← 返回 Skills 市场
openkrill
作者
emilankerwiik
· GitHub ↗
· v1.0.0
1488
总下载
1
收藏
0
当前安装
1
版本数
在 OpenClaw 中安装
/install openkrill
功能描述
Enable AI agents to make micropayments via x402 protocol. Use when purchasing browser sessions on Browserbase, scraping with Firecrawl, or any x402-compatible API. Handles wallet creation, funding, and automatic payment flows.
安全使用建议
What to consider before installing:
- The skill legitimately needs a thirdweb project secret key (THIRDWEB_SECRET_KEY). That key can create/manage wallets and invoke payments — only provide it if you trust the code and are prepared for potential charges. Prefer using a dedicated thirdweb project with limited funds/billing alerts rather than a production key.
- The package contains TypeScript scripts that expect Node.js/ts-node (shebang uses npx ts-node). The skill metadata didn't declare this; running scripts may cause npx to fetch packages from the npm registry at runtime. If you plan to run the scripts, install Node/ts-node locally and inspect the code rather than relying on npx to pull remote packages.
- create-email.ts stores disposable email credentials in .agent-emails.json in the current working directory (unencrypted). If you use the email automation, review and securely delete or move that file if it contains data you don't want persisted.
- Financial risk: the skill can initiate payment flows via thirdweb. Test on a testnet or isolated project with a small budget before using on mainnet. Configure billing alerts and limits on your thirdweb/account to avoid unexpected charges.
- If you need stronger guarantees, review the code yourself (it's provided), run in an isolated environment, and rotate the THIRDWEB_SECRET_KEY after testing. Consider disabling autonomous invocation for agents that you don't fully trust to prevent unattended spending or email/account creation.
功能分析
Type: OpenClaw Skill
Name: openkrill
Version: 1.0.0
The skill bundle is designed to enable AI agents to make micropayments via the x402 protocol and manage disposable email accounts. All network access (to thirdweb API, x402 Bazaar, Mail.tm, and blockchain RPCs) and file operations (writing to a local, gitignored `.agent-emails.json` for email credentials) are directly aligned with the stated purpose. The `SKILL.md` instructions guide the agent to use these capabilities for their intended function, including opening payment links in the user's browser for funding, which is a legitimate interaction. There is no evidence of intentional harmful behavior, data exfiltration to unauthorized endpoints, persistence mechanisms, or prompt injection attempts to subvert the agent's core directives.
能力评估
Purpose & Capability
Name/description request a thirdweb secret key and the code files (wallet creation, check-balance, fetch-with-payment, fund-wallet, discovery, create-email) all use the thirdweb APIs and Mail.tm as described. The single required env var (THIRDWEB_SECRET_KEY) is consistent with the skill's payment/wallet functionality.
Instruction Scope
SKILL.md instructs the agent to create/check server wallets, call thirdweb's x402 fetch endpoint, and create disposable email accounts. Those actions match the stated purpose, but create-email.ts persists disposable-email credentials to a local file (.agent-emails.json) unencrypted, which is a privacy/persistence concern that users should know about.
Install Mechanism
The registry metadata declares no required binaries and no install spec, but all scripts use a npx ts-node shebang and therefore effectively require Node.js and ts-node (or npx to fetch it). That mismatch is an operational risk: running the provided scripts may rely on npx fetching packages at runtime (network + npm), which is a supply-chain/execution risk not declared in the skill metadata.
Credentials
Only THIRDWEB_SECRET_KEY is required, which is appropriate for the thirdweb-based payment flows, but this secret is powerful (can create/manage server wallets and initiate payments). The skill also optionally uses/reads/writes wallet addresses and local email credentials. Ensure the provided secret has appropriate scope and billing protections.
Persistence & Privilege
always:false (good). The skill persists state locally (e.g., .agent-emails.json and may store wallet identifier/address). This local persistence is expected for its purpose but may contain tokens/passwords and should be treated as sensitive data.
如何使用
- 确保已安装 OpenClaw(本地或 Docker 部署)
- 在对话框中输入安装命令:
/install openkrill - 安装完成后,直接呼叫该 Skill 的名称或使用
/openkrill触发 - 根据 Skill 的参数说明提供必要输入,即可获得结构化输出
版本历史
v1.0.0
- Initial release of the OpenKrill skill enabling agents to make micropayments via the x402 protocol.
- Automates wallet management, funding, and payment flows for APIs requiring 402 Payment Required responses.
- Supports purchasing services on Browserbase (true x402) and outlines compatibility status for Firecrawl (non-standard x402).
- Includes guidance for discovering x402-compatible APIs via the Bazaar discovery endpoint.
- Details usage with thirdweb's fetchWithPayment API, including wallet creation and payment handling.
- Documentation covers supported endpoints, known limitations, and best practices for agents.
元数据
常见问题
openkrill 是什么?
Enable AI agents to make micropayments via x402 protocol. Use when purchasing browser sessions on Browserbase, scraping with Firecrawl, or any x402-compatible API. Handles wallet creation, funding, and automatic payment flows. 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件,目前累计下载 1488 次。
如何安装 openkrill?
在 OpenClaw 或 Claude Code 对话框中运行命令「/install openkrill」即可一键安装,无需额外配置。
openkrill 是免费的吗?
是的,openkrill 完全免费(开源免费),可自由下载、安装和使用。
openkrill 支持哪些平台?
openkrill 跨平台运行,可在任意部署了 OpenClaw / Claude Code 的环境中使用(cross-platform)。
谁开发了 openkrill?
由 emilankerwiik(@emilankerwiik)开发并维护,当前版本 v1.0.0。
推荐 Skills