← 返回 Skills 市场

MuHaven RWA Portfolio

Name: MuHaven RWA Portfolio
Author: hastodev

作者 Hasto · GitHub ↗ · v0.1.2 · MIT-0

cross-platform ⚠ suspicious

总下载

当前安装

版本数

在 OpenClaw 中安装

/install muhaven-rwa-skill

功能描述

Confidential real-world-asset (RWA) portfolio agent built on MuHaven's Fhenix-CoFHE-encrypted token primitives. Read your encrypted balances, stage yield cla...

使用说明 (SKILL.md)

MuHaven RWA Portfolio — OpenClaw skill

This skill bundles a curated subset of @muhaven/mcp plus an OpenClaw-shaped config bundle. It runs in OpenClaw's NemoClaw runtime (or any MCP host that honours the manifest's permissions block) and connects to the live MuHaven backend at https://api.muhaven.app.

What it does

Reads your encrypted RWA portfolio — balances stay encrypted with Fhenix CoFHE; the skill never sees plaintext.
Stages buy + claim intents for the OpenClaw surface — the skill never auto-submits. Every intent emits a structured confirmation request to one of three tiers based on amount.
Surfaces audit log for compliance / forensics.
/pause kill-switch uninstalls the on-chain @zerodev/permissions validator within one Arb block.

What it intentionally cannot do

Move funds without your passkey. The skill issues unsigned UserOp envelopes; signing happens in the muhaven-broker daemon (≤$200 inline callback) or in your dashboard / Mini App (>$200 tiers).
Speak to anything outside the egress allowlist. manifest.json's network.deny_default: true means a tampered binary cannot exfiltrate to a third party.
Read or write your filesystem. permissions.filesystem.{read,write}: [].
Spawn child processes. permissions.process.spawn: [].
Store any secret. JWT lives in muhaven-broker's OS-keychain entry; the skill calls the broker over Unix-socket / named-pipe IPC.

How to install

Install plain OpenClaw + ClawHub CLI globally:
```
npm install -g openclaw@latest clawhub
openclaw --version    # confirm install
clawhub --version
```
(Runtime decision 2026-05-11: plain OpenClaw under sandbox.fallback: host_native. NemoClaw remains the preferred runtime claim in manifest.json for forward-compat; today's deploy targets plain OpenClaw.)
Install the broker daemon separately as a global so its bin lands on $PATH regardless of ClawHub's bin-handling:
```
npm install -g @muhaven/[email protected]
muhaven-broker --version    # sanity check
```
(The skill itself bundles @muhaven/mcp inline since 0.1.1 via tsup noExternal, so no separate npm install --omit=dev is needed after clawhub install. The global install of @muhaven/mcp is still useful because it puts the muhaven-broker daemon bin on $PATH — the skill's bundled copy of @muhaven/mcp only exposes the MCP server, not the daemon CLI.)
Install the skill:
```
clawhub install [email protected]
```
Start the broker daemon: muhaven-broker (see @muhaven/mcp README).
Authenticate: muhaven-broker login — opens browser to https://muhaven.app/link?code=XXXX-XXXX, complete passkey.
Optional: link your Telegram account for the /agent/openclaw/* confirmation surface. From the dashboard /agent page → Telegram tab → "Link Telegram" → message the bot at @muhaven_bot with the one-time link code.

Confirmation tiers

The skill never executes a state-mutating action without a confirmation. Three tiers based on intent notional (USDC):

Range	Surface	Why
≤ $200	Telegram inline keyboard "Confirm" button	Low blast radius. Same trust model as a $200 mobile wallet payment — single-tap inline.
$200 – $5,000	Mini App with 6-digit OTP sent via separate Telegram message	Defends against a chat-stuffing attack where the LLM emits a `Confirm` button users tap on autopilot. OTP is out-of-band.
> $5,000	Deep-link to dashboard `https://muhaven.app/agent/confirm?intent=…` for passkey signature	Phishing-resistant by construction — WebAuthn RP-ID is bound to the dashboard origin; a Telegram-based MITM cannot complete passkey.

Tier boundaries are audit-logged in agent_audit_events with the amount-bucket the intent fell into. Investors can lower the boundaries in the dashboard /agent policy tab; they cannot raise them above the hardcoded ceilings (regulatory + Reg BI Care Obligation).

Hardening invariants (do NOT relax without audit)

permissions.network.deny_default: true — every new endpoint requires a manifest update + signed re-publish.
permissions.secrets.storage: os_keychain — paste-token UX is forbidden.
runtime.type: node — no shell, no Python, no JIT-compiled blob.
mcp.toolset_subset is the only set of tools the skill will dispatch to — additions require an ADR + signed re-publish.
Sigstore signing + GitHub OIDC trusted publishing — long-lived ClawHub tokens are not used. ClawHavoc (Feb 2026) precedent.
required_reviewers: 2 — single-maintainer publish is rejected at the policy gate. Two-maintainer release is the lesson from the Anthropic MCP SDK STDIO arbitrary-command CVEs (Apr 2026).

Tool inventory (subset of `@muhaven/mcp`)

See manifest.json and the upstream descriptors in @muhaven/mcp/src/tools/descriptions.ts. The skill only re-advertises the mcp.toolset_subset listed in this frontmatter; descriptor SHA-256 hashes are pinned in tool-hashes.json and verified on every skill load (mcp-context-protector pattern, post-MCPoison).

Reference docs

ADR-C in development/research-docs/WAVE_4_AGENTIC_RESEARCH_RESULT.md
development/DEV_WAVE_4/TOOL_NAMESPACE.md for the full naming surface
development/DEV_WAVE_4/THREAT_MODEL_P0.md for OWASP LLM + Agentic mappings

License

MIT. See LICENSE in the repository root.

安全使用建议

Install only if you trust MuHaven and understand the wallet/account implications. Prefer an enforced sandbox runtime or read-only mode, keep the broker and dependencies updated, and manually review every buy, claim, or pause confirmation before approving it.

能力标签

cryptorequires-walletcan-make-purchasesrequires-sensitive-credentials

能力评估

ℹ Purpose & Capability

The portfolio, buy-intent, claim-intent, and pause capabilities fit the stated MuHaven RWA purpose, but they are financially sensitive actions.

ℹ Instruction Scope

The artifacts repeatedly state that buy, claim, and pause actions emit intents and require human confirmation; users should still verify each confirmation before approving.

ℹ Install Mechanism

There is no separate install spec, but the documentation uses global npm-installed tooling and a bundled dependency graph; this is user-directed and purpose-aligned but supply-chain-sensitive.

⚠ Credentials

The skill advertises deny-by-default network/filesystem/process limits, but the provided security documentation says the current plain OpenClaw host-native runtime treats those permissions as advisory only.

ℹ Persistence & Privilege

Wallet/session authority is delegated to a local muhaven-broker daemon and JWT/session-key storage; this is disclosed, but users should understand where the broker stores credentials.

如何使用

确保已安装 OpenClaw（本地或 Docker 部署）
在对话框中输入安装命令：/install muhaven-rwa-skill
安装完成后，直接呼叫该 Skill 的名称或使用 /muhaven-rwa-skill 触发
根据 Skill 的参数说明提供必要输入，即可获得结构化输出

版本历史

v0.1.2

Cosmetic: corrects display name from "Package" to "MuHaven RWA Portfolio". No code or schema changes; bundled @muhaven/[email protected] is byte-identical to 0.1.1.

v0.1.1

Q2 publish bundle: inline-bundled @muhaven/[email protected] via tsup noExternal; SECURITY.md, policy.pause description hardened; new test surfaces for cli-parse, config, server-version, session-key-required.

元数据

Slug muhaven-rwa-skill

版本 0.1.2

许可证 MIT-0

累计安装 0

当前安装数 0

历史版本数 2

常见问题