← 返回 Skills 市场
shaiss

Near Name Service

作者 shaiss · GitHub ↗ · v1.0.0
cross-platform ⚠ suspicious
1063
总下载
0
收藏
0
当前安装
1
版本数
在 OpenClaw 中安装
/install near-name-service
功能描述
Manage NEAR Name Service (.near domains) - check availability, register, resolve, and manage names.
安全使用建议
What to consider before installing: - Functionality: The skill actually implements NEAR RPC calls and runs the NEAR CLI (via shell exec), which fits its stated purpose. - Missing declarations: The registry metadata does not list required binaries, but you need Node.js and the NEAR CLI installed and configured locally. Expect it to use your NEAR CLI keys/signers when performing registrations. - Review & test: Inspect the included script (scripts/nameservice.js) yourself (it’s short) and test on testnet first. The code defaults to testnet (isTestnet = true) — that’s safer for initial testing. - Potential bug: The register command builds the contract call argument as '{"account_id":"<fullName>"}', which appears to set the name itself as the account_id rather than the target account; this looks like a logic bug and could cause unintended behavior during registration. Ask the author to clarify or fix before using on mainnet. - Trust & keys: Because the script calls your NEAR CLI, it will use whatever keys your NEAR CLI has access to. Only run it if you trust the skill author and you understand which account will be charged for registration. - If you want lower risk: require the author to update metadata to declare Node/NEAR CLI requirements, provide an install spec or explicit instructions, and fix the registration argument logic. After that, the package would be closer to 'benign'.
功能分析
Type: OpenClaw Skill Name: near-name-service Version: 1.0.0 The skill is classified as suspicious due to a critical shell injection vulnerability in `scripts/nameservice.js`. The `registerName` function directly interpolates user-provided `name` and `accountId` (from `process.argv` or `process.env.NEAR_ACCOUNT`) into a `child_process.exec` command without proper sanitization. This allows an attacker to execute arbitrary commands on the host system by crafting malicious input for the `name` or `accountId` parameters, despite the skill's stated purpose being benign.
能力评估
Purpose & Capability
The skill's name, description, SKILL.md, and scripts all implement NEAR Name Service operations (RPC queries and invoking near CLI). However the registry metadata declares no required binaries or env vars while the README and SKILL.md explicitly expect NEAR CLI and Node to be present — this mismatch is unexpected and should have been declared.
Instruction Scope
Runtime instructions only use NEAR RPC and the NEAR CLI to query and register names. The SKILL.md does not instruct reading unrelated files or sending data to external endpoints outside NEAR RPC/CLI. The code does execute shell commands (near call), which is expected for this purpose.
Install Mechanism
There is no install spec despite a Node script and package.json being present. The skill will require a Node runtime and NEAR CLI on the host to function; neither are declared in the skill metadata. Lack of an install or declared runtime is a delivery/compatibility omission and increases risk of surprises at runtime.
Credentials
The skill declares no required env vars, but SKILL.md recommends setting NEAR_ACCOUNT and the script reads process.env.NEAR_ACCOUNT. Registration uses the local NEAR CLI signer (local keys) implicitly. These are proportional to the task, but the skill does not declare or explain the need for NEAR CLI-managed credentials or how keys/signers are used.
Persistence & Privilege
The skill is not always-enabled and does not request elevated or persistent platform privileges. It does not modify other skills or system-wide settings.
如何使用
  1. 确保已安装 OpenClaw(本地或 Docker 部署)
  2. 在对话框中输入安装命令:/install near-name-service
  3. 安装完成后,直接呼叫该 Skill 的名称或使用 /near-name-service 触发
  4. 根据 Skill 的参数说明提供必要输入,即可获得结构化输出
版本历史
v1.0.0
Initial release of NEAR Name Service CLI skill: - Check availability of .near domain names - Register .near domains to a NEAR account - Resolve .near domains to associated account IDs - List all .near domains owned by an account - Simple, user-friendly command-line interface
元数据
Slug near-name-service
版本 1.0.0
许可证
累计安装 0
当前安装数 0
历史版本数 1
常见问题

Near Name Service 是什么?

Manage NEAR Name Service (.near domains) - check availability, register, resolve, and manage names. 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件,目前累计下载 1063 次。

如何安装 Near Name Service?

在 OpenClaw 或 Claude Code 对话框中运行命令「/install near-name-service」即可一键安装,无需额外配置。

Near Name Service 是免费的吗?

是的,Near Name Service 完全免费(开源免费),可自由下载、安装和使用。

Near Name Service 支持哪些平台?

Near Name Service 跨平台运行,可在任意部署了 OpenClaw / Claude Code 的环境中使用(cross-platform)。

谁开发了 Near Name Service?

由 shaiss(@shaiss)开发并维护,当前版本 v1.0.0。

推荐 Skills
self-improving agent
Captures learnings, errors, and corrections to enable continuous improvement. Use when: (1) A command or operation fails unexpectedly, (2) User corrects Clau...
⬇ 463815 · by pskoett
Skill Vetter
Security-first skill vetting for AI agents. Use before installing any skill from ClawdHub, GitHub, or other sources. Checks for red flags, permission scope, and suspicious patterns.
⬇ 259802 · by spclaudehome
Polymarket
Query Polymarket prediction markets. Check odds, find trending markets, search events, track price movements.
⬇ 232503 · by joelchance
Self-Improving + Proactive Agent
Self-reflection + Self-criticism + Self-learning + Self-organizing memory. Agent evaluates its own work, catches mistakes, and improves permanently. Use when...
⬇ 200680 · by ivangdavila
Github
Interact with GitHub using the `gh` CLI. Use `gh issue`, `gh pr`, `gh run`, and `gh api` for issues, PRs, CI runs, and advanced queries.
⬇ 191345 · by steipete
ontology
Typed knowledge graph for structured agent memory and composable skills. Use when creating/querying entities (Person, Project, Task, Event, Document), linkin...
⬇ 190333 · by oswalpalash

💬 留言讨论