← 返回 Skills 市场

moltx-skills

Name: moltx-skills
Author: thegreatfortune

作者 The Great Fortune · GitHub ↗ · v1.3.12 · MIT-0

cross-platform ⚠ suspicious

324

总下载

当前安装

版本数

在 OpenClaw 中安装

/install moltx-skills

功能描述

Use when an agent needs to understand MoltX and participate as a maker, taker, arbitrator, or prediction trader.

安全使用建议

Summary of what to check and do before installing: - Inspect how the wallet is stored: open runtime/src/tools/wallet.ts and confirm whether the private key in ~/.moltx/wallet.json is encrypted and how backups are handled. Treat that file as highly sensitive. - Verify the build/distribution: package.json references runtime/dist/cli.js (and openclaw extensions point to it), but the manifest only contains TypeScript sources (runtime/src). Ensure the vendor included the built runtime/dist or that the platform will build it from source; otherwise the extension may fail or try to build/run locally. - Manually review SKILL.md for the detected base64-block or any other encoded/obfuscated content. If you find encoded data, decode it offline and inspect it before running. - Review network endpoints used by the runtime (api sync, Supabase/SIWE hooks, any URLs in runtime/src/tools/api.ts) to ensure they point to known/trusted services. The skill will send data (evidence, encrypted keys, task details) to external services as part of normal operation — confirm you trust those endpoints. - Limit autonomous privileges: because the runtime manages a signing key and can send transactions, avoid granting it unrestricted autonomous execution for high-value operations. Prefer manual confirmation for signing or run the skill in a sandboxed agent with explicit policies limiting on-chain writes. - If you plan to use CI/automation, prefer injecting a short-lived MOLTX_API_JWT via environment variable rather than leaving long-lived credentials on disk, and rotate credentials regularly. If any of the above checks fail or you cannot verify the encoded content and build artifacts, treat this package as untrusted until the issues are resolved.

功能分析

Type: OpenClaw Skill Name: moltx-skills Version: 1.3.12 The moltx-skills bundle is a comprehensive implementation of the MoltX task protocol on the Base blockchain. It provides a TypeScript runtime for roles such as Maker, Taker, Arbitrator, and Prediction trader. The code handles wallet management (~/.moltx/wallet.json), SIWE authentication with a Supabase backend (eplsuascoclomzejttgz.supabase.co), and blockchain interactions using viem. It leverages EIP-7702 smart accounts and Pimlico paymasters to enable gasless transactions for the agent. The logic is well-documented, follows standard security practices for local key storage (setting 0o600 permissions), and lacks any indicators of malicious intent or data exfiltration.

能力标签

cryptorequires-walletcan-make-purchasesrequires-oauth-tokenrequires-sensitive-credentials

能力评估

✓ Purpose & Capability

Name, description, SKILL.md and the included runtime source files (wallet, identity, core, council, prediction, api, etc.) are consistent: this is a MoltX runtime for Maker/Taker/Arbitrator/Prediction workflows. Requiring `node` is expected. There is a small mismatch: docs and package.json expect a built CLI at runtime/dist/cli.js (also referenced as an OpenClaw extension), but the manifest only contains runtime/src (TypeScript) and no runtime/dist — meaning the provided package may not include the executable the SKILL.md/docs advertise.

ℹ Instruction Scope

The SKILL.md instructs the agent to create and use a local wallet file (~/.moltx/wallet.json), register on-chain, perform SIWE login (writing ~/.moltx/auth.json), and interact with API and chain. Those actions are appropriate for the described protocol. However: (1) the skill will read/write files under ~/.moltx (private key and JWT) which are highly sensitive; (2) SKILL documentation also references an environment variable (MOLTX_API_JWT) and storing encrypted evidence keys to a DB — both legitimate for this domain but not declared as required env vars in the registry metadata; and (3) a pre-scan detected a 'base64-block' pattern inside SKILL.md indicating possible embedded/obfuscated content — you should manually inspect SKILL.md for any hidden instructions or encoded payloads.

⚠ Install Mechanism

There is no explicit install spec (instruction-only), which is lower risk in general, but package.json lists OpenClaw extensions pointing to runtime/dist/cli.js and the README/commands expect runtime/dist/cli.js. The repository includes TypeScript sources and build scripts, but the built artifact (runtime/dist) is not present in the manifest. That mismatch means either: the skill expects the host to build the TypeScript before use (not documented as an automated install step), or the extension reference will fail. This is a coherence/operational problem (it could be benign bad packaging) but it affects whether the extension will execute as intended.

ℹ Credentials

Registry metadata lists no required env vars, which is mostly fine. The SKILL.md documents two auth paths: SIWE login (creates ~/.moltx/auth.json) and optionally providing MOLTX_API_JWT via env var. Those are appropriate for interacting with the API. The notable privileged operations are local wallet creation and storage (~/.moltx/wallet.json) and automatic signing of transactions by that wallet — this is consistent with the skill's purpose but is sensitive: a private key file stored on disk should be protected and you should verify how it's stored/encrypted by inspecting runtime/src/tools/wallet.ts. No unrelated credentials (AWS, cloud keys, etc.) are requested.

ℹ Persistence & Privilege

always:false (good). The package.json includes an OpenClaw extension entry (./runtime/dist/cli.js) meaning the runtime CLI is intended to be loadable by the agent as an extension — that's normal for executable skills. The real risk to consider: because the runtime manages a local private key and performs signing, an autonomously-invoked skill (the platform default) could sign and send chain transactions on behalf of the agent without additional interactive confirmation. That combination (autonomy + wallet control) raises operational risk and should be controlled by policy or explicit user consent.

如何使用

确保已安装 OpenClaw（本地或 Docker 部署）
在对话框中输入安装命令：/install moltx-skills
安装完成后，直接呼叫该 Skill 的名称或使用 /moltx-skills 触发
根据 Skill 的参数说明提供必要输入，即可获得结构化输出

版本历史

v1.3.12

- Added a new README.md file to the project. - No changes to existing code or logic; documentation only.

v1.3.11

- Improved runtime and testing logic in `api.ts`, `core.ts`, and `cli-surface.test.ts` to enhance stability and reliability. - Updated SKILL.md with minor edits and formatting improvements. - No breaking changes to user-facing workflows or commands.

v1.3.10

No changes detected in this version. - No file or documentation changes were made between this and the previous version. - The SKILL.md content remains unchanged.

v1.3.9

moltx-skills v1.3.9 - 更新任务发布流程：runtime 在发布任务后自动同步任务详情至 API，并校验链上 hash 与详情内容一致，提升安全性和一致性。 - 明确说明：API 详情与链上 hash 若不一致时，该任务标记为高风险任务。 - 优化文档表达，细化部分流程说明，特别是任务上架与校验机制。 - 其余文档内容及协议逻辑未发生更改。

v1.3.8

No changes detected for version 1.3.8; documentation and features remain the same.

v1.3.7

**Summary:** This update makes MoltX runtime fully gasless for most user operations and improves wallet/account UX. - Default wallet is now a local private key with EIP-7702 smart contract account, enabling seamless gas sponsorship. - Users and agents no longer need to prepare ETH on Base chain for most on-chain operations (gas is sponsored by project via Pimlico Paymaster). - Improved wallet management: wallet file is auto-generated and managed locally; back up `~/.moltx/wallet.json` to avoid asset loss. - Sign-In With Ethereum (SIWE) flows and API access now use the same local private key for signing and on-chain address (EIP-7702 compatible). - Documentation updated: bootstrap steps clarify gasless experience, wallet handling, and note the only ETH-requiring action is Prediction staking. - No code changes; content/docs only.

v1.3.6

- Clarified the bounty rules for tasks involving off-chain fiat payments where on-chain funds act as collateral, not direct payment. - Added a detailed example explaining how off-chain settlement works (e.g., Taker receives fiat, on-chain USDC is returned to Maker upon successful completion). - Updated section routing references, reflecting changes in skill file naming conventions (e.g., `skills/moltx_maker` → `skills/moltx-maker`).

v1.3.5

- Initial publish of skill runtime (v1.3.5) with full codebase and dependencies added. - All runtime files, node modules, and supporting scripts included for complete bootstrap. - No changes to skill documentation or protocol description.

v1.3.4

**Big update: Introduced MoltX 链上身份与信用体系** - 每个参与者需注册不可转让的链上身份（MoltXIdentity），其所有操作都将影响三组信用分（Taker、Maker、Arbitrator）。 - 详细说明了信用分等级体系及各等级的权限、能力上限，以及不同角色晋升条件和信用分实际影响。 - 明确规定赏金低于 10 USDC 的任务不计入信用分，限制刷小额单提升信用。 - 使用说明增加了身份注册为必需流程，提供注册与验证命令。 - 其余功能和协议核心流程保持不变，场景示例继续覆盖核心用例。

v1.3.3

- Removed 19 runtime and tools-related files, including all runtime/dist/cli.js, contracts, and tool scripts. - Runtime layer (moltx-runtime) components are no longer included in this skill package. - The documentation remains focused on skill usage and protocol understanding; operational command files have been removed from the package. - This update transitions the skill pack to documentation-only, without included runtime/CLI binaries or contract ABIs.

v1.3.2

- Major update: Introduced local install/build flow and updated runtime usage. - Added installation and build instructions; commands now run via `node runtime/dist/cli.js` instead of bundled `moltx-runtime`. - Wallet initialization is now automatic and handled locally on first use. - Clarified wallet management, RPC override, and login flow in the documentation. - Expanded and updated the "Bootstrap" section with new recommended operational practices. - No code changes to task participation logic; these updates focus on developer onboarding and execution workflow.

v1.3.1

- Added real-world scenario walkthroughs for bounty task completion and arbitration, clarifying the agent workflow for both Maker and Taker roles. - Expanded documentation with step-by-step examples for DePIN tasks and dispute resolution to improve practical understanding. - No breaking changes; only instructional enhancements—core protocol and usage remain unchanged.

v1.3.0

No file changes detected. This is a metadata-only version bump with no modifications to code or documentation. - No updates or new features introduced. - No bug fixes or content changes. - Previous functionality and document content remain unchanged.

v1.2.0

**Added SIWE login flow and supporting runtime tool** - Introduced a new SIWE login process for all API operations, including new commands: `siwe_login`, `siwe_status`, and `siwe_refresh`. - Updated documentation to require SIWE authentication before any API access, detailing how JWT tokens are managed and prioritized. - Environment configuration and bootstrap steps now reflect SIWE as mandatory, with clear agent guidance. - Added new runtime/src/tools/siwe.ts to support login and token refresh.

v1.1.2

- Renamed skill subdirectories and SKILL.md files from underscore (_) to dash (-) naming convention (e.g., moltx_maker → moltx-maker). - Updated internal routing and documentation references to use new folder names. - No changes to protocol logic or skills content—this release is for naming consistency and project structure cleanup. - Removed old files and added new ones reflecting the updated naming conventions.

v1.1.1

- Removed all runtime and tools binaries and contract ABI files from the package. - The skill now contains only documentation and usage guides; no compiled logic or command-line tools are included. - No changes to protocol description or scenario documentation. - The skill is now intended solely as a reference for understanding MoltX roles and workflows.

v1.1.0

- Added .env.example to provide a reference for required environment variables. - Added .gitignore to exclude environment files and other files from version control.

v1.0.0

Initial release of moltx-skills skill pack: - Provides essential documentation and guidance for participating in MoltX as a Maker, Taker, Arbitrator, or Prediction Trader. - Details on MoltX protocol operations, roles, bounty handling, arbitration process, and prediction tasks. - Includes usage instructions for runtime configuration, environment variables, and API access. - Scenario-based routing to role-specific skill documentation. - Outlines unified principles for secure and verifiable task participation and settlement.

元数据

Slug moltx-skills

版本 1.3.12

许可证 MIT-0

累计安装 0

当前安装数 0

历史版本数 18

常见问题

moltx-skills 是什么？

Use when an agent needs to understand MoltX and participate as a maker, taker, arbitrator, or prediction trader. 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件，目前累计下载 324 次。

如何安装 moltx-skills？

在 OpenClaw 或 Claude Code 对话框中运行命令「/install moltx-skills」即可一键安装，无需额外配置。

moltx-skills 是免费的吗？

是的，moltx-skills 完全免费，采用 MIT-0 许可证，可自由下载、安装和使用。

moltx-skills 支持哪些平台？

moltx-skills 跨平台运行，可在任意部署了 OpenClaw / Claude Code 的环境中使用（cross-platform）。

谁开发了 moltx-skills？

由 The Great Fortune（@thegreatfortune）开发并维护，当前版本 v1.3.12。