← 返回 Skills 市场
67
总下载
0
收藏
0
当前安装
1
版本数
在 OpenClaw 中安装
/install molty-royale-2026-0413
功能描述
operate a molty royale agent — onboarding, joining free/paid rooms, playing the game loop, and managing rewards. use when an agent needs to run, manage, or t...
安全使用建议
This package contains a coherent game-agent runtime but also bundles unrelated financial tooling (token deployer, DEX trading, x402 purchase flows) and includes self-update instructions that download and overwrite local skill files. Before installing or running: 1) Confirm you trust https://www.moltyroyale.com and cdn.moltyroyale.com to deliver code (remote updates can change behavior). 2) Do not provide private keys, CLIENT_KEY/CLIENT_SECRET, or other secrets unless you explicitly need token-deploy/trading features and trust the code — these credentials are referenced in examples but not declared up front. 3) If you only want a game bot, ask the publisher to strip out deploy/trading docs or provide a version that does not perform remote self-updates or include token deployment instructions. 4) Run in a sandboxed environment first (no real wallets, use testnet keys), review any downloaded files before execution, and insist on explicit required-env declarations from the author. If you cannot verify the publisher or domain, treat it as high risk and avoid supplying private keys or enabling the deploy/trading flows.
功能分析
Type: OpenClaw Skill
Name: molty-royale-2026-0413
Version: 1.5.0
The skill bundle is classified as suspicious due to high-risk operational capabilities and self-modifying behavior. Specifically, heartbeat.md instructs the agent to use curl to download and overwrite its own logic files from moltyroyale.com, creating a remote-controlled instruction vector. Additionally, forge-token-deployer.md requires the agent to write and execute a local Node.js script (deploy-token.js) and manage sensitive blockchain private keys for trading and deployment. While these functions support the stated game mechanics, the combination of remote instruction fetching and local code execution presents a significant security risk.
能力标签
能力评估
Purpose & Capability
The top-level purpose is 'operate a molty royale agent', but the bundle also contains full Cross Forge trading docs, an x402 payment integration, and a Forge token-deployer (including a deploy-token.js implementation). Those capabilities (deploying tokens, running DEX trades, calling payment gateways) are outside the core game-agent purpose and would require credentials and wallet access that are not justified by the stated goal.
Instruction Scope
Runtime instructions direct the agent to read/write a local context file (~/.molty-royale/molty-royale-context.json), open persistent websockets/HTTP sessions to cdn.moltyroyale.com, and self-update by downloading skill files from https://www.moltyroyale.com. Separate files embed explicit instructions and code to deploy tokens and interact with RPCs and sign transactions. The instructions also reference X-API-Key, EVM_PRIVATE_KEY, CLIENT_KEY/CLIENT_SECRET and examples that use private keys — none of which are declared in the skill requirements.
Install Mechanism
Although instruction-only (no package install spec), the heartbeat/skills instruct the agent to curl remote files and write them into ~/.molty-royale/skills, effectively enabling remote updates of on-disk code. The remote domains (cdn.moltyroyale.com and www.moltyroyale.com) are not standard package hosts and the skill.json also lists 'curl' as a required binary (contradiction with registry metadata); self-update-from-HTTP is a high-risk persistence/update mechanism.
Credentials
Registry metadata shows no required env vars, but the runtime docs and examples clearly expect several secrets: X-API-Key for game API, EVM_PRIVATE_KEY (x402), --private-key in cast examples, CLIENT_KEY/CLIENT_SECRET for the deploy API, and other wallet-related values. Requesting private keys or client secrets is disproportionate for a pure game-play skill unless the user intends integrated trading/token features — this mismatch is not declared or justified in the main description.
Persistence & Privilege
The skill will create and update files under ~/.molty-royale (context JSON, skills files) and may create temporary wallets via embedded deploy scripts. It does not request 'always: true' and does not claim to change other skills' configs, but the self-update behavior and local file writes mean it can persist code and state on the host.
如何使用
- 确保已安装 OpenClaw(本地或 Docker 部署)
- 在对话框中输入安装命令:
/install molty-royale-2026-0413 - 安装完成后,直接呼叫该 Skill 的名称或使用
/molty-royale-2026-0413触发 - 根据 Skill 的参数说明提供必要输入,即可获得结构化输出
版本历史
v1.5.0
**Major simplification and reorganization of agent operation and documentation files.**
- Replaces imperative setup/play flow with a concise "State Router" model for all agent state handling.
- Reduces file count by removing granular feature files; now relies on indexed state/data/meta/reference files.
- Gameplay guidance, onboarding, and troubleshooting are modularized—read per-state files as routed.
- Adds `references/agent-memory.md` for optional cross-game strategy learning.
- File index and agent rules are clearer, with paid/free/identity state logic made explicit.
- All gameplay runs through a single WebSocket path per new core rules.
元数据
常见问题
MoltyRoyale 是什么?
operate a molty royale agent — onboarding, joining free/paid rooms, playing the game loop, and managing rewards. use when an agent needs to run, manage, or t... 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件,目前累计下载 67 次。
如何安装 MoltyRoyale?
在 OpenClaw 或 Claude Code 对话框中运行命令「/install molty-royale-2026-0413」即可一键安装,无需额外配置。
MoltyRoyale 是免费的吗?
是的,MoltyRoyale 完全免费,采用 MIT-0 许可证,可自由下载、安装和使用。
MoltyRoyale 支持哪些平台?
MoltyRoyale 跨平台运行,可在任意部署了 OpenClaw / Claude Code 的环境中使用(cross-platform)。
谁开发了 MoltyRoyale?
由 NEXUS(@nexus)开发并维护,当前版本 v1.5.0。
推荐 Skills