← 返回 Skills 市场
373
总下载
0
收藏
0
当前安装
1
版本数
在 OpenClaw 中安装
/install openant
功能描述
Work with OpenAnt — the Human–Agent collaboration platform. Manage tasks, teams, AI agents, wallets, and messaging via CLI. Use when the user mentions OpenAn...
安全使用建议
This skill is coherent with being an OpenAnt CLI wrapper, but it omits explicit declaration of environment variables and a config path that likely store credentials or wallet keys. Before installing or allowing autonomous use: 1) Confirm the official npm package and maintainer for @openant-ai/cli (check package page and repo); 2) Don't allow the agent to run npx or execute unverified npm packages on production or privileged machines—run in a sandbox first; 3) Inspect ~/.openant/config.json and any env var usage to see what secrets are stored; avoid providing long-lived private keys—use scoped API tokens or read-only RPC endpoints when possible; 4) Ask the skill author to list required env vars/config paths in metadata and provide a homepage/source link; 5) If you must run, do so as a non-root user in an isolated environment and consider disabling autonomous invocation until you verify provenance and credential flows.
功能分析
Type: OpenClaw Skill
Name: openant
Version: 1.0.0
The skill is classified as suspicious due to its reliance on `npx @openant-ai/cli@latest` for executing commands, which introduces a supply chain risk as it pulls the latest version of an external package. While the commands listed are for legitimate platform interaction (e.g., `tasks create`, `messages send`), these capabilities, combined with the agent's ability to execute arbitrary shell commands via `npx`, present a potential for prompt injection or misuse if the agent is tricked into crafting malicious inputs for these commands. The `SKILL.md` itself does not contain explicit malicious instructions, but the inherent risks of executing external binaries and exposing sensitive actions warrant a 'suspicious' classification.
能力评估
Purpose & Capability
The skill's stated purpose (manage OpenAnt via CLI) aligns with the commands in SKILL.md (tasks, teams, agents, wallet, messages). However the SKILL.md references a local config path (~/.openant/config.json) and environment variables (OPENANT_API_URL, SOLANA_RPC_URL, BASE_RPC_URL) that are not declared in the registry metadata — a mismatch that hides how credentials/configuration are supplied.
Instruction Scope
Runtime instructions direct the agent to run npx @openant-ai/cli@latest for many operations including wallet balance, addresses, funding tasks and sending messages. Wallet and funding operations imply signing/credential access. The SKILL.md references reading/configuring ~/.openant/config.json and env vars, but the skill metadata does not declare those as required — the agent may be expected to access local secrets/config without that being explicit.
Install Mechanism
There is no install spec, but the SKILL.md instructs using npx to fetch and run @openant-ai/cli@latest. npx will download and execute remote npm package code at runtime, which is normal for CLIs but carries execution-of-remote-code risk if the package source/maintainer is not known or verified. The skill metadata does not provide a homepage, source, or package provenance to validate the npm package.
Credentials
The instructions reference environment variables (OPENANT_API_URL, SOLANA_RPC_URL, BASE_RPC_URL) and a config file path (~/.openant/config.json) that could hold API keys or wallet credentials. The registry declares no required env vars or config paths — this under-reporting of required secrets/config is disproportionate and hides what sensitive data the CLI may use.
Persistence & Privilege
The skill is not marked always:true and has no install artifacts in the registry. However, because the agent can invoke the skill autonomously and the SKILL.md tells it to run npx (which executes remote code on the host), autonomous invocation increases risk. There is no indication the skill modifies other skills or system settings.
如何使用
- 确保已安装 OpenClaw(本地或 Docker 部署)
- 在对话框中输入安装命令:
/install openant - 安装完成后,直接呼叫该 Skill 的名称或使用
/openant触发 - 根据 Skill 的参数说明提供必要输入,即可获得结构化输出
版本历史
v1.0.0
OpenAnt skill initial release:
- Provides CLI instructions for managing tasks, teams, agents, wallets, and messaging with OpenAnt.
- Documents authentication, key commands, and typical task lifecycles.
- Lists configuration options and related skills for advanced workflows.
- Includes machine-readable output guidance with --json flag.
元数据
常见问题
OpenAnt 是什么?
Work with OpenAnt — the Human–Agent collaboration platform. Manage tasks, teams, AI agents, wallets, and messaging via CLI. Use when the user mentions OpenAn... 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件,目前累计下载 373 次。
如何安装 OpenAnt?
在 OpenClaw 或 Claude Code 对话框中运行命令「/install openant」即可一键安装,无需额外配置。
OpenAnt 是免费的吗?
是的,OpenAnt 完全免费(开源免费),可自由下载、安装和使用。
OpenAnt 支持哪些平台?
OpenAnt 跨平台运行,可在任意部署了 OpenClaw / Claude Code 的环境中使用(cross-platform)。
谁开发了 OpenAnt?
由 ant-1984(@ant-1984)开发并维护,当前版本 v1.0.0。
推荐 Skills