← 返回 Skills 市场
issa-me-sush

OpenServ Client

作者 issa-me-sush · GitHub ↗ · v1.0.4
cross-platform ⚠ suspicious
1145
总下载
0
收藏
4
当前安装
5
版本数
在 OpenClaw 中安装
/install openserv-client
功能描述
Complete guide to using @openserv-labs/client for managing agents, workflows, triggers, and tasks on the OpenServ Platform. Covers provisioning, authenticati...
安全使用建议
This package appears to be a genuine platform client, but there are a few red flags you should consider before installing or running it: 1) Metadata omission: the registry entry lists no required environment variables, yet the documentation and examples use WALLET_PRIVATE_KEY, OPENSERV_API_KEY and OPENSERV_AUTH_TOKEN. Assume these secrets are required. 2) Secrets handling: provision() and troubleshooting describe writing private keys to .env and persisting .openserv.json—storing private keys in plaintext files is risky. Review the code paths that write files and consider keeping keys in a secure vault instead. 3) Token leakage: example scripts print webhook tokens and API keys to stdout; avoid running examples in shared logs or CI without sanitization. 4) Destructive actions: the cleanup example can delete all platform resources; be cautious with --all and run in a controlled account. 5) Origin unknown + prompt-injection signal: the source/homepage is unknown and a prompt-injection pattern was detected in SKILL.md—verify package provenance (official registry, maintainer contact, code signatures) before trusting it. Recommended actions: inspect the actual library code (not just docs) for where it writes .env/.openserv.json and for any network endpoints it calls; run examples in an isolated environment with throwaway credentials; if you need to use it in production, prefer manually managing credentials (do not permit provision() to persist your private key) and consider using hardware or vault-backed wallet signing.
功能分析
Type: OpenClaw Skill Name: openserv-client Version: 1.0.4 The OpenClaw AgentSkills skill bundle provides a client library for interacting with the OpenServ platform, including agent/workflow management, x402 payments, and ERC-8004 on-chain identity. All code and documentation align with this stated purpose, demonstrating legitimate interactions with the platform API and blockchain. While the skill handles sensitive credentials like `WALLET_PRIVATE_KEY` and `OPENSERV_API_KEY` (e.g., writing `WALLET_PRIVATE_KEY` to `.env` via `provision()`), this is a necessary function for its operation and does not show intent for unauthorized exfiltration or malicious use. No evidence of prompt injection, obfuscation, or other malicious behaviors was found in `SKILL.md`, `reference.md`, `troubleshooting.md`, or the example scripts.
能力评估
Purpose & Capability
The name/description and SKILL.md align: this is a client for the OpenServ platform (provisioning agents, triggers, workflows, x402 payments, ERC-8004). Example code and API reference are consistent with that purpose. However, the registry metadata declares no required environment variables or credentials while the instructions repeatedly rely on WALLET_PRIVATE_KEY, OPENSERV_API_KEY, and OPENSERV_AUTH_TOKEN (and describe writing them to disk). That metadata omission is an inconsistency.
Instruction Scope
Runtime instructions (and examples) instruct the agent/app to create or reuse an Ethereum wallet, authenticate using WALLET_PRIVATE_KEY, persist state to .openserv.json, and (per troubleshooting) write WALLET_PRIVATE_KEY / OPENSERV_* values into .env. Examples also print webhook tokens and API keys to stdout. These actions read/write sensitive secrets and local state and will transmit/propagate credentials to the platform—behavior that is outside a harmless 'reference guide' scope and should be explicitly disclosed.
Install Mechanism
This is instruction-only with recommended npm install of the package (@openserv-labs/client). There is no install spec that downloads arbitrary archives or runs remote installers, so installation risk is low-probability from the skill bundle itself. Example code is included but no build/install steps are embedded that modify system binaries.
Credentials
The SKILL.md and examples require and manipulate sensitive environment variables (WALLET_PRIVATE_KEY, OPENSERV_API_KEY, OPENSERV_AUTH_TOKEN) yet the skill metadata lists none. The instructions even describe provision() writing private keys to .env—storing private keys in plaintext files is high-risk and should be treated as a significant privilege. The number and sensitivity of env interactions are proportionate to a platform client, but the lack of explicit declaration and the advice to persist secrets are concerning.
Persistence & Privilege
The skill does not request 'always: true' and does not change other skills' configs, but it explicitly persists local state (.openserv.json and .env) and can create/delete platform resources (examples include a cleanup script with --all). Autonomous invocation is allowed (default), which combined with secret persistence means a compromised or misused agent could act against the platform or leak credentials—this is expected for a client but important to be aware of.
如何使用
  1. 确保已安装 OpenClaw(本地或 Docker 部署)
  2. 在对话框中输入安装命令:/install openserv-client
  3. 安装完成后,直接呼叫该 Skill 的名称或使用 /openserv-client 触发
  4. 根据 Skill 的参数说明提供必要输入,即可获得结构化输出
版本历史
v1.0.4
- Added a sample environment file: examples/env.example.txt - Users now have a template for required environment variables to aid in setup and configuration
v1.0.3
fixes
v1.0.2
fixes
v1.0.1
fixes
v1.0.0
openserv-client v1.0.0 initial release: - Introduces a complete TypeScript client for the OpenServ Platform API. - Provides simple, idempotent agent provisioning and execution via provision() and run(). - Documents support for agent instance credential binding (v1.1+), trigger/task/workflow management, and API key or wallet-based auth flows. - Includes type-safe triggers factory, state management utilities, and documented webhook/x402/cron/manual trigger flows. - Reference materials and full API documentation included for advanced use cases. - Lists required environment variables and cleanup procedures.
元数据
Slug openserv-client
版本 1.0.4
许可证
累计安装 4
当前安装数 4
历史版本数 5
常见问题

OpenServ Client 是什么?

Complete guide to using @openserv-labs/client for managing agents, workflows, triggers, and tasks on the OpenServ Platform. Covers provisioning, authenticati... 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件,目前累计下载 1145 次。

如何安装 OpenServ Client?

在 OpenClaw 或 Claude Code 对话框中运行命令「/install openserv-client」即可一键安装,无需额外配置。

OpenServ Client 是免费的吗?

是的,OpenServ Client 完全免费(开源免费),可自由下载、安装和使用。

OpenServ Client 支持哪些平台?

OpenServ Client 跨平台运行,可在任意部署了 OpenClaw / Claude Code 的环境中使用(cross-platform)。

谁开发了 OpenServ Client?

由 issa-me-sush(@issa-me-sush)开发并维护,当前版本 v1.0.4。

推荐 Skills
self-improving agent
Captures learnings, errors, and corrections to enable continuous improvement. Use when: (1) A command or operation fails unexpectedly, (2) User corrects Clau...
⬇ 463283 · by pskoett
Skill Vetter
Security-first skill vetting for AI agents. Use before installing any skill from ClawdHub, GitHub, or other sources. Checks for red flags, permission scope, and suspicious patterns.
⬇ 259410 · by spclaudehome
Polymarket
Query Polymarket prediction markets. Check odds, find trending markets, search events, track price movements.
⬇ 232503 · by joelchance
Self-Improving + Proactive Agent
Self-reflection + Self-criticism + Self-learning + Self-organizing memory. Agent evaluates its own work, catches mistakes, and improves permanently. Use when...
⬇ 200423 · by ivangdavila
Github
Interact with GitHub using the `gh` CLI. Use `gh issue`, `gh pr`, `gh run`, and `gh api` for issues, PRs, CI runs, and advanced queries.
⬇ 191115 · by steipete
ontology
Typed knowledge graph for structured agent memory and composable skills. Use when creating/querying entities (Person, Project, Task, Event, Document), linkin...
⬇ 190156 · by oswalpalash

💬 留言讨论