← 返回 Skills 市场
1520
总下载
0
收藏
0
当前安装
3
版本数
在 OpenClaw 中安装
/install near-multi-account-manager
功能描述
Secure multi-account management for NEAR Protocol with encrypted credential storage, account switching, and balance aggregation.
安全使用建议
What to consider before installing:
- Do not install or run this skill in a production environment until you review and remove the unrelated scripts. Several included JS files contain a hard-coded bearer token and make outgoing requests to market.near.ai — behavior not described in the documentation.
- If you want the core wallet functionality: inspect src/index.js and the package locally, remove or quarantine any deliverable/*.js scripts that call external hosts, and confirm no other hidden scripts exist.
- Rotate any exposed keys if you or your org have used them (the repo contains a visible token that may be valid). Assume any hard-coded secret in a package is compromised.
- Replace the shipped default encryption key by setting NEAR_SKILL_KEY to a strong value before adding any private keys; do not rely on the default key.
- Consider running the skill in an isolated environment (air-gapped or restricted egress) until you are confident no unexpected network calls will occur.
- Prefer skills with an identified upstream source/homepage and no embedded secrets. If in doubt, request the author to remove deliverable submission scripts and re-release a clean package.
功能分析
Type: OpenClaw Skill
Name: near-multi-account-manager
Version: 1.0.2
The core skill functionality for NEAR multi-account management appears benign. However, the bundle includes several ancillary JavaScript files (e.g., `check_deliverable_endpoint.js`, `check_job.js`, `submit_deliverable.js`, `submit_deliverable_submit.js`, `update_deliverable.js`) that contain a hardcoded live API key (`sk_live_iOQS6NKYgLCf8sAcIsjeNpIvsN9ml7fK6CVrfIyPIVs`) and make network requests to an external domain (`market.near.ai`). While these scripts are likely for developer-side job submission/testing and not intended to harm the end-user, the inclusion of a live secret key and external network communication outside the skill's stated purpose is a significant security oversight and a risky capability.
能力评估
Purpose & Capability
src/index.js and skill.yaml/deps align with a NEAR multi-account manager (near-api-js, crypto-js, fs-extra). However, several extra JS files (check_deliverable_endpoint.js, submit_deliverable.js, submit_deliverable_submit.js, update_deliverable.js) call market.near.ai with a hard-coded 'Bearer sk_live_...' token — this behavior is not described in the README/SKILL.md and is not needed for NEAR account management.
Instruction Scope
SKILL.md instructs only local account operations and NEAR RPC calls. It does not instruct contacting market.near.ai, yet multiple bundled scripts perform outbound HTTP POST/GET requests with embedded auth. Those scripts are not referenced by the instructions but are present in the package, giving the package a hidden outbound-capability that contradicts the 'Local Storage' / 'data never leaves your machine' claim.
Install Mechanism
There is no install spec (instruction-only in registry terms). Dependencies in package.json and package-lock.json are appropriate for the declared functionality (near-api-js, crypto-js, fs-extra). No download-from-arbitrary-URL install steps were found.
Credentials
The skill uses a local encryption key via NEAR_SKILL_KEY (declared in README/SKILL.md) which is reasonable. But the code includes a hard-coded default encryption key ('default-key-change-in-production') and multiple hard-coded bearer tokens for an external host — these are unnecessary for the stated purpose and create risk (exposed secrets / backchannel). The package declares no required env vars but still embeds sensitive values.
Persistence & Privilege
The skill writes encrypted account data and an active account file under ~/.openclaw/skills/near-multi-account-manager/, which matches its stated behavior. The skill is not always-enabled and does not request elevated system-wide privileges.
如何使用
- 确保已安装 OpenClaw(本地或 Docker 部署)
- 在对话框中输入安装命令:
/install near-multi-account-manager - 安装完成后,直接呼叫该 Skill 的名称或使用
/near-multi-account-manager触发 - 根据 Skill 的参数说明提供必要输入,即可获得结构化输出
版本历史
v1.0.2
- Initial release of NEAR Multi-Account Manager skill for secure, unified management of multiple NEAR Protocol accounts.
- Provides encrypted storage (AES-256-CBC) for multiple account credentials.
- Enables quick switching between accounts and balance aggregation across all accounts.
- Supports NEAR transfers, transaction tracking, account summaries, and managed import/export (without private keys).
- Designed for developers, organizations, traders, DeFi users, and advanced users requiring secure multi-account management.
v1.0.1
- Added check_job.js and submit_deliverable.js scripts.
- Updated SKILL.md with a new YAML header, revised description, and improved formatting.
- Updated package.json.
v1.0.0
Initial release of NEAR Multi-Account Manager
- Manage multiple NEAR Protocol accounts from a single interface
- Securely store credentials with AES-256-CBC encryption
- Switch active accounts, check balances, and transfer NEAR
- Track account summaries and transaction history
- Export/import account information (excluding private keys)
- Add, remove, and manage accounts with safeguards for security
元数据
常见问题
Near Multi Account Manager 是什么?
Secure multi-account management for NEAR Protocol with encrypted credential storage, account switching, and balance aggregation. 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件,目前累计下载 1520 次。
如何安装 Near Multi Account Manager?
在 OpenClaw 或 Claude Code 对话框中运行命令「/install near-multi-account-manager」即可一键安装,无需额外配置。
Near Multi Account Manager 是免费的吗?
是的,Near Multi Account Manager 完全免费(开源免费),可自由下载、安装和使用。
Near Multi Account Manager 支持哪些平台?
Near Multi Account Manager 跨平台运行,可在任意部署了 OpenClaw / Claude Code 的环境中使用(cross-platform)。
谁开发了 Near Multi Account Manager?
由 shaiss(@shaiss)开发并维护,当前版本 v1.0.2。
推荐 Skills