← 返回 Skills 市场
macd2

OpenClawCash

作者 macd2 · GitHub ↗ · v1.19.0 · MIT-0
cross-platform ⚠ suspicious
619
总下载
0
收藏
0
当前安装
7
版本数
在 OpenClaw 中安装
/install open-claw-cash
功能描述
OpenclawCash crypto wallet API for AI agents (also called openclawcash). Use when an agent needs to send native or token transfers, check balances, list wall...
安全使用建议
Before installing or running this skill: (1) be aware it requires an API key (AGENTWALLETAPI_KEY) and the curl binary — the registry metadata incorrectly omits these; (2) the included CLI can import private keys and will send passphrases/private-key data to https://openclawcash.com — only use this with API keys you trust and with minimal permissions (disable wallet-import/creation if not needed); (3) the CLI can read any env var whose name you pass in and will transmit its value — avoid passing names that reference other secrets, and do not store unrelated secrets in env vars referenced here; (4) the docs recommend 'npx -y @openclawcash/mcp-server' which downloads and runs remote code — verify the npm package and prefer manually-reviewed installs; (5) test on testnets and use confirm_each_write mode; restrict the API key scope and rotation; and if you are not comfortable with private-key uploads or automatic npx installs, do not install or run this skill.
功能分析
Type: OpenClaw Skill Name: open-claw-cash Version: 1.19.0 The skill provides a comprehensive crypto wallet management API for AI agents, but contains high-risk instructions in SKILL.md that encourage the agent to bypass per-transaction user confirmation. Specifically, it suggests an 'operate_on_my_behalf' mode where, after a single initial approval, the agent executes financial 'write' actions (transfers, swaps, Polymarket orders) autonomously using the '--yes' flag. Additionally, the scripts/agentwalletapi.sh tool facilitates the transmission of raw private keys to the backend (https://openclawcash.com) during wallet imports. While these features align with the stated purpose of a managed wallet service, they significantly expand the attack surface for prompt injection and unauthorized financial transactions.
能力评估
Purpose & Capability
SKILL.md and the scripts clearly implement an OpenclawCash agent API client that needs an API key (AGENTWALLETAPI_KEY) and curl — this is coherent with the stated purpose. However the registry metadata in the header (Required env vars: none; Required binaries: none) contradicts the SKILL.md and the scripts. That metadata mismatch is an integrity problem: the skill actually requires an API key and curl, but the registry claim omits them.
Instruction Scope
The runtime instructions and included CLI script perform highly sensitive wallet operations: creating/importing wallets, sending transfers, performing swaps, and POSTing private keys to the service. The scripts source a .env in the skill folder and will read env vars by indirection (the script accepts an env-var-name argument and uses ${!VAR} to read its value) and then send that value to the remote API. Those behaviors are within the skill's stated wallet purpose but are high-risk and must be treated carefully (imported private keys and passphrases are transmitted to openclawcash.com). The SKILL.md also instructs agents to optionally operate without repeated prompts (operate_on_my_behalf), which increases the risk if not tightly controlled by user approvals.
Install Mechanism
No install spec is provided (instruction-only), which is low-risk in terms of automatic code downloads. However the README recommends using 'npx -y @openclawcash/mcp-server' as the preferred path; npx will fetch and execute code from the npm registry at runtime. Using npx -y downloads remote code automatically and should be treated as an install action with associated risk — verify the package source and contents before running.
Credentials
Requesting AGENTWALLETAPI_KEY is proportional to a wallet client, and the skill limits config to a local .env file in its folder. However the CLI supports reading an arbitrary env var name supplied by the user and will send that env var's value (e.g., export passphrase) to the remote API; this mechanism could be misused to exfiltrate unrelated secrets if a malicious agent or user supplies a different env var name. Also the skill accepts private key content via stdin and transmits it to the API — expected for import flows but highly sensitive and requires explicit user understanding and limited API key permissions.
Persistence & Privilege
The skill does not request 'always: true' or other elevated platform privileges. It writes a local .env file under the skill folder via setup.sh (normal for configuring a skill). It does not modify other skills or global agent settings.
如何使用
  1. 确保已安装 OpenClaw(本地或 Docker 部署)
  2. 在对话框中输入安装命令:/install open-claw-cash
  3. 安装完成后,直接呼叫该 Skill 的名称或使用 /open-claw-cash 触发
  4. 根据 Skill 的参数说明提供必要输入,即可获得结构化输出
版本历史
v1.19.0
- Version bump: 1.19.0 (from 1.18.0) - Added support for Polymarket "redeem" flows via Polygon wallets, with new CLI commands for redeem actions. - Updated documentation to mention Polymarket redeem as part of supported operations. - No functional or code changes detected; this update is documentation and CLI usage focused.
v1.18.0
- Version updated from 1.12.0 to 1.18.0. - Documentation updated to clarify that this skill may also be called `openclawcash`. - CLI usage examples expanded to include `polymarket-resolve` for resolving Polymarket markets. - Documentation now describes new or alternative transfer parameter names (`valueBaseUnits`, `amountDisplay`, with `amount` and `value` as legacy aliases). - No functional or code changes; all updates are in documentation.
v1.12.0
New in version 1.12.0: - Added CLI commands for user tag management: `user-tag-get` and `user-tag-set`. - Introduced multiple checkout escrow lifecycle commands for creating, managing, and executing checkout and escrow payments. - Updated documentation to include examples and usage for new CLI checkout and user tag commands. - Clarified API surface section to include checkout escrow and user tag operations.
v1.11.0
**Polymarket integration and expanded support for Polygon:** - Added support for Polymarket venue operations (account management, placing/canceling orders, positions, activity) via Polygon wallets. - Documentation updated to include Polymarket CLI examples and setup guidance. - Wallet import expanded to allow `polygon-mainnet` alongside `mainnet` and `solana-mainnet`. - Emphasized the use of integer base-units for all transfer, quote, and swap fields (no decimals). - Clarified API documentation to focus on `/api/agent/*` endpoints and newly supported features.
v1.9.6
- Updated to version 1.9.6 - CLI examples now use actual wallet IDs (e.g., Q7X2K9P) instead of numeric indexes - Added CLI usage and documentation for Solana token quoting (quote solana-mainnet SOL USDC ...) - Clarified that supported-tokens endpoint requires X-Agent-Key and added guidance notes - Improved instructions and clarity for quote/swap operations on both EVM and Solana mainnet
v1.9.4
**Summary:** Adds preferred MCP (Multi-Chain Proxy) integration path and clarifies agent write-approval flow. - Added documentation prioritizing the use of the OpenClawCash MCP server for integrations, recommending the CLI tool only as a fallback. - Clarified agent approval modes for write actions, including session-based permission and when to prompt the user. - Updated API key example prefix from "ag_" to "occ_" for consistency. - Expanded explanations of API endpoints, wallet selection, and confirmation practices for agent-controlled operations. - Improved CLI usage instructions and wallet creation example to require explicit passphrase arguments.
v1.9.1
- Updated documentation in SKILL.md for clarity and expanded usage instructions. - Detailed safety model and workflow for wallet operations, including gated actions and explicit confirmations. - Added comprehensive CLI usage examples for both read-only and write actions across EVM and Solana. - Outlined recovery steps and troubleshooting for setup and network failures. - Clarified agent and dashboard API surfaces, endpoints, authentication, and permission policies. - Improved best practices for wallet import safety and private key handling.
元数据
Slug open-claw-cash
版本 1.19.0
许可证 MIT-0
累计安装 0
当前安装数 0
历史版本数 7
常见问题

OpenClawCash 是什么?

OpenclawCash crypto wallet API for AI agents (also called openclawcash). Use when an agent needs to send native or token transfers, check balances, list wall... 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件,目前累计下载 619 次。

如何安装 OpenClawCash?

在 OpenClaw 或 Claude Code 对话框中运行命令「/install open-claw-cash」即可一键安装,无需额外配置。

OpenClawCash 是免费的吗?

是的,OpenClawCash 完全免费,采用 MIT-0 许可证,可自由下载、安装和使用。

OpenClawCash 支持哪些平台?

OpenClawCash 跨平台运行,可在任意部署了 OpenClaw / Claude Code 的环境中使用(cross-platform)。

谁开发了 OpenClawCash?

由 macd2(@macd2)开发并维护,当前版本 v1.19.0。

推荐 Skills
self-improving agent
Captures learnings, errors, and corrections to enable continuous improvement. Use when: (1) A command or operation fails unexpectedly, (2) User corrects Clau...
⬇ 463368 · by pskoett
Skill Vetter
Security-first skill vetting for AI agents. Use before installing any skill from ClawdHub, GitHub, or other sources. Checks for red flags, permission scope, and suspicious patterns.
⬇ 259467 · by spclaudehome
Polymarket
Query Polymarket prediction markets. Check odds, find trending markets, search events, track price movements.
⬇ 232503 · by joelchance
Self-Improving + Proactive Agent
Self-reflection + Self-criticism + Self-learning + Self-organizing memory. Agent evaluates its own work, catches mistakes, and improves permanently. Use when...
⬇ 200457 · by ivangdavila
Github
Interact with GitHub using the `gh` CLI. Use `gh issue`, `gh pr`, `gh run`, and `gh api` for issues, PRs, CI runs, and advanced queries.
⬇ 191163 · by steipete
ontology
Typed knowledge graph for structured agent memory and composable skills. Use when creating/querying entities (Person, Project, Task, Event, Document), linkin...
⬇ 190189 · by oswalpalash

💬 留言讨论