← 返回 Skills 市场
422
总下载
0
收藏
0
当前安装
7
版本数
在 OpenClaw 中安装
/install run402
功能描述
Provision Postgres databases, deploy static sites, generate images, and build full-stack webapps on Run402 using x402 micropayments. Use when the user asks t...
安全使用建议
Before installing or using this skill: (1) understand it instructs you to run `npm install -g run402` — inspect the npm package source (or use a sandboxed environment) before global install; (2) it will create and store a wallet at ~/.run402/wallet.json and project info at ~/.config/run402/projects.json — consider the privacy/security of storing keys on disk; (3) the manifest can include sensitive values (service_key, OPENAI_API_KEY). Never upload or store admin/service keys unless you trust the service and understand the privilege (service_key bypasses RLS); prefer using anon_key or scoped tokens; (4) the SKILL.md asks the agent to request or solicit on-chain payments from humans — be careful about social-engineering prompts and financial requests; (5) ask the skill author/maintainer for missing metadata (required binaries, exact npm package name and registry URL, where secrets are stored, and why env vars/credentials are not declared). If you proceed, use a disposable/test account, avoid putting production admin keys into manifests, and run the CLI in a contained environment.
功能分析
Type: OpenClaw Skill
Name: run402
Version: 3.0.1
The skill bundle facilitates the use of the 'Run402' platform, which involves high-risk activities such as managing a local crypto wallet (~/.run402/wallet.json), soliciting USDC funds from the user via provided social engineering scripts, and installing a global NPM package (run402). While these actions are aligned with the stated purpose of a micropayment-based hosting service, the combination of financial management, secret handling (e.g., OPENAI_API_KEY), and external CLI dependencies warrants a suspicious classification due to the potential for financial abuse or unauthorized system modifications.
能力评估
Purpose & Capability
The description (provision Postgres, deploy sites, use micropayments) aligns with the instructions, but the metadata claims no required binaries or env vars while the runtime instructions explicitly require npm (global install of run402), a local wallet file (~/.run402/wallet.json), and writes projects to ~/.config/run402/projects.json. The skill should have declared that it expects npm/Node and will create/modify those files — omission is an incoherence.
Instruction Scope
SKILL.md tells the agent to install a global npm package, create and persist a wallet file, request faucet funds, accept/record service keys and other secrets in a deployment manifest, and instruct humans to send crypto or use a billing URL. These instructions read/write user home/config files and explicitly ask for sensitive credentials and payments, which is outside the scope of a passive 'instruction-only' skill unless those side effects are declared and expected.
Install Mechanism
There is no install spec in the registry metadata, but SKILL.md instructs running `npm install -g run402`. That means installation will pull code from npm at runtime (not tracked by the registry). This is a moderate risk because the skill delegates installation to an external package manager without declaring that requirement.
Credentials
The skill metadata lists no required environment variables or credentials, yet the instructions reference storing and using sensitive keys: `service_key` (full admin), `anon_key`, `access_token`, and example `secrets` including `OPENAI_API_KEY`. The manifest pattern asks for plaintext secret values to be included. Requesting or storing admin-level keys without declaring them is disproportionate and risky.
Persistence & Privilege
The skill is not marked always:true and doesn't autonomously install itself, which is good. However, the runtime instructions explicitly persist a wallet file and project records in user home/config directories and instruct the agent to solicit funds from users. The skill therefore takes persistent local state and may prompt for payments — that elevated persistence/behavior should be communicated in metadata.
如何使用
- 确保已安装 OpenClaw(本地或 Docker 部署)
- 在对话框中输入安装命令:
/install run402 - 安装完成后,直接呼叫该 Skill 的名称或使用
/run402触发 - 根据 Skill 的参数说明提供必要输入,即可获得结构化输出
版本历史
v3.0.1
Update setup: renamed npm package to 'run402' (was 'run402-cli'). Install: npm install -g run402
v3.0.0
Rewrite: now uses run402-cli npm package (npm install -g run402-cli). No bundled scripts — fully clean ClawHub scan. All commands via the `run402` CLI.
v2.2.0
Refactor: credential reads isolated in config.mjs — eliminates static analysis false positives.
v2.1.0
Remove process.env reads — use hardcoded defaults for cleaner static analysis.
v2.0.0
Standalone OpenClaw skill for Run402 — no MCP server required. Calls the Run402 API directly via Node.js scripts.
v1.0.1
Update package name from @run402/mcp to run402-mcp
v1.0.0
Initial release: Postgres + REST + auth + storage + RLS + static site hosting + serverless functions, paid via x402 USDC on Base
元数据
常见问题
run402 是什么?
Provision Postgres databases, deploy static sites, generate images, and build full-stack webapps on Run402 using x402 micropayments. Use when the user asks t... 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件,目前累计下载 422 次。
如何安装 run402?
在 OpenClaw 或 Claude Code 对话框中运行命令「/install run402」即可一键安装,无需额外配置。
run402 是免费的吗?
是的,run402 完全免费,采用 MIT-0 许可证,可自由下载、安装和使用。
run402 支持哪些平台?
run402 跨平台运行,可在任意部署了 OpenClaw / Claude Code 的环境中使用(cross-platform)。
谁开发了 run402?
由 Tal Weiss(@majortal)开发并维护,当前版本 v3.0.1。
推荐 Skills