← 返回 Skills 市场
🔌

psilo

作者 Pakt · GitHub ↗ · v1.0.1 · MIT-0
cross-platform ⚠ suspicious
75
总下载
0
收藏
0
当前安装
2
版本数
在 OpenClaw 中安装
/install psilo
功能描述
Use this skill when an agent needs to: (1) create on-chain escrow contracts via EscrowFactory, (2) release escrowed funds via arbiter-signed transactions, an...
安全使用建议
This skill appears to be a genuine escrow integration, but its registry metadata omits important operational requirements. Before installing or enabling it: 1) Ask the publisher for authoritative package repositories (npm/GitHub) for @pakt/psilo and any referenced packages and verify their code and maintainers. 2) Require the skill metadata to declare required env vars (ESCROW_API_URL, expected Authorization token, and any X-Release-Secret) and list any files or paths it will read/write (e.g., ~/.evalanche/keys/agent.json). 3) Use a disposable/testnet wallet with minimal funds when first enabling; never use your main wallet or long-term private keys. 4) Enforce an explicit confirmation step for any create/release action and restrict allowable chain IDs and token contracts. 5) If you cannot verify the package sources or the publisher identity, treat the skill as untrusted — do not provide private keys, mnemonics, or permanent bearer tokens. 6) Consider asking the registry to update metadata (add required env vars and a homepage/repository) before allowing autonomous use.
功能分析
Type: OpenClaw Skill Name: psilo Version: 1.0.1 The psilo skill is a well-documented interface for managing on-chain escrow contracts via the @pakt/psilo SDK and the Pakt Escrow API (escrowapi.psiloai.com). The skill.md file provides clear instructions for authentication (SIWA/Evalanche), escrow creation, and fund release, and it includes an explicit security checklist that forbids data exfiltration and unauthorized execution. No malicious patterns, obfuscation, or suspicious network destinations were identified.
能力标签
cryptorequires-walletcan-make-purchasescan-sign-transactionsrequires-sensitive-credentials
能力评估
Purpose & Capability
The skill's stated purpose (create and release on-chain escrows via the @pakt/psilo SDK) is coherent with the instructions. However, the registry metadata declares no required environment variables, no primary credential, and no install spec, while the SKILL.md explicitly expects ESCROW_API_URL, Authorization: Bearer tokens, an optional X-Release-Secret, and the use of npm packages (@pakt/psilo and optionally evalanche/siwa). The absence of those declared requirements in metadata is an inconsistency.
Instruction Scope
The instructions direct agents to interact with on-chain registries, register agent wallets, sign SIWA messages, install/use Evalanche (which creates local key files such as ~/.evalanche/keys/agent.json), obtain JWT bearer tokens, and call protected endpoints. Those actions necessarily involve private key material and sensitive tokens. Although the doc states 'must not exfiltrate secrets', the instructions give the agent the capability to read and use local wallet files and bearer tokens — a high-sensitivity operation that isn't tightly constrained by the metadata or enforced safeguards in the skill bundle.
Install Mechanism
There is no install specification in the registry (instruction-only), which is lower risk from a supply perspective. However, SKILL.md contains explicit npm install directions (e.g., 'npm install evalanche' and implies installing @pakt/psilo). That runtime package installation is an operational detail not represented in the registry metadata and increases risk if packages or versions are unvetted. The absence of package source links/repositories or published homepages is a missing transparency signal.
Credentials
The operational instructions require access to sensitive credentials (wallet private keys, JWT access tokens, optional X-Release-Secret) and reading/writing local key files. Yet the skill metadata declares no required environment variables or primary credential. This mismatch means an integrator may not be warned that sensitive secrets will be needed or used. Requesting wallet access and bearer tokens is reasonable for an escrow skill, but it must be explicitly declared and the trust boundary must be clear — that is missing here.
Persistence & Privilege
always:false (good) and autonomous invocation is allowed by default. Because the skill deals with funds and local private key material, autonomous invocation combined with the instruction-level capability to sign transactions and read local wallet files increases risk if safeguards are not enforced by the integrator. The SKILL.md recommends user confirmations and policy checks, but those are guidance rather than enforced constraints in the package metadata.
如何使用
  1. 确保已安装 OpenClaw(本地或 Docker 部署)
  2. 在对话框中输入安装命令:/install psilo
  3. 安装完成后,直接呼叫该 Skill 的名称或使用 /psilo 触发
  4. 根据 Skill 的参数说明提供必要输入,即可获得结构化输出
版本历史
v1.0.1
- Updated the skill name to "psilo" (was "pakt-escrow-api"). - Added a new "Security and Transparency Checklist" clarifying capability scope, prohibited behaviors, credential handling, data storage, and network use. - Emphasized safeguards for autonomous agent use, including user confirmations and allowlisting. - All escrow API capabilities and authentication instructions are unchanged.
v1.0.0
- Initial release of the Pakt Escrow API skill, providing on-chain escrow management for agents. - Supports creating, managing, and releasing escrow contracts on supported EVM chains using the @pakt/psilo SDK. - Two authentication/wallet options: SIWA (for agent-only endpoints and onchain receipts) or Evalanche (for simple, multi-EVM wallets). - Clear instructions and code examples for registering/authenticating agents, initializing the SDK, and performing escrow operations. - Details all available escrow operations: get supported chains/assets, create escrow, query status, prepare buyer/seller updates, and arbiter-controlled release.
元数据
Slug psilo
版本 1.0.1
许可证 MIT-0
累计安装 0
当前安装数 0
历史版本数 2
常见问题

psilo 是什么?

Use this skill when an agent needs to: (1) create on-chain escrow contracts via EscrowFactory, (2) release escrowed funds via arbiter-signed transactions, an... 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件,目前累计下载 75 次。

如何安装 psilo?

在 OpenClaw 或 Claude Code 对话框中运行命令「/install psilo」即可一键安装,无需额外配置。

psilo 是免费的吗?

是的,psilo 完全免费,采用 MIT-0 许可证,可自由下载、安装和使用。

psilo 支持哪些平台?

psilo 跨平台运行,可在任意部署了 OpenClaw / Claude Code 的环境中使用(cross-platform)。

谁开发了 psilo?

由 Pakt(@pakt)开发并维护,当前版本 v1.0.1。

推荐 Skills
self-improving agent
Captures learnings, errors, and corrections to enable continuous improvement. Use when: (1) A command or operation fails unexpectedly, (2) User corrects Clau...
⬇ 463283 · by pskoett
Skill Vetter
Security-first skill vetting for AI agents. Use before installing any skill from ClawdHub, GitHub, or other sources. Checks for red flags, permission scope, and suspicious patterns.
⬇ 259410 · by spclaudehome
Polymarket
Query Polymarket prediction markets. Check odds, find trending markets, search events, track price movements.
⬇ 232503 · by joelchance
Self-Improving + Proactive Agent
Self-reflection + Self-criticism + Self-learning + Self-organizing memory. Agent evaluates its own work, catches mistakes, and improves permanently. Use when...
⬇ 200423 · by ivangdavila
Github
Interact with GitHub using the `gh` CLI. Use `gh issue`, `gh pr`, `gh run`, and `gh api` for issues, PRs, CI runs, and advanced queries.
⬇ 191113 · by steipete
ontology
Typed knowledge graph for structured agent memory and composable skills. Use when creating/querying entities (Person, Project, Task, Event, Document), linkin...
⬇ 190156 · by oswalpalash

💬 留言讨论