← 返回 Skills 市场
🔌

Pinata ERC-8004

作者 Pinata · GitHub ↗ · v1.0.7 · MIT-0
cross-platform ⚠ suspicious
708
总下载
2
收藏
0
当前安装
8
版本数
在 OpenClaw 中安装
/install pinata-erc-8004
功能描述
Register and verify ERC-8004 AI agents on-chain using Pinata IPFS and Viem for blockchain transactions
安全使用建议
This skill is coherent with its purpose but handles very sensitive credentials. Before installing: 1) Use a dedicated wallet containing only minimal ETH for gas (not your primary wallet); 2) Use a Pinata API key scoped to the smallest necessary permissions or a dedicated Pinata account; 3) Never paste your private key into chat — supply it only via environment variables to the agent runtime; 4) Require and read the confirmation prompts before approving any transaction or deletion; 5) Prefer testing on testnets first; 6) Audit any generated Node.js script before executing it locally. If you cannot follow these precautions, do not install or use the skill.
功能分析
Type: OpenClaw Skill Name: pinata-erc-8004 Version: 1.0.7 The skill facilitates on-chain registration of AI agents using the ERC-8004 standard, requiring high-risk credentials including a 'PRIVATE_KEY' and 'PINATA_JWT' (SKILL.md). While the instructions include extensive security guardrails—such as mandatory confirmation protocols, strict domain allowlisting (api.pinata.cloud, base.org), and hardcoded contract addresses—the inherent capability to sign blockchain transactions and manage sensitive secrets constitutes a high-risk profile. The reliance on the AI agent's instruction-following to prevent credential leakage and unauthorized asset transfers is an architectural risk that warrants a suspicious classification despite the lack of clear malicious intent.
能力标签
cryptorequires-walletcan-make-purchasescan-sign-transactionsrequires-sensitive-credentials
能力评估
Purpose & Capability
Name/description match required resources: Pinata API token (PINATA_JWT) for IPFS uploads and an Ethereum private key (PRIVATE_KEY) for signing transactions; node is required to run generated scripts. These are expected for on‑chain registration and IPFS storage.
Instruction Scope
SKILL.md contains extensive runtime instructions, mandatory user confirmation templates, and explicit credential-handling rules that keep behavior scoped to Pinata and Viem. This is appropriate, but the skill relies on the agent and the user to enforce the rules (e.g., not leaking the private key and always requiring explicit confirmations).
Install Mechanism
Instruction-only skill with no install spec and no downloaded code — lowest installation risk. Agent will generate/run Node.js scripts at runtime rather than installing packages from arbitrary URLs.
Credentials
Requires three environment values (PINATA_JWT, PINATA_GATEWAY_URL, PRIVATE_KEY). These are justified for the stated purpose but are high-risk (especially PRIVATE_KEY). The SKILL.md explicitly warns about this and prescribes using a dedicated low-value wallet and restricted Pinata API keys.
Persistence & Privilege
always is false and there are no requested config paths. The skill can be invoked autonomously (platform default), which is expected; no indication it requests permanent elevated presence or modifies other skills.
如何使用
  1. 确保已安装 OpenClaw(本地或 Docker 部署)
  2. 在对话框中输入安装命令:/install pinata-erc-8004
  3. 安装完成后,直接呼叫该 Skill 的名称或使用 /pinata-erc-8004 触发
  4. 根据 Skill 的参数说明提供必要输入,即可获得结构化输出
版本历史
v1.0.7
No changes detected in this version. Transferring ownership to the Pinata org. - Version 1.0.7 released with no file modifications. - No updates to functionality, documentation, or metadata.
v1.0.6
**Summary: Enhanced security posture with strict credential and external data handling restrictions.** - Added explicit rules prohibiting output or leakage of PRIVATE_KEY and PINATA_JWT in all forms of agent output. - Introduced a new "THREAT MODEL" section, outlining untrusted data sources and stricter denial by default for write operations. - Clarified boundaries for usage of addresses and data from untrusted external sources (IPFS/API responses). - Added "Credential Handling Rules (Absolute)" including Node.js environment variable requirements in code generation. - Updated forbidden operations section to prohibit use of addresses/contracts from IPFS or API responses unless validated against a hardcoded allowlist. - Emphasized that credentials must only be referenced as environment variables in code and must never appear in chat, file, HTTP request, log, or code outputs.
v1.0.5
Correct namespace for ENV variables
v1.0.4
## pinata-erc-8004 v1.0.4 Changelog - Major documentation overhaul: Critical security warnings and safe usage guidelines are now more clearly explained with explicit confirmation templates and forbidden-operation checklists. - Strengthened prompt injection protections and added detailed AI agent response protocols for suspicious or high-risk requests. - Added security checklist and operational limit recommendations for file management and blockchain transactions. - Enhanced clarity for users about required credentials, risks, and safe/unsafe operations. - No code changes; documentation and security best practices only.
v1.0.3
Version 1.0.3 - No file changes detected in this release. - Documentation, metadata, and instructions remain unchanged.
v1.0.2
- Added a link to the GitHub repository in the usage instructions section. - No other user-facing or functional changes.
v1.0.1
## pinata-erc-8004 v1.0.1 Changelog - Added critical security warnings and best practice guidance to the documentation. - Clarified that explicit user confirmation is required for any blockchain transaction, NFT transfer, or file deletion/upload operations. - Explained the risks and mitigations for environment variables, especially `PRIVATE_KEY` and `PINATA_JWT`. - Listed safe read-only operations that do not need user confirmation. - Provided prompt injection warnings and guidance for suspicious or unexpected requests.
v1.0.0
Initial public release of pinata-erc-8004: - Enables on-chain registration and verification of ERC-8004 AI agents using Pinata IPFS storage and Viem for blockchain interactions. - Provides a step-by-step guide for agent card creation, uploading to IPFS, NFT minting, metadata updates, and URI management. - Documents required environment variables for secure operation. - Includes detailed API instructions for interacting with Pinata and ERC-8004 smart contracts. - Lists agent JSON card structure and registration workflow for easy onboarding.
元数据
Slug pinata-erc-8004
版本 1.0.7
许可证 MIT-0
累计安装 0
当前安装数 0
历史版本数 8
常见问题

Pinata ERC-8004 是什么?

Register and verify ERC-8004 AI agents on-chain using Pinata IPFS and Viem for blockchain transactions. 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件,目前累计下载 708 次。

如何安装 Pinata ERC-8004?

在 OpenClaw 或 Claude Code 对话框中运行命令「/install pinata-erc-8004」即可一键安装,无需额外配置。

Pinata ERC-8004 是免费的吗?

是的,Pinata ERC-8004 完全免费,采用 MIT-0 许可证,可自由下载、安装和使用。

Pinata ERC-8004 支持哪些平台?

Pinata ERC-8004 跨平台运行,可在任意部署了 OpenClaw / Claude Code 的环境中使用(cross-platform)。

谁开发了 Pinata ERC-8004?

由 Pinata(@pinata)开发并维护,当前版本 v1.0.7。

推荐 Skills
self-improving agent
Captures learnings, errors, and corrections to enable continuous improvement. Use when: (1) A command or operation fails unexpectedly, (2) User corrects Clau...
⬇ 463815 · by pskoett
Skill Vetter
Security-first skill vetting for AI agents. Use before installing any skill from ClawdHub, GitHub, or other sources. Checks for red flags, permission scope, and suspicious patterns.
⬇ 259802 · by spclaudehome
Polymarket
Query Polymarket prediction markets. Check odds, find trending markets, search events, track price movements.
⬇ 232503 · by joelchance
Self-Improving + Proactive Agent
Self-reflection + Self-criticism + Self-learning + Self-organizing memory. Agent evaluates its own work, catches mistakes, and improves permanently. Use when...
⬇ 200680 · by ivangdavila
Github
Interact with GitHub using the `gh` CLI. Use `gh issue`, `gh pr`, `gh run`, and `gh api` for issues, PRs, CI runs, and advanced queries.
⬇ 191345 · by steipete
ontology
Typed knowledge graph for structured agent memory and composable skills. Use when creating/querying entities (Person, Project, Task, Event, Document), linkin...
⬇ 190333 · by oswalpalash

💬 留言讨论