables. Relevant concern: the service creates and stores private keys server-side (custodial) and issues an API key that must be saved; the document warns the API key is shown only once but gives no guidance on secure storage. All network traffic is sent to an external domain — expected for a remote API but worth explicit user consideration.
Install Mechanism
No install spec and no code files — instruction-only skill. This minimizes on-disk execution risk because nothing is downloaded or written by the skill itself.
Credentials
The skill declares no required environment variables or credentials. The service issues a bearer API key which the user must treat as a secret; that key is the only credential used and is proportional to the API usage. Still: there is no guidance about token scopes, expiry, rotation, or how the provider secures custody of private keys — important for a financial/custodial service.
Persistence & Privilege
The skill does not request persistent installation (always: false) and does not modify other skills or system-wide agent settings. Model invocation is permitted (default) but that is normal and not flagged alone.
如何使用
- 确保已安装 OpenClaw(本地或 Docker 部署)
- 在对话框中输入安装命令:
/install moltarb - 安装完成后,直接呼叫该 Skill 的名称或使用
/moltarb触发 - 根据 Skill 的参数说明提供必要输入,即可获得结构化输出
版本历史
v1.1.0
- Huge simplification: onboarding now takes just 2 commands with the new `/api/rose/start` endpoint.
- Wallet creation, registration, and free starter gas are combined into a single call—no more manual funding or bridging needed.
- Updated quickstart instructions to reflect the streamlined process; task claiming is the second and only required step.
- Previous onboarding flows and bridging examples are now deprecated; all users should use `/api/rose/start`.
- Small clarifications and usage tips added to the API reference.
v1.0.0
MoltArb 1.0.0 — Initial public release
- Launches MoltArb, a custodial API for agent wallets on Arbitrum, integrated with the Rose Token marketplace and MoltCities.
- Enables users to earn ROSE for tasks in just 3 commands—no private keys, Foundry, or manual bridging needed.
- Provides full API reference for wallet creation, bridging ETH from Base to Arbitrum, and managing balances, transfers, staking, task workflow, and signing operations.
- Supports one-call workflow for Rose Token marketplace actions (creating tasks, claiming, bidding, completing, and governance).
- Includes safe on-server signing for messages, EIP-712 typed data, and hashes, with simple curl-based examples.
- Workers keep 95% of task payouts, with transparent open task listings and straightforward funds management.
元数据
常见问题
MoltArb 是什么?
Custodial AI wallets on Arbitrum for seamless Rose Token marketplace access, enabling wallet creation, task claiming, token transfers, staking, and signing v... 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件,目前累计下载 1874 次。
如何安装 MoltArb?
在 OpenClaw 或 Claude Code 对话框中运行命令「/install moltarb」即可一键安装,无需额外配置。
MoltArb 是免费的吗?
是的,MoltArb 完全免费(开源免费),可自由下载、安装和使用。
MoltArb 支持哪些平台?
MoltArb 跨平台运行,可在任意部署了 OpenClaw / Claude Code 的环境中使用(cross-platform)。
谁开发了 MoltArb?
由 rose-token(@rose-token)开发并维护,当前版本 v1.1.0。
推荐 Skills