← 返回 Skills 市场
privy-integration
作者
Misha Kolesnik
· GitHub ↗
· v0.2.0
· MIT-0
115
总下载
0
收藏
0
当前安装
2
版本数
在 OpenClaw 中安装
/install privy-integration
功能描述
Integrates Privy authentication, embedded wallets, and agent payment protocols into web and agentic apps. Covers React SDK (PrivyProvider, hooks, wagmi), Nod...
安全使用建议
This skill's content appears to be a detailed integration guide for Privy and legitimately needs high-privilege secrets (appId/appSecret, webhook signing secret) and operations like creating/exporting wallets and signing transactions. However, the skill metadata incorrectly lists no required credentials — that's a red flag because it can lull you into underestimating the risk. Before installing or enabling this skill:
- Verify the source and publisher (there is no homepage and source is unknown). Prefer official Privy documentation or packages (npm orgs, GitHub repo) you can audit.
- Do NOT place production App Secrets or private keys in the agent config or environment until you understand who/what will access them; test with a throwaway Privy app and testnet funds only.
- The skill guides you through exporting private keys and storing secrets in ~/.openclaw/openclaw.json — treat that as highly sensitive: store only in secure vaults and give the least privilege necessary.
- If you plan to enable agentic/autonomous wallets, add restrictive policies, require human approval for high-value ops, and monitor webhooks closely.
- Ask the publisher to update the registry metadata to list required env vars (PRIVY_APP_ID, PRIVY_APP_SECRET, PRIVY_WEBHOOK_SIGNING_SECRET, MPP_RECIPIENT, etc.) and to provide an authoritative source URL or signed release so you can verify provenance.
If you cannot confirm the skill's origin or are unable to test safely in an isolated environment, avoid granting it access to real credentials or production funds.
功能分析
Type: OpenClaw Skill
Name: privy-integration
Version: 0.2.0
The privy-integration skill bundle is a comprehensive documentation and instruction set for integrating Privy's authentication, wallet, and payment infrastructure into web and agentic applications. It provides legitimate code snippets for React and Node.js SDKs, covers advanced topics like agentic wallets with policy-based controls, and details machine-to-machine payment protocols (x402 and MPP). The content is purely instructional, aligns perfectly with its stated purpose, and references official domains such as docs.privy.io and x402.org without any evidence of malicious intent, data exfiltration, or harmful prompt injection.
能力评估
Purpose & Capability
The name/description claim to integrate Privy auth/wallets/payments — the SKILL.md and reference docs indeed describe server SDK usage, wallet creation/export, token verification, and agentic/autonomous wallets. Those capabilities legitimately require privileged secrets (appId/appSecret, webhook signing secret, MPP recipient, etc.), yet the skill's registry metadata declares no required env vars or credentials. That mismatch (no declared credentials vs. instructions that obviously need them) is incoherent.
Instruction Scope
The runtime instructions (SKILL.md + references) instruct the agent/developer to: create and manage server-side wallets, export private keys, configure webhook signing secrets, store PRIVY_APP_ID/PRIVY_APP_SECRET in agent config (~/.openclaw/openclaw.json), and install/clone third-party repos (clawhub install, git clone). These steps access and may persist sensitive secrets and private keys and also give guidance for autonomous agent wallets. The instructions go beyond purely UI integration and include high-privilege server and key-management operations.
Install Mechanism
This is an instruction-only skill with no install spec or code files to execute. That reduces direct supply-chain risk (the skill itself won't drop binaries). However, the included references encourage running external commands (clawhub, git clone) and npm installs; those are external actions initiated by the user, not performed by this skill automatically.
Credentials
Although registry metadata lists no required env vars or primary credential, the documentation repeatedly references environment variables (NEXT_PUBLIC_PRIVY_APP_ID, PRIVY_APP_ID, PRIVY_APP_SECRET, PRIVY_WEBHOOK_SIGNING_SECRET, MPP_RECIPIENT, etc.). Requiring an app secret and the ability to export private_key (references/server-sdk.md) is expected for server-side Privy usage, but the omission in metadata is misleading and increases risk: users may install without realizing the skill expects high-privilege secrets. Multiple sensitive variables are used but not declared.
Persistence & Privilege
always:false (normal). The docs instruct storing Privy credentials in the user's OpenClaw config (~/.openclaw/openclaw.json) for agent access; that is a persistent credential placement that grants any agent with access to that config the ability to call Privy APIs and operate wallets. This is not intrinsically malicious but raises the blast radius and requires explicit, cautious user consent and least-privilege practices.
如何使用
- 确保已安装 OpenClaw(本地或 Docker 部署)
- 在对话框中输入安装命令:
/install privy-integration - 安装完成后,直接呼叫该 Skill 的名称或使用
/privy-integration触发 - 根据 Skill 的参数说明提供必要输入,即可获得结构化输出
版本历史
v0.2.0
Initial publish
v0.1.0
Initial publish of privy-integration
元数据
常见问题
privy-integration 是什么?
Integrates Privy authentication, embedded wallets, and agent payment protocols into web and agentic apps. Covers React SDK (PrivyProvider, hooks, wagmi), Nod... 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件,目前累计下载 115 次。
如何安装 privy-integration?
在 OpenClaw 或 Claude Code 对话框中运行命令「/install privy-integration」即可一键安装,无需额外配置。
privy-integration 是免费的吗?
是的,privy-integration 完全免费,采用 MIT-0 许可证,可自由下载、安装和使用。
privy-integration 支持哪些平台?
privy-integration 跨平台运行,可在任意部署了 OpenClaw / Claude Code 的环境中使用(cross-platform)。
谁开发了 privy-integration?
由 Misha Kolesnik(@tenequm)开发并维护,当前版本 v0.2.0。
推荐 Skills