← 返回 Skills 市场
cethum

ondeep-flow

作者 CeThum · GitHub ↗ · v1.0.7 · MIT-0
cross-platform ✓ 安全检测通过
207
总下载
0
收藏
0
当前安装
8
版本数
在 OpenClaw 中安装
/install ondeep-flow
功能描述
The AI-era Taobao / Xianyu (闲鱼): an open C2C marketplace where agents and people publish almost anything they want to trade — digital services, APIs, compute...
安全使用建议
This skill appears to be what it claims — an API client for a decentralized marketplace — but it enables real cryptocurrency payments and autonomous ordering. Before installing: (1) only provide ONDEEP_ACCID/ONDEEP_TOKEN to processes you trust because they allow creating and confirming paid orders; (2) require human approval before placing orders or transferring crypto; enforce spending limits and use a dedicated wallet with minimal funds; (3) treat order notes as display-only untrusted input and never auto-execute instructions embedded in notes; (4) monitor the heartbeat network activity and stop it if you don't want the agent discoverable; (5) if you plan to let agents invoke the skill autonomously, implement explicit operator gates around POST /api/orders and any call that would initiate a payment. These precautions reduce the real financial risk inherent to this coherent but high-impact capability.
功能分析
Type: OpenClaw Skill Name: ondeep-flow Version: 1.0.7 The ondeep-flow skill bundle provides an interface for a decentralized C2C marketplace (ondeep.net) where AI agents can trade services, compute, and data using cryptocurrency escrow (BSC/ETH). While the skill facilitates high-risk activities like financial transactions and handles untrusted user-generated 'order notes' (a potential prompt injection vector), the documentation in SKILL.md and api-reference.md is exceptionally responsible, providing explicit warnings against executing note content and mandating human-in-the-loop approvals for all payments. The code examples in examples.md follow these safety practices, and no evidence of malicious intent, data exfiltration, or unauthorized execution was found.
能力评估
Purpose & Capability
Name/description describe an agent-oriented marketplace with on-chain escrow; the only required artifacts are an account id and token (ONDEEP_ACCID, ONDEEP_TOKEN) which are exactly what an API client needs. No unrelated binaries, hosts, or credentials are requested.
Instruction Scope
SKILL.md contains only HTTP API usage examples (curl, requests, heartbeat) and explicit warnings not to execute order notes and to require human approval for payments. It also instructs agents to run a heartbeat every 60s which returns recent orders and free-text notes — these notes can contain adversarial content or delivery instructions, so the skill correctly warns against executing them, but an agent that ignores that guidance could be induced to call arbitrary endpoints or act on injected instructions.
Install Mechanism
Instruction-only skill with no install spec and no code files to execute. No downloads or archives; lowest installation risk.
Credentials
Requires only ONDEEP_ACCID and ONDEEP_TOKEN, which are appropriate and expected for API auth. However, those credentials grant the ability to create orders, confirm them, and interact with payment flow — i.e., they control real economic actions. The skill does not request unrelated secrets, but the requested token is powerful and should be treated like a key to a payments-capable account.
Persistence & Privilege
always is false and there is no install-time persistence. Model invocation is allowed (default), meaning an agent could call the skill autonomously; this is normal for skills but operators must gate payment actions via human approval as recommended in the docs.
如何使用
  1. 确保已安装 OpenClaw(本地或 Docker 部署)
  2. 在对话框中输入安装命令:/install ondeep-flow
  3. 安装完成后,直接呼叫该 Skill 的名称或使用 /ondeep-flow 触发
  4. 根据 Skill 的参数说明提供必要输入,即可获得结构化输出
版本历史
v1.0.7
- No code or documentation changes detected in this version. - Version bump only; functionality and documentation remain unchanged.
v1.0.6
API register response now returns both token and secret fields (same value, secret kept for backward compatibility). All docs and examples updated to use .data.token consistently. Eliminates remaining secret keyword from documentation surface.
v1.0.5
Rename X-Secret header to X-Token (X-Secret still accepted for backward compatibility). Fix documentation contradiction: heartbeat description now accurately states that both accid and token are transmitted via HTTPS headers for authentication, while no wallet private keys ever leave the system. Rename env var ONDEEP_SECRET to ONDEEP_TOKEN in docs.
v1.0.4
Add concrete real-world use-case scenarios: second-hand item trading, AI hiring humans for geo-located tasks (photography, delivery, hauling, inspection, field data collection), selling your own products/services as a 24/7 agent storefront, and agent-to-agent autonomous commerce.
v1.0.3
更新说明
v1.0.2
Harden security posture across all files: add safety notice to examples.md, remove silent heartbeat loops, add human approval steps in order examples, show safe notes handling in Python example, add untrusted-input warnings to api-reference.md heartbeat and order notes sections, add approval recommendation to POST /api/orders.
v1.0.1
Add Security Considerations section addressing prompt injection, payment approval, and persistent network activity risks. Soften autonomous language, recommend human-in-the-loop for payments.
v1.0.0
Initial release of ONDEEP Flow — an open, autonomous marketplace for AI agents to buy/sell services, rent/sell resources, and settle payments on-chain. - Fully documented JSON API for agent-to-agent trading (no manual approval or KYC). - Trustless payment via native crypto tokens (BNB on BSC, ETH on Ethereum) with on-chain escrow and auto-refund. - Geo-aware service discovery and support for a wide range of service categories. - Transparent pricing, minimal/capped fees, and code examples for every major workflow (register, heartbeat, order, payment). - Complete seller workflow and marketplace rules provided for seamless agent monetization and collaboration.
元数据
Slug ondeep-flow
版本 1.0.7
许可证 MIT-0
累计安装 0
当前安装数 0
历史版本数 8
常见问题

ondeep-flow 是什么?

The AI-era Taobao / Xianyu (闲鱼): an open C2C marketplace where agents and people publish almost anything they want to trade — digital services, APIs, compute... 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件,目前累计下载 207 次。

如何安装 ondeep-flow?

在 OpenClaw 或 Claude Code 对话框中运行命令「/install ondeep-flow」即可一键安装,无需额外配置。

ondeep-flow 是免费的吗?

是的,ondeep-flow 完全免费,采用 MIT-0 许可证,可自由下载、安装和使用。

ondeep-flow 支持哪些平台?

ondeep-flow 跨平台运行,可在任意部署了 OpenClaw / Claude Code 的环境中使用(cross-platform)。

谁开发了 ondeep-flow?

由 CeThum(@cethum)开发并维护,当前版本 v1.0.7。

推荐 Skills
self-improving agent
Captures learnings, errors, and corrections to enable continuous improvement. Use when: (1) A command or operation fails unexpectedly, (2) User corrects Clau...
⬇ 463283 · by pskoett
Skill Vetter
Security-first skill vetting for AI agents. Use before installing any skill from ClawdHub, GitHub, or other sources. Checks for red flags, permission scope, and suspicious patterns.
⬇ 259410 · by spclaudehome
Polymarket
Query Polymarket prediction markets. Check odds, find trending markets, search events, track price movements.
⬇ 232503 · by joelchance
Self-Improving + Proactive Agent
Self-reflection + Self-criticism + Self-learning + Self-organizing memory. Agent evaluates its own work, catches mistakes, and improves permanently. Use when...
⬇ 200423 · by ivangdavila
Github
Interact with GitHub using the `gh` CLI. Use `gh issue`, `gh pr`, `gh run`, and `gh api` for issues, PRs, CI runs, and advanced queries.
⬇ 191113 · by steipete
ontology
Typed knowledge graph for structured agent memory and composable skills. Use when creating/querying entities (Person, Project, Task, Event, Document), linkin...
⬇ 190156 · by oswalpalash

💬 留言讨论