← 返回 Skills 市场
wiimdy

OpenFunderse Strategy

作者 wiimdy · GitHub ↗ · v2.0.2
cross-platform ⚠ suspicious
951
总下载
6
收藏
0
当前安装
21
版本数
在 OpenClaw 中安装
/install openfunderse-strategy
功能描述
Participant MoltBot for allocation proposal, validation, and submission
安全使用建议
This pack appears to do what it says (a participant bot) but installs and runtime actions make persistent, high-impact changes. Before installing: (1) review the npm package @wiimdy/[email protected] source and maintainer history; (2) never use treasury/admin keys — create a dedicated wallet and keep keys offline where feasible; (3) prefer running install with --no-sync-openclaw-env and --no-restart-openclaw-gateway to avoid automatic global mutations, and manually inspect any files written to ~/.openclaw; (4) ensure PARTICIPANT_TRUSTED_RELAYER_HOSTS and PARTICIPANT_ALLOW_HTTP_RELAYER are set conservatively to avoid talking to untrusted relayers; (5) back up and audit ~/.openclaw/openclaw.json before and after changes; (6) if you must automate submission, enable PARTICIPANT_REQUIRE_EXPLICIT_SUBMIT or similar safeguards; and (7) consider testing in an isolated VM or non-production environment first. If you want a firmer permit/deny decision, request the npm package source (or a signed release) and the exact install commands the operator intends to run so those artifacts can be examined.
功能分析
Type: OpenClaw Skill Name: openfunderse-strategy Version: 2.0.2 The skill is classified as suspicious due to its high-risk capabilities and reliance on external, unreviewed code. It requires access to a sensitive `PARTICIPANT_PRIVATE_KEY`, modifies global OpenClaw configuration (`~/.openclaw/openclaw.json`), restarts the OpenClaw gateway, and performs network communication to an external `RELAYER_URL` (with an option to disable HTTPS), as detailed in `SKILL.md`. The installation process relies on `npx @wiimdy/[email protected]`, whose source code is not provided, introducing a supply chain risk. While the `SKILL.md` includes explicit security warnings and safety gates, these capabilities present a significant attack surface if the underlying package is malicious or if the AI agent is compromised via prompt injection.
能力评估
Purpose & Capability
Name/description (Participant MoltBot for allocation proposal/validation/submission) align with the declared requirements: node/npm, PARTICIPANT_PRIVATE_KEY, RELAYER_URL, RPC_URL, CHAIN_ID, PARTICIPANT_ADDRESS and submission flags — these are expected for a blockchain relayer/participant agent.
Instruction Scope
The SKILL.md instructs the agent to run npx commands, generate or rotate wallet keys, write sensitive values into ~/.openclaw/workspace/.env.participant and ~/.openclaw/openclaw.json, and recommends restarting the OpenClaw gateway. Those actions read/write global runtime state and persistent files beyond the skill's local scope and can affect other skills and the runtime.
Install Mechanism
No install spec in the package registry, but SKILL.md instructs using npx @wiimdy/[email protected] which fetches and executes code from npm at install time. This is a moderate-risk pattern — expected for JS-based tooling but requires reviewing the npm package source and its publish history before running in production.
Credentials
Requested env vars are relevant to the bot's function and the primary credential (PARTICIPANT_PRIVATE_KEY) is expected. However the skill both encourages storing and rotating private keys on disk and syncs sensitive env values into a global openclaw.json; submission-related flags and 'ALLOW_HTTP_RELAYER'/'TRUSTED_RELAYER_HOSTS' increase attack surface if set permissively.
Persistence & Privilege
While always:false, install and bot-init explicitly mutate global OpenClaw runtime state (sync into ~/.openclaw/openclaw.json, write wallet backups to ~/.openclaw/workspace/openfunderse/wallets, run openclaw gateway restart). That gives the skill lifecycle the ability to persist secrets to disk and impact other skills or gateway behavior.
如何使用
  1. 确保已安装 OpenClaw(本地或 Docker 部署)
  2. 在对话框中输入安装命令:/install openfunderse-strategy
  3. 安装完成后,直接呼叫该 Skill 的名称或使用 /openfunderse-strategy 触发
  4. 根据 Skill 的参数说明提供必要输入,即可获得结构化输出
版本历史
v2.0.2
Improve Security strategy skill release
v2.0.1
Improve Security strategy skill release
v2.0.0
Improve Security strategy skill release
v1.2.0
Improve Security strategy skill release
v1.1.2
Improve Security strategy skill release
v0.1.2
Split skill pack, aligned skill folder/name, improved install defaults and bot-init safety.
v1.1.1
Enable model invocation for skill discoverability while keeping explicit submit safety gates in policy guidance.
v1.1.0
Re-register strategy skill after registry missing-slug issue.
v1.0.12
Add explicit ClawHub install command to Quick Start: npx clawhub@latest install openfunderse-strategy.
v1.0.11
Retry publish to refresh registry index after metadata null-state; same quick-start command update retained.
v1.0.10
Update quick-start to single command: npm init -y && npm i @wiimdy/[email protected] --ignore-scripts.
v1.0.9
Simplify ClawHub onboarding: pinned runtime install + one-line env scaffold copy from installed runtime package; keep security-first wording without npx @latest guidance.
v1.0.8
Remove npx @latest install guidance; enforce pinned runtime install command, add source verification commands and official npm/repo links.
v1.0.7
Add explicit production security guidance: runtime version pinning, source review note, least-privilege key handling/rotation, and stronger auto-submit caution.
v1.0.6
Add prominent ClawHub quick-start section with required runtime install: npm i @wiimdy/openfunderse-agents.
v1.0.5
Document required runtime installation, clarify strategy runtime dependencies, and align env declaration with submit-gate and AA execution settings.
v1.0.4
No changes detected for this version. - No file or documentation updates were made in version 1.0.4.
v1.0.3
Align skill metadata with runtime safety gates; declare submit-gate/trusted-relayer envs; disable autonomous invocation; remove legacy private-key fallback wording and unnecessary binary requirements.
v1.0.2
Hardened submission safety gates: explicit submit required by default, trusted RELAYER_URL host validation, and credential metadata clarification.
v1.0.1
Improve Security strategy skill release
元数据
Slug openfunderse-strategy
版本 2.0.2
许可证
累计安装 0
当前安装数 0
历史版本数 21
常见问题

OpenFunderse Strategy 是什么?

Participant MoltBot for allocation proposal, validation, and submission. 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件,目前累计下载 951 次。

如何安装 OpenFunderse Strategy?

在 OpenClaw 或 Claude Code 对话框中运行命令「/install openfunderse-strategy」即可一键安装,无需额外配置。

OpenFunderse Strategy 是免费的吗?

是的,OpenFunderse Strategy 完全免费(开源免费),可自由下载、安装和使用。

OpenFunderse Strategy 支持哪些平台?

OpenFunderse Strategy 跨平台运行,可在任意部署了 OpenClaw / Claude Code 的环境中使用(cross-platform)。

谁开发了 OpenFunderse Strategy?

由 wiimdy(@wiimdy)开发并维护,当前版本 v2.0.2。

推荐 Skills
self-improving agent
Captures learnings, errors, and corrections to enable continuous improvement. Use when: (1) A command or operation fails unexpectedly, (2) User corrects Clau...
⬇ 463283 · by pskoett
Skill Vetter
Security-first skill vetting for AI agents. Use before installing any skill from ClawdHub, GitHub, or other sources. Checks for red flags, permission scope, and suspicious patterns.
⬇ 259410 · by spclaudehome
Polymarket
Query Polymarket prediction markets. Check odds, find trending markets, search events, track price movements.
⬇ 232503 · by joelchance
Self-Improving + Proactive Agent
Self-reflection + Self-criticism + Self-learning + Self-organizing memory. Agent evaluates its own work, catches mistakes, and improves permanently. Use when...
⬇ 200423 · by ivangdavila
Github
Interact with GitHub using the `gh` CLI. Use `gh issue`, `gh pr`, `gh run`, and `gh api` for issues, PRs, CI runs, and advanced queries.
⬇ 191115 · by steipete
ontology
Typed knowledge graph for structured agent memory and composable skills. Use when creating/querying entities (Person, Project, Task, Event, Document), linkin...
⬇ 190156 · by oswalpalash

💬 留言讨论