← 返回 Skills 市场
achilles1089

Skill

作者 Achilles · GitHub ↗ · v1.0.2 · MIT-0
cross-platform ⚠ suspicious
98
总下载
0
收藏
0
当前安装
2
版本数
在 OpenClaw 中安装
/install pentagonal
功能描述
Use when the user asks to create, generate, build, audit, fix, compile, or look up smart contracts and tokens. Pentagonal Clawd is a sovereign smart contract...
安全使用建议
Before installing, verify the vendor and hosting (pentagonal.ai) and ask the publisher for a homepage or source repo. Note that many of the skill's advanced features only work if the platform exposes MCP tools — otherwise Mode B only does token lookups. Do NOT place private keys or broad API keys in an agent-wide environment; if you must use an API key, prefer a key with minimal privileges and store it outside the agent environment or use short-lived credentials. Ask the publisher to update the manifest to declare required env vars (PENTAGONAL_API_KEY etc.) and to explain what the agent will do if those values exist. Finally, always review generated contract source code and audit results yourself before running any deployment commands that use private keys or RPC endpoints.
功能分析
Type: OpenClaw Skill Name: pentagonal Version: 1.0.2 The skill provides smart contract auditing and generation via the Pentagonal.ai API. It instructs the AI agent in SKILL.md to use bash and curl to interact with the API (https://www.pentagonal.ai/api/fetch-contract) if MCP tools are unavailable. This introduces a potential shell injection vulnerability if user-provided contract addresses or chain IDs are not properly sanitized by the agent before command execution. While the behavior is aligned with the stated purpose and includes explicit warnings against handling private keys, the reliance on shell commands for network access is a high-risk capability that warrants a suspicious classification.
能力标签
cryptorequires-wallet
能力评估
Purpose & Capability
The name/description claim a full smart-contract forge (generate, audit, fix, compile, deploy) and the SKILL.md documents those flows. However, in the absence of the referenced MCP tools the direct (Mode B) API only supports token lookups; generation/audit/fix/compile require MCP tool availability or a Pentagonal account. The manifest declares no required credentials, which is inconsistent with features that require an API key or account.
Instruction Scope
The instructions tell the agent to call pentagonal.ai endpoints (curl) and include example commands that reference environment variables (e.g., $PENTAGONAL_API_KEY, $PRIVATE_KEY, etherscan API key). The skill manifest did not declare these env vars. The skill also provides deployment commands that use a private key (examples show $PRIVATE_KEY). The agent instructions therefore reference and could cause access to sensitive secrets that were not declared in the skill metadata.
Install Mechanism
This is an instruction-only skill with no install spec or code files, so nothing is written to disk or downloaded during install. That reduces installer risk.
Credentials
The SKILL.md references sensitive environment variables and API keys (PENTAGONAL_API_KEY, PRIVATE_KEY, etherscan API key) but the manifest lists no required env vars or primary credential. Requesting or referencing private keys and API keys without declaring them is disproportionate and may cause accidental exposure if the agent has access to environment secrets.
Persistence & Privilege
The skill is not always:true and has no install step that modifies agent configuration. Model invocation is allowed (default) which is expected for skills; there is no elevated persistence requested.
如何使用
  1. 确保已安装 OpenClaw(本地或 Docker 部署)
  2. 在对话框中输入安装命令:/install pentagonal
  3. 安装完成后,直接呼叫该 Skill 的名称或使用 /pentagonal 触发
  4. 根据 Skill 的参数说明提供必要输入,即可获得结构化输出
版本历史
v1.0.2
Chain auto-detection: pentagonal_lookup now auto-detects the blockchain from the contract address via DexScreener. No need to specify chain manually.
v1.0.0
Initial release: AI-powered smart contract auditing, generation, and compilation across 8 chains
元数据
Slug pentagonal
版本 1.0.2
许可证 MIT-0
累计安装 0
当前安装数 0
历史版本数 2
常见问题

Skill 是什么?

Use when the user asks to create, generate, build, audit, fix, compile, or look up smart contracts and tokens. Pentagonal Clawd is a sovereign smart contract... 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件,目前累计下载 98 次。

如何安装 Skill?

在 OpenClaw 或 Claude Code 对话框中运行命令「/install pentagonal」即可一键安装,无需额外配置。

Skill 是免费的吗?

是的,Skill 完全免费,采用 MIT-0 许可证,可自由下载、安装和使用。

Skill 支持哪些平台?

Skill 跨平台运行,可在任意部署了 OpenClaw / Claude Code 的环境中使用(cross-platform)。

谁开发了 Skill?

由 Achilles(@achilles1089)开发并维护,当前版本 v1.0.2。

推荐 Skills
self-improving agent
Captures learnings, errors, and corrections to enable continuous improvement. Use when: (1) A command or operation fails unexpectedly, (2) User corrects Clau...
⬇ 463283 · by pskoett
Skill Vetter
Security-first skill vetting for AI agents. Use before installing any skill from ClawdHub, GitHub, or other sources. Checks for red flags, permission scope, and suspicious patterns.
⬇ 259410 · by spclaudehome
Polymarket
Query Polymarket prediction markets. Check odds, find trending markets, search events, track price movements.
⬇ 232503 · by joelchance
Self-Improving + Proactive Agent
Self-reflection + Self-criticism + Self-learning + Self-organizing memory. Agent evaluates its own work, catches mistakes, and improves permanently. Use when...
⬇ 200423 · by ivangdavila
Github
Interact with GitHub using the `gh` CLI. Use `gh issue`, `gh pr`, `gh run`, and `gh api` for issues, PRs, CI runs, and advanced queries.
⬇ 191113 · by steipete
ontology
Typed knowledge graph for structured agent memory and composable skills. Use when creating/querying entities (Person, Project, Task, Event, Document), linkin...
⬇ 190156 · by oswalpalash

💬 留言讨论