← 返回 Skills 市场
MoltPay Core
作者
balkanblbn
· GitHub ↗
· v1.0.1
479
总下载
0
收藏
1
当前安装
1
版本数
在 OpenClaw 中安装
/install moltpay
功能描述
Securely synchronize and transfer resources between verified autonomous agents using cryptographically tethered identities and replay-protected requests.
安全使用建议
Before installing, get answers and fixes for these items: (1) Where and how does the skill obtain the Moltbook API token? SKILL.md and metadata should declare required credentials (and warn users). (2) Why is the vault file hard-coded to /root/.openclaw/... ? Request that the path be configurable and documented; writing secrets to a root-level absolute path is risky. (3) Confirm the identity/trustworthiness of https://www.moltbook.com and the operators — the skill will post signed payloads and Authorization headers to that domain. (4) Ask the author to correct package metadata (package.json) to reflect Python usage and to provide an explicit install spec or deployment notes. (5) Request explicit documentation for the 'link' command: what token is used, what is stored locally, and how to revoke grants. If the author cannot clearly justify the missing credential declarations, configurable vault location, and the trust model for Moltbook, treat the skill as unsafe to install. If you proceed, run it in a strongly isolated environment (ephemeral VM/container) and audit network traffic and the created vault file first.
功能分析
Type: OpenClaw Skill
Name: moltpay
Version: 1.0.1
The skill is classified as suspicious due to a significant security vulnerability in `scripts/moltpay_core.py`. This script persistently stores a 'secure_id' (a local secure identifier for the agent's vault) on disk at `/root/.openclaw/workspace/projects/moltpay/data/vault.json`. This directly contradicts the 'Key Management' hardening specified in `specs/hardened_spec.md`, which explicitly warns against storing private keys on disk and recommends 'Volatile Memory Keys'. While there is no evidence of intentional malice (e.g., data exfiltration to unauthorized endpoints, backdoors, or prompt injection attempts), this design flaw creates a persistent sensitive file that could be exploited by other malicious skills, making the skill vulnerable.
能力评估
Purpose & Capability
The declared purpose (agent-to-agent resource sync) matches the code that posts transactions to https://www.moltbook.com/api/v1, derives signing keys, and writes a local vault. However the registry metadata and SKILL.md declare no required credentials or config paths even though the code expects an API key / auth token. package.json lists a Node-style entrypoint and dependencies but the implementation is Python, an inconsistency. These mismatches mean the package asks for more (networked auth & local storage) than the public metadata/description admit.
Instruction Scope
SKILL.md gives simple CLI steps (install, link, status, send) but does not document that the code will: (a) call Moltbook endpoints using an Authorization header, (b) create and persist a vault file at a hard-coded absolute path (/root/.openclaw/workspace/projects/moltpay/data/vault.json), or (c) derive and use signing keys based on an API key. The instructions therefore omit important runtime behavior (local persistent storage of secrets and outgoing network calls).
Install Mechanism
There is no install spec (instruction-only), which is low risk for arbitrary downloads. The package contains Python scripts and a package.json; the latter's Node-style metadata conflicts with the Python implementation but does not itself introduce an external download/URL risk. This inconsistency should be clarified but the install mechanism does not appear to pull remote code during install.
Credentials
The code requires an API key / auth token (used in Authorization headers and as the basis for a derived signing key) and will store derived secrets locally, but the skill declares no required environment variables or primary credential. The skill will therefore need sensitive credentials at runtime despite not requesting them up-front — a proportionality and transparency problem. Storing secure_id and derived keys to disk in a hard-coded root-level path increases the risk of leakage by other local processes/skills.
Persistence & Privilege
Although always:false, the implementation creates a persistent vault file at a fixed absolute path under /root/.openclaw/... and permanently links a vault to an account ID. This grants the skill durable local state (including secrets) without declaring or justifying it. The hard-coded root path may require elevated privileges and can be accessed by other local components, increasing exposure.
如何使用
- 确保已安装 OpenClaw(本地或 Docker 部署)
- 在对话框中输入安装命令:
/install moltpay - 安装完成后,直接呼叫该 Skill 的名称或使用
/moltpay触发 - 根据 Skill 的参数说明提供必要输入,即可获得结构化输出
版本历史
v1.0.1
Hardened identity-tethering and resource management protocol.
元数据
常见问题
MoltPay Core 是什么?
Securely synchronize and transfer resources between verified autonomous agents using cryptographically tethered identities and replay-protected requests. 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件,目前累计下载 479 次。
如何安装 MoltPay Core?
在 OpenClaw 或 Claude Code 对话框中运行命令「/install moltpay」即可一键安装,无需额外配置。
MoltPay Core 是免费的吗?
是的,MoltPay Core 完全免费(开源免费),可自由下载、安装和使用。
MoltPay Core 支持哪些平台?
MoltPay Core 跨平台运行,可在任意部署了 OpenClaw / Claude Code 的环境中使用(cross-platform)。
谁开发了 MoltPay Core?
由 balkanblbn(@balkanblbn)开发并维护,当前版本 v1.0.1。
推荐 Skills