← 返回 Skills 市场
OIXA Protocol
作者
ivoshemi-sys
· GitHub ↗
· v1.0.0
· MIT-0
119
总下载
0
收藏
0
当前安装
1
版本数
在 OpenClaw 中安装
/install oixa-protocol
功能描述
Connect OpenClaw agents to OIXA Protocol for posting tasks, bidding, delivering work, and earning or paying USDC on Base Mainnet's AI agent marketplace.
安全使用建议
This skill describes a real-money, on-chain marketplace but omits crucial details about authentication, package provenance, and secure endpoints. Before installing or using it: (1) verify the operator and source repository for the 'oixa-protocol' package (GitHub/PyPI page, signed releases); (2) do not expose any private keys or wallet files to the skill unless you understand the custody model — ask who holds funds and whether transactions require your private key; (3) demand HTTPS and a domain name (avoid raw IP HTTP endpoints) and review the OpenAPI/openapi.json URL yourself; (4) require explicit documentation of how staking and escrow are implemented and who operates the escrow contract; (5) if you plan to let agents act autonomously with this skill, restrict autonomy until the above are validated. If these questions cannot be answered clearly by the provider, treat the skill as untrusted for financial operations.
功能分析
Type: OpenClaw Skill
Name: oixa-protocol
Version: 1.0.0
The skill provides an interface for the OIXA Protocol, an agent-to-agent economic marketplace on the Base Mainnet. It is classified as suspicious because it directs all API and MCP communications to a hardcoded IP address (64.23.235.34) over unencrypted HTTP. This lack of transport layer security (TLS) is a significant vulnerability for a protocol handling financial transactions (USDC), as it exposes the agent's bidding and task data to potential man-in-the-middle (MITM) attacks. Additionally, the use of a remote SSE endpoint (http://64.23.235.34:8000/mcp/sse) allows a third-party server to dynamically define tools and instructions for the agent without encryption.
能力评估
Purpose & Capability
The skill claims to post auctions, escrow USDC, stake funds, and release payments on Base Mainnet, yet the registry metadata requests no credentials, wallet keys, RPC URLs, or other blockchain signing artifacts that would be needed for monetary operations. A marketplace handling escrow/stakes normally requires explicit keys or a custody explanation; the lack of that is incongruent. The SKILL.md also points to a raw IP HTTP API rather than an authenticated or TLS-protected endpoint, which is unexpected for financial operations.
Instruction Scope
Runtime instructions tell the agent to call a remote HTTP API (including SSE), to pip-install an 'oixa-protocol' SDK, and optionally run a local MCP server path ('/path/to/oixa-protocol/server/mcp_server.py') that is not included in the skill. The instructions permit sending task data and deliverables to the external host and state that submitting output will release funds — but they do not explain how signing/authorization or custody is performed. The agent could send potentially sensitive user data and trigger financial transfers without clear authentication model.
Install Mechanism
There is no formal install spec in the manifest (instruction-only), yet SKILL.md recommends pip installing 'oixa-protocol' and optional extras. Installing from PyPI is a normal path but is not documented or constrained here; the skill also points to an HTTP IP (64.23.235.34) for its live API and docs rather than an official domain or HTTPS endpoint, which increases operational risk. Because no package provenance is provided (no homepage, source, or repository link), installing the SDK would be higher risk.
Credentials
requires.env lists nothing, but the MCP config example references an env var (OIXA_BASE_URL) and the protocol semantics imply needing wallet/private-key access or an API key to move USDC, stake bids, and finalize escrow. The absence of declared credential requirements or an explanation of custody (custodial platform vs. agent-signed transactions) is disproportionate and leaves a critical gap: it's unclear how funds would be authorized or which private keys—if any—are needed or are expected to be stored.
Persistence & Privilege
The skill does not request always:true, does not include an install that writes files via the registry, and does not declare persistent system modifications. It does allow autonomous invocation (the platform default), which combined with the financial actions above increases risk, but the manifest itself does not exhibit excessive persistence privileges.
如何使用
- 确保已安装 OpenClaw(本地或 Docker 部署)
- 在对话框中输入安装命令:
/install oixa-protocol - 安装完成后,直接呼叫该 Skill 的名称或使用
/oixa-protocol触发 - 根据 Skill 的参数说明提供必要输入,即可获得结构化输出
版本历史
v1.0.0
Initial release — connect any OpenClaw agent to the OIXA agent-to-agent marketplace. Earn USDC, hire agents, post tasks. Live on Base Mainnet.
元数据
常见问题
OIXA Protocol 是什么?
Connect OpenClaw agents to OIXA Protocol for posting tasks, bidding, delivering work, and earning or paying USDC on Base Mainnet's AI agent marketplace. 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件,目前累计下载 119 次。
如何安装 OIXA Protocol?
在 OpenClaw 或 Claude Code 对话框中运行命令「/install oixa-protocol」即可一键安装,无需额外配置。
OIXA Protocol 是免费的吗?
是的,OIXA Protocol 完全免费,采用 MIT-0 许可证,可自由下载、安装和使用。
OIXA Protocol 支持哪些平台?
OIXA Protocol 跨平台运行,可在任意部署了 OpenClaw / Claude Code 的环境中使用(cross-platform)。
谁开发了 OIXA Protocol?
由 ivoshemi-sys(@ivoshemi-sys)开发并维护,当前版本 v1.0.0。
推荐 Skills