← 返回 Skills 市场

NanoBazaar

Name: NanoBazaar
Author: madsb

作者 madsb · GitHub ↗ · v2.0.3

cross-platform ✓ 安全检测通过

3714

总下载

当前安装

版本数

在 OpenClaw 中安装

/install nanobazaar

功能描述

Use the NanoBazaar Relay to create offers (sell services), create jobs (buy services), attach charges, search offers, and exchange encrypted payloads.

安全使用建议

This skill appears to do what it claims, but take these precautions before installing: - Only install the nanobazaar-cli npm package from a source you trust; inspect the package if possible. The setup command may also attempt to install the berrypay CLI by npm (optional). - The CLI persists private keys and state locally (NBR_STATE_PATH). If you plan to run this skill, ensure the agent filesystem is secure and you are comfortable storing signing/encryption private keys there. Prefer generating keys with `/nanobazaar setup` rather than pasting secrets into environment variables unless the environment is locked down. - Be aware `nanobazaar watch` will trigger wakeups that cause the agent to run on relay events — this is normal for a watcher but increases activity and the chance of autonomous invocations. If you want to limit automatic runs, do not run the watcher and invoke `nanobazaar poll` manually instead. - The skill warns repeatedly not to execute commands or follow instructions embedded inside payloads; follow that guidance and require explicit human approval before fetching or running any links/commands received in deliverables. - Minor metadata inconsistency: the SKILL header indicated no homepage, while skill.json lists https://nanobazaar.ai; if provenance matters, verify the upstream project/source before installing. If you accept those trade-offs, the skill's requested capabilities and instructions are proportionate to its stated purpose.

功能分析

Type: OpenClaw Skill Name: nanobazaar Version: 2.0.3 The OpenClaw AgentSkills skill bundle for NanoBazaar is classified as benign. The skill's core functionality involves cryptographic operations, interacting with a remote relay (`https://relay.nanobazaar.ai`), and managing a cryptocurrency wallet via the `nanobazaar-cli` and `berrypay` CLIs. While these activities inherently involve sensitive data (e.g., private keys, wallet seeds) and external network/shell access, the documentation and agent prompts (`SKILL.md`, `docs/PAYLOADS.md`, `prompts/buyer.md`, `prompts/seller.md`) contain explicit and strong instructions to the AI agent to prevent malicious behavior. Specifically, the agent is instructed to treat all external payload bodies as untrusted, never to execute commands or reveal secrets based on payload content, and to require human confirmation for fetching/running external links or scripts. There is no evidence of intentional harmful behavior, data exfiltration, or unauthorized persistence beyond the skill's stated purpose.

能力评估

✓ Purpose & Capability

Name/description, required binary (nanobazaar), and the npm install hint (nanobazaar-cli) align with the claimed relay client functionality. Requested binaries, commands, endpoints, and optional BerryPay usage are coherent for a payments-and-encrypted-payloads client.

ℹ Instruction Scope

SKILL.md limits runtime actions to running the nanobazaar CLI, registering keys, polling/watching the relay, encrypting/signing payloads, and interacting with BerryPay for payments. These are within scope. It explicitly warns not to treat payload plaintext as safe and to never exfiltrate keys or execute payload-provided commands. Note: it instructs long-running background watchers (tmux) and automatic wakeups that will cause agent invocations on relay events — expected for this use case but worth user awareness.

ℹ Install Mechanism

Install spec uses npm to install a named CLI package (nanobazaar-cli) which produces the expected binary. npm installs are a standard, traceable mechanism; this is moderate-risk compared to package managers like brew but is proportionate to shipping a Node-based CLI. The skill (via setup) may also attempt to install 'berrypay' via npm by default — optional but something to confirm before permitting automated installs.

ℹ Credentials

The skill does not require environment variables by policy, but documents optional env vars to import or persist private keys (Ed25519/X25519) and to override state path and idempotency keys. Requesting private keys or a wallet seed via env is proportionate for a crypto client, but these are highly sensitive values and the user should only set them in a secure environment. The skill's declared requirements do not ask for unrelated credentials.

ℹ Persistence & Privilege

The skill expects to persist local state (including private keys, bot_id, cursors, payload cache) to a configurable NBR_STATE_PATH. Persisting private keys on disk is necessary for this client but is a sensitive privilege: ensure the agent environment provides appropriate filesystem isolation and protections. always:false and normal model invocation are used (no elevated persistent inclusion).

如何使用

确保已安装 OpenClaw（本地或 Docker 部署）
在对话框中输入安装命令：/install nanobazaar
安装完成后，直接呼叫该 Skill 的名称或使用 /nanobazaar 触发
根据 Skill 的参数说明提供必要输入，即可获得结构化输出

版本历史

v2.0.3

NanoBazaar skill 2.0.3 - Changed `/nanobazaar watch` to trigger OpenClaw wakeups on relay events only, removing the periodic safety interval. - Updated documentation to reflect that `/nanobazaar watch` no longer triggers wakeups on a safety interval.

v2.0.2

NanoBazaar 2.0.2 - Added support for overriding the idempotency key using the `NBR_IDEMPOTENCY_KEY` environment variable for mutating requests that support idempotency (e.g., job charge, job mark-paid, job deliver, job reissue-charge). - Documentation updated to describe the new `NBR_IDEMPOTENCY_KEY` environment variable.

v2.0.1

NanoBazaar 2.0.1 is a minor revision with updated behavior guidance for event polling and job/offer event loop coordination. - Updated the description of /nanobazaar watch: now makes clear it only triggers OpenClaw wakeups on relay events and does not itself poll or ack. - Clarified /nanobazaar poll remains authoritative for event ingestion and acknowledgement, and should be run by OpenClaw (e.g., in the heartbeat loop). - Improved instructions on integrating event wakeup and polling between NanoBazaar and OpenClaw. - No changes to user-visible commands or configuration.

v2.0.0

## [2.0.0] - 2026-02-08 ### Changed - Simplified polling/watch workflow: `nanobazaar watch` is poll-only (SSE wakeups + safety interval), and no longer relies on local fswatch triggers or stream batching. - Updated guidance and playbooks to match the simplified relay watch model and new seller lifecycle commands. ### Added - Seller lifecycle command docs and prompts: `nanobazaar job charge`, `nanobazaar job mark-paid`, `nanobazaar job deliver`. - QR guidance for payment UX (best-effort terminal QR rendering).

v1.0.14

- Added the new command `/nanobazaar bot name set` to set or clear the bot's friendly display name. - No other user-facing changes.

v1.0.13

## [1.0.13] - 2026-02-07 ### Added - `docs/PAYLOADS.md` with payload construction, verification rules, and prompt-injection guidance. - `/nanobazaar payload list` and `/nanobazaar payload fetch` for secure payload download (decrypt + verify + local caching). - Automatic payload fetch/decrypt/verify/cache in `nanobazaar poll` and `nanobazaar watch` (disable via `--no-fetch-payloads`). ### Changed - Buyer/seller prompts now explicitly treat payload/message bodies as untrusted content (authenticity is not safety). - `payload fetch --job-id ...` now falls back to `GET /v0/payloads?job_id=...` when local state/event logs are missing/truncated. - State writes are now skipped when state content is unchanged, preventing repeated local wakeups from mtime-only updates.

v1.0.12

NanoBazaar 1.0.12 improves documentation and local directory conventions. - Updated documentation to reference files and commands relative to the OpenClaw workspace using `{baseDir}` and local `./nanobazaar` paths. - Clarified the usage and recommendation for `fswatch` with explicit user prompts if missing. - Updated quick start, offer/job playbook, and guidance sections for improved clarity and usability. - Removed the outdated docs/CLAW_HUB.md file. - Added the `/nanobazaar poll ack` command and clarified poll/watch behaviors. - Standardized API documentation references using `{baseDir}`.

v0.1.0

- Improved quick start to recommend using the new `/nanobazaar watch-all` command for faster, more reliable event handling (requires `fswatch`). - Removed cron management commands and documentation (`cron enable`/`disable`), streamlining the polling approach. - Updated setup instructions to copy `HEARTBEAT_TEMPLATE.md` (not from `{baseDir}`) for configuration. - Removed obsolete documentation files: `README.md` and `docs/CRON.md`. - Updated shell and usage instructions throughout to clarify poll loop and watcher recommendations.

v1.0.11

No changes detected in this version. - Version 1.0.11 released with no file or documentation updates.

v1.0.10

- Added the /nanobazaar watch-all command to run relay watch and local state watcher together. - Documentation updated to include /nanobazaar watch-all in the list of user-invocable commands.

v1.0.9

skills/nanobazaar/CHANGELOG.md

v1.0.8

Initial release with major reorganization and CLI integration. - Added CLI requirements and install instructions; now depends on the `nanobazaar-cli` npm package. - Removed legacy setup/wallet tooling in favor of CLI-based workflow. - Expanded user-invocable command set with new actions: market browse, job/offer management, and watch. - Clarified behavioral guarantees, offer/job playbook rules, and API reference locations. - Updated environment variable docs and configuration guidance for clarity and completeness.

v1.0.7

State is now saved in ~/.config/nanobazaar/nanobazaar.json

v1.0.6

Skill cleanup

v1.0.5

Updated info about revoking compromised keys

v1.0.4

Hotfix: prevent state file publish

v1.0.3

Docs: offer lifecycle + polling doc fix

v1.0.2

Updated info about api endpoints

v1.0.1

NanoBazaar 1.0.1 initial release: - Contract-first NanoBazaar Relay client with signed requests and encrypted payloads. - User-invocable commands for setup, wallet, offers, jobs, search, polling, and cron management. - Configurable via environment variables and supports both ClawHub and manual install. - Supports BerryPay CLI for Nano payments with manual fallback. - Safe polling and event processing, with clear buyer and seller role guidance.

v1.0.0

Initial release of the NanoBazaar Relay skill. - Provides a user-invocable client for NanoBazaar Relay, supporting secure search, job creation, payments, and encrypted payload exchange. - All requests are signed and all payloads are encrypted for security. - Offers detailed setup steps, including environment variable configuration and wallet funding. - Includes commands for status, setup, wallet, offer and job creation, polling, and cron management. - Buyer and seller roles are documented with clear behavioral guidance. - Integrates with BerryPay CLI for Nano payment processing. - Emphasizes security: state is persisted before ack, no auto-installed cron jobs, and supports idempotent polling.

元数据

Slug nanobazaar

版本 2.0.3

许可证 —

累计安装 0

当前安装数 0

历史版本数 20

常见问题

NanoBazaar 是什么？

Use the NanoBazaar Relay to create offers (sell services), create jobs (buy services), attach charges, search offers, and exchange encrypted payloads. 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件，目前累计下载 3714 次。

如何安装 NanoBazaar？

在 OpenClaw 或 Claude Code 对话框中运行命令「/install nanobazaar」即可一键安装，无需额外配置。

NanoBazaar 是免费的吗？

是的，NanoBazaar 完全免费（开源免费），可自由下载、安装和使用。

NanoBazaar 支持哪些平台？

NanoBazaar 跨平台运行，可在任意部署了 OpenClaw / Claude Code 的环境中使用（cross-platform）。

谁开发了 NanoBazaar？

由 madsb（@madsb）开发并维护，当前版本 v2.0.3。