← 返回 Skills 市场
473
总下载
0
收藏
3
当前安装
14
版本数
在 OpenClaw 中安装
/install qfc
功能描述
QFC blockchain interaction — wallet, faucet, chain queries, staking, epoch & finality, AI inference
安全使用建议
This skill is largely coherent with its stated purpose (a full QFC wallet/chain + inference toolkit), but it has several items you should consider before installing or running:
- Protect private keys: demo scripts ask you to export OWNER_PRIVATE_KEY; do not set or expose your mainnet private keys unless you fully trust and have audited the code. Prefer testnet keys and isolated wallets.
- Keystore files: the skill saves encrypted keystores to ~/.openclaw/qfc-wallets/ (not declared in registry metadata). Verify the code that creates/reads these files and confirm the directory/permissions before use.
- Avoid the global CLI patch: CLAUDE.md suggests editing a globally installed ClawHub JS file to 'work around' publishing behavior — do not apply that patch unless you understand and trust it; modifying global packages is risky.
- Autonomous agent power: demos show issuing session keys and registering agents with Transfer permissions. If you enable autonomous invocation for this skill, limit permissions, use session keys with strict TTLs/daily caps, and test on testnet only.
- Review network endpoints: the skill targets https://rpc.testnet.qfc.network and https://explorer.testnet.qfc.network; confirm these endpoints are legitimate and available to you.
- Recommended steps before use: (1) review the keystore, agent-wallet, and demo scripts in src/ for any unexpected network endpoints or phone-home behavior; (2) run npm install and builds in a sandbox/container; (3) test only on testnet with throwaway wallets; (4) do not follow the global ClawHub patch unless you audit it.
If you want, I can: (a) list the exact files that create/modify the keystore and show the code paths that write to ~/.openclaw, (b) extract the lines that instruct patching the ClawHub file, or (c) search the repo for any hard-coded external endpoints or 'eval'/'child_process' usage to give you a more concrete risk map.
功能分析
Type: OpenClaw Skill
Name: qfc
Version: 3.4.0
The QFC OpenClaw Skill is a comprehensive blockchain interaction toolkit for the QFC network, providing features for wallet management, token/NFT deployment, and AI inference. It includes a robust security framework (src/security.ts) that enforces daily spending limits, transaction confirmations for large amounts, and address validation. While the skill handles sensitive operations like local encrypted wallet persistence (src/keystore.ts) and uses hardcoded bytecodes for contract deployments (src/token.ts, src/nft.ts), these actions are well-documented, aligned with the stated purpose, and include defensive instructions for the AI agent to prevent the exposure of private keys or unauthorized transactions.
能力评估
Purpose & Capability
The code and SKILL.md match the declared purpose (wallet, faucet, chain queries, staking, token/NFT, DEX, AI inference). Required binary (node) is appropriate. However the skill persists keystore files to ~/.openclaw/qfc-wallets/ and expects to read/write local keystore metadata, but the registry metadata did not declare any required config paths or storage access — a discrepancy the user should be aware of (the skill will create/read files in the user's home directory).
Instruction Scope
SKILL.md / CLAUDE.md and included docs instruct the user/agent to run setup scripts and even to patch a global ClawHub CLI file (edit $(npm root -g)/clawhub/.../publish.js) to work around an 'acceptLicenseTerms' issue. That instruction to modify a globally installed tool is unexpected for a chain interaction skill and expands the scope to system-wide modifications. Demo scripts also directly read OWNER_PRIVATE_KEY from environment and show registering session keys with transfer permissions — legitimate for an autonomous agent demo but high-risk if run against mainnet or without understanding permissioning.
Install Mechanism
There is no automated install spec (no arbitrary URL downloads). The project uses standard npm build flows (package.json deps: ethers, dev typescript) and a small setup.sh that runs npm install + tsc. No external, obscure URLs or archive extraction were found in the manifest. Building/running will pull npm packages (traceable) — still run in a controlled environment if you decide to build it.
Credentials
Registry metadata lists no required env vars, but multiple demo scripts and examples expect OWNER_PRIVATE_KEY (and optional Discord bot integration would need a token). The skill legitimately needs access to private keys or signer objects to send transactions, but the lack of explicit declared env vars/config requirements (and the presence of examples that require sensitive env vars) is a gap: users may be prompted to expose secrets after install. This is proportional to the wallet capability but should be explicitly declared.
Persistence & Privilege
The skill persists encrypted keystores to ~/.openclaw/qfc-wallets/ (keystore format, scrypt). Persistent disk storage is expected for a wallet skill, but the manifest did not declare config paths. The skill does not set always:true; however the included agent/session registration demos show workflows that create session keys with Transfer permissions (capable of spending funds). Combined with autonomous invocation, that capability increases blast radius if misconfigured — it's expected for 'autonomous agent' demos but requires careful operator controls.
如何使用
- 确保已安装 OpenClaw(本地或 Docker 部署)
- 在对话框中输入安装命令:
/install qfc - 安装完成后,直接呼叫该 Skill 的名称或使用
/qfc触发 - 根据 Skill 的参数说明提供必要输入,即可获得结构化输出
版本历史
v3.4.0
Add AgentWalletClient for session-key-aware inference, demo scenarios (trader, content generator, AI oracle)
v3.2.0
v3.2.0: QFCMinerMonitor for earnings notifications + !miner Discord command
v3.0.3
IPFS large result support (fetchIpfsResult + getResult), estimateFee fix (#12)
v3.0.2
Fix submitTask payload: model→modelId, input→inputData (base64), add taskType param (fixes #10)
v3.0.1
Marketplace V2: configurable platform fee (feeBps + feeRecipient), owner fee controls, fee query
v3.0.0
v3.0 DeFi infrastructure: WQFC wrapper, token launchpad, NFT marketplace, multicall batch reads, event subscriptions
v2.6.0
Token Swap / DEX — constant-product AMM with LP tokens, 0.3% fee, slippage protection, auto-approve
v2.5.0
Airdrop smart contract — deploy once, batch-transfer any ERC-20 in a single tx (saves gas vs sequential transfers)
v2.4.1
Add pre-compiled ERC-721 bytecode — NFT deploy() now works without external solc
v2.4.0
Batch transfers, NFT support, Discord bot
v2.3.0
Token portfolio and transfer history
v2.2.0
Token creation & explorer verification: one-click ERC-20 deployment, mint/burn support, auto source code verification on explorer
v2.1.0
AI inference, smart contracts, ERC-20 tokens, reference docs
v0.1.0
Initial release of the QFC OpenClaw skill for comprehensive QFC blockchain interactions:
- Create, import, and manage QFC wallets with secure keystore storage
- Testnet faucet integration for requesting test QFC tokens
- Detailed chain queries: balance, blocks, transactions, and receipts
- Staking, validator data, and contribution score queries
- Epoch and finality information access
- Built-in security rules for managing keys, networks, and transaction limits
- Configurable network and RPC setup for testnet/mainnet
元数据
常见问题
Qfc Openclaw Skill 是什么?
QFC blockchain interaction — wallet, faucet, chain queries, staking, epoch & finality, AI inference. 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件,目前累计下载 473 次。
如何安装 Qfc Openclaw Skill?
在 OpenClaw 或 Claude Code 对话框中运行命令「/install qfc」即可一键安装,无需额外配置。
Qfc Openclaw Skill 是免费的吗?
是的,Qfc Openclaw Skill 完全免费,采用 MIT-0 许可证,可自由下载、安装和使用。
Qfc Openclaw Skill 支持哪些平台?
Qfc Openclaw Skill 跨平台运行,可在任意部署了 OpenClaw / Claude Code 的环境中使用(cross-platform)。
谁开发了 Qfc Openclaw Skill?
由 Larry Lai(@lai3d)开发并维护,当前版本 v3.4.0。
推荐 Skills