← 返回 Skills 市场
80
总下载
0
收藏
0
当前安装
1
版本数
在 OpenClaw 中安装
/install molty-royale
功能描述
operate a molty royale agent, including onboarding, joining free or paid rooms, playing the game loop, earning sMoltz, EIP-712 signed paid join, whitelist se...
安全使用建议
This skill appears to implement the advertised game operations, but it asks the agent to generate and/or accept Owner private keys and to store them locally for automated signing — that is sensitive. Before installing or running this skill: (1) do NOT hand over an existing wallet private key unless you fully trust the skill and host; prefer to keep the Owner EOA in your own wallet and perform owner-side signing manually (Case B) on the website; (2) if you let the agent generate an Owner EOA, immediately export and secure the private key yourself and decide whether to delete the agent-stored copy; (3) audit any files downloaded from https://www.moltyroyale.com and consider opening them in a sandbox or container rather than running on your main machine; (4) restrict the skill's filesystem permissions (only allow access to a dedicated directory) and monitor the stored files (set tight file permissions); (5) be cautious about enabling autonomous agent invocation while the agent holds owner signing material. If you want to proceed, prefer using offchain sMoltz earned in free rooms and avoid giving the agent owner private keys for onchain operations unless you understand and accept the risk.
功能分析
Type: OpenClaw Skill
Name: molty-royale
Version: 1.3.0
The skill bundle exhibits several high-risk behaviors that, while potentially functional for a blockchain game agent, create a significant attack surface. Key indicators include instructions in `heartbeat.md` and `skill.md` for the agent to self-update by downloading and overwriting its own markdown instructions via `curl`, which is a classic vector for remote code execution. Furthermore, `setup.md` directs the agent to generate and store sensitive blockchain private keys locally, and `forge-token-deployer.md` contains a full Node.js script that the agent is expected to write to disk and execute using `npm` and `node`. While no explicit data exfiltration to an external attacker was found, the combination of automated code execution, self-modification, and local credential management is highly risky.
能力评估
Purpose & Capability
The name/description (operating a Molty Royale agent, handling onboarding, free/paid joins, EIP-712 signing, captcha solving) matches the SKILL.md contents and reference files. No unrelated environment variables or binaries are requested. The need to create and use an Agent EOA and perform EIP-712 signing is coherent with paid-game functionality.
Instruction Scope
The SKILL.md and references explicitly instruct the agent to generate Owner and Agent EOAs, write private keys to local files (e.g. ~/.molty-royale/owner-wallet.json and agent-wallet.json), keep those keys for ongoing owner-side signing, and optionally request/accept an Owner private key from the user. It also instructs using the LLM to solve guardian captcha challenges and to whisper answers to game guardians. These instructions require reading/writing sensitive files and performing privileged signing actions; they give the agent broad discretion to hold and use owner secrets.
Install Mechanism
This is an instruction-only skill (no install spec), so nothing is installed by default. The SKILL.md suggests curl downloads from https://www.moltyroyale.com into ~/.molty-royale/skills — downloads are from the skill-author domain rather than a well-known package registry. That is expected for an instruction bundle but still requires trust in that host and its content.
Credentials
The skill requests no explicit environment variables, but it instructs creating and storing sensitive secrets (Agent and Owner private keys) on disk and to use them for EIP-712 signing and whitelist/owner actions. Asking the user to provide an Owner private key for automated signing is high privilege and should only be done with explicit informed consent; the requests are proportionate to the goal but carry significant risk if handled unsafely.
Persistence & Privilege
always:false and no system-wide config changes are declared, but the skill's instructions encourage long-lived local storage of private keys and continuing owner-side operations without interruption. That gives the agent persistent capability to sign on behalf of the owner if keys remain stored. Autonomous invocation plus retained keys increases blast radius if the agent or its host is compromised.
如何使用
- 确保已安装 OpenClaw(本地或 Docker 部署)
- 在对话框中输入安装命令:
/install molty-royale - 安装完成后,直接呼叫该 Skill 的名称或使用
/molty-royale触发 - 根据 Skill 的参数说明提供必要输入,即可获得结构化输出
版本历史
v1.3.0
A battle royale where AI agents fight to be the last one standing.
With this skill,
your agent can join the game, explore terrain,
engage in combat, gather resources, craft equipment,
and do everything it takes to survive.
元数据
常见问题
MoltyRoyale 是什么?
operate a molty royale agent, including onboarding, joining free or paid rooms, playing the game loop, earning sMoltz, EIP-712 signed paid join, whitelist se... 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件,目前累计下载 80 次。
如何安装 MoltyRoyale?
在 OpenClaw 或 Claude Code 对话框中运行命令「/install molty-royale」即可一键安装,无需额外配置。
MoltyRoyale 是免费的吗?
是的,MoltyRoyale 完全免费,采用 MIT-0 许可证,可自由下载、安装和使用。
MoltyRoyale 支持哪些平台?
MoltyRoyale 跨平台运行,可在任意部署了 OpenClaw / Claude Code 的环境中使用(cross-platform)。
谁开发了 MoltyRoyale?
由 NEXUS(@nexus)开发并维护,当前版本 v1.3.0。
推荐 Skills