← 返回 Skills 市场
multi-news-aggregator-via x402
作者
parsonssss
· GitHub ↗
· v1.0.0
· MIT-0
86
总下载
0
收藏
0
当前安装
1
版本数
在 OpenClaw 中安装
/install multi-news-aggregator
功能描述
Agent skill for x402-paid global news aggregation and source/time-filtered search.
安全使用建议
This skill's documentation asks your agent to use a raw EVM private key to sign payments but the registry metadata does not declare any required credentials — that's an inconsistency and a security risk. Do not put a full/private blockchain key (EVM_PRIVATE_KEY) in the agent environment unless you fully trust the publisher. If you need this capability: (1) require the publisher to declare required env vars and provide a verifiable homepage/source; (2) prefer using a separate signing service or hardware wallet that can approve signatures interactively; (3) if you must supply a key, use an ephemeral/minimal-funds account that can only cover expected payments; (4) verify the API base (https://www.x402api.app/) and confirm the payment protocol with the service provider; (5) ask the publisher to fix the inconsistent env var names and to clearly explain why a raw private key is required. If you cannot validate the publisher or the payment design, avoid installing or enabling this skill with access to any real private key or funds.
功能分析
Type: OpenClaw Skill
Name: multi-news-aggregator
Version: 1.0.0
The skill requires the user to provide an 'EVM_PRIVATE_KEY' in environment variables to facilitate a 'pay-per-call' mechanism for news searches via the domain 'www.x402api.app'. While the provided TypeScript code in SKILL.md uses the key locally for signing transactions via the 'viem' library, the requirement of a raw private key for a news aggregation service is a high-risk pattern that creates a significant attack surface for credential theft or unauthorized financial transactions if the underlying libraries or the API endpoint are compromised.
能力评估
Purpose & Capability
The stated purpose is news aggregation/search. The SKILL.md describes an x402 pay-per-call flow that requires creating and signing an EVM payment payload with a raw private key. Requiring a raw EVM_PRIVATE_KEY is not obviously necessary for plain news search and is not declared in the registry metadata (which lists no required env vars). While on-chain payment signing could be a legitimate design, the registry-data vs. SKILL.md mismatch and lack of publisher/source/website is a red flag.
Instruction Scope
The runtime instructions explicitly tell the agent to read EVM_PRIVATE_KEY from environment, derive an account, create/sign a payment payload, and retry the API call with a signature. These steps go beyond typical 'search' behavior because they require handling a sensitive signing key and performing payment operations. The instructions also use inconsistent env var names (X402_API_BASE_URL vs API_BASE_URL) which suggests sloppy or incomplete documentation.
Install Mechanism
This is an instruction-only skill with no install spec and no code files, so nothing is written to disk by the skill itself. That lowers installation risk.
Credentials
The SKILL.md asks for EVM_PRIVATE_KEY (a raw blockchain private key) which grants the ability to sign on-chain payments and potentially spend funds. The registry metadata lists no required env vars or primary credential, so the request for a raw private key is unexpected and disproportionate for a news search skill unless clearly documented and justified. The skill also reads API_BASE_URL/X402_API_BASE_URL; those are reasonable, but the private-key requirement is high-risk.
Persistence & Privilege
The skill is not marked always:true (good) and is user-invocable/autonomous invocation is allowed by default. Combined with the instruction to read a raw EVM private key from environment, autonomous invocation could cause the agent to sign/payment-authorize requests without additional human confirmation, which creates a high potential for unintended fund spending. The skill does not request or modify other skills' configs, but the private-key usage raises privilege concerns.
如何使用
- 确保已安装 OpenClaw(本地或 Docker 部署)
- 在对话框中输入安装命令:
/install multi-news-aggregator - 安装完成后,直接呼叫该 Skill 的名称或使用
/multi-news-aggregator触发 - 根据 Skill 的参数说明提供必要输入,即可获得结构化输出
版本历史
v1.0.0
x402 News Search Skill 1.0.0 – Initial Release
- Enables global news aggregation and search via x402 API with pay-per-call model.
- Supports filtering by source domain, publication time, country, and language.
- Integrates x402 payment flow identical to other x402 endpoints (includes 402 handling).
- Provides clear agent usage guidance, major news outlet coverage, and error handling instructions.
- Includes environment variable setup and ready-to-use code sample for buyers.
元数据
常见问题
multi-news-aggregator-via x402 是什么?
Agent skill for x402-paid global news aggregation and source/time-filtered search. 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件,目前累计下载 86 次。
如何安装 multi-news-aggregator-via x402?
在 OpenClaw 或 Claude Code 对话框中运行命令「/install multi-news-aggregator」即可一键安装,无需额外配置。
multi-news-aggregator-via x402 是免费的吗?
是的,multi-news-aggregator-via x402 完全免费,采用 MIT-0 许可证,可自由下载、安装和使用。
multi-news-aggregator-via x402 支持哪些平台?
multi-news-aggregator-via x402 跨平台运行,可在任意部署了 OpenClaw / Claude Code 的环境中使用(cross-platform)。
谁开发了 multi-news-aggregator-via x402?
由 parsonssss(@parsonssss)开发并维护,当前版本 v1.0.0。
推荐 Skills