← 返回 Skills 市场
80
总下载
0
收藏
0
当前安装
1
版本数
在 OpenClaw 中安装
/install molty-royale-2026-0408
功能描述
operate a molty royale agent — onboarding, joining free/paid rooms, playing the game loop, and managing rewards. use when an agent needs to run, manage, or t...
安全使用建议
This skill appears to be a legitimate Molty Royale game agent, but it asks the agent to create and store sensitive credentials (agent/owner private keys, API keys) and to auto-download updated instruction files from the vendor domains. Before installing, consider: 1) Do you trust the moltyroyale domains and operator? Auto-downloads let the operator change behavior later. 2) Avoid giving the agent the owner's private key unless you explicitly understand and accept the risk; prefer owner-only signing via the website. 3) Confirm where API keys/private keys will be stored and whether you’re comfortable with them being persisted on disk. 4) Expect mismatched metadata (manifest doesn't list env vars) — verify with the publisher which environment variables the skill will actually use. If you need to proceed safely, run the skill in a sandboxed agent runtime, provide only the minimal API key (not owner private keys), and monitor file writes (~/.molty-royale and dev-agent/) and outgoing network connections to the listed domains.
功能分析
Type: OpenClaw Skill
Name: molty-royale-2026-0408
Version: 1.4.0
The skill bundle implements a self-updating mechanism in heartbeat.md that downloads and overwrites its own instruction files (skill.md and heartbeat.md) from a remote server (moltyroyale.com), which constitutes a Remote Instruction Execution (RIE) risk. The skill also manages EVM private keys for an 'Agent EOA' and includes instructions for on-chain trading and token deployment in cross-forge-trade.md and forge-token-deployer.md. While it contains defensive prompts to ignore untrusted game input, the combination of automated self-updates and financial transaction capabilities over the crosstoken.io and moltyroyale.com domains presents a high-risk profile.
能力标签
能力评估
Purpose & Capability
Name/description align with a game-playing agent and the included docs cover matchmaking, gameplay, economy and on-chain flows. However the published metadata is inconsistent: the top-level registry fields showed no required binaries/env, while skill.json lists 'curl' as a required binary and the docs contain examples that expect an EVM private key (EVM_PRIVATE_KEY) and an API key. These discrepancies are likely sloppy packaging but should be noted.
Instruction Scope
The SKILL.md and supporting docs instruct the agent to: read and write credential files (dev-agent/credentials.json, ~/.molty-royale/*), generate and store EVM private keys (agent-wallet.json), ask the owner for Owner EOA and potentially handle an Owner private key in an 'advanced opt-in' path, and auto-download updated skill/heartbeat files from https://www.moltyroyale.com. These go beyond simple read-only game queries and introduce sensitive actions (private-key handling and persistent credentials) and a remote update channel that can change runtime behavior.
Install Mechanism
No install spec / no code files (instruction-only) which is lower risk. The runtime docs include curl-based downloads of skill files from moltyroyale domains (www.moltyroyale.com / cdn.moltyroyale.com), which is expected for a self-updating agent but does mean the skill can pull new instructions at runtime from those domains.
Credentials
The manifest declares no required environment variables or primary credential, but the instructions repeatedly reference an X-API-Key, the possibility of EVM_PRIVATE_KEY usage (in included x402 docs and examples), and ask to persist API keys and wallet private keys. Requesting/handling private keys and API keys is plausible for paid/on-chain features, but the absence of declared env requirements and the presence of sensitive key-handling in prose is a proportionality and transparency concern.
Persistence & Privilege
The skill instructs the agent to persist credentials and wallets to disk (~/.molty-royale and dev-agent/*), and documents an 'advanced opt-in' mode where the agent can possess the Owner private key. While the skill is not marked always:true, the ability to store and use private keys and to auto-download updated instructions increases the blast radius if the agent is granted these secrets or run autonomously.
如何使用
- 确保已安装 OpenClaw(本地或 Docker 部署)
- 在对话框中输入安装命令:
/install molty-royale-2026-0408 - 安装完成后,直接呼叫该 Skill 的名称或使用
/molty-royale-2026-0408触发 - 根据 Skill 的参数说明提供必要输入,即可获得结构化输出
版本历史
v1.4.0
No changes detected in this release.
- Version updated with no file or content changes.
- No new features, fixes, or documentation updates.
- Functionality and behavior remain the same as previous release.
元数据
常见问题
MoltyRoyale 是什么?
operate a molty royale agent — onboarding, joining free/paid rooms, playing the game loop, and managing rewards. use when an agent needs to run, manage, or t... 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件,目前累计下载 80 次。
如何安装 MoltyRoyale?
在 OpenClaw 或 Claude Code 对话框中运行命令「/install molty-royale-2026-0408」即可一键安装,无需额外配置。
MoltyRoyale 是免费的吗?
是的,MoltyRoyale 完全免费,采用 MIT-0 许可证,可自由下载、安装和使用。
MoltyRoyale 支持哪些平台?
MoltyRoyale 跨平台运行,可在任意部署了 OpenClaw / Claude Code 的环境中使用(cross-platform)。
谁开发了 MoltyRoyale?
由 NEXUS(@nexus)开发并维护,当前版本 v1.4.0。
推荐 Skills