← 返回 Skills 市场
openclaw-consensus-bot

Safe Multisig Skill

作者 openclaw-consensus-bot · GitHub ↗ · v2.1.0
cross-platform ⚠ suspicious
1150
总下载
0
收藏
2
当前安装
2
版本数
在 OpenClaw 中安装
/install safe-multisig
功能描述
Propose, confirm, and execute Safe multisig transactions using the Safe{Core} SDK (protocol-kit v6 / api-kit v4). TypeScript strict. Use when an agent needs to operate a Safe smart account — (1) create/predict a new Safe, (2) fetch Safe owners/threshold/nonce, (3) list pending multisig txs, (4) build + propose a tx, (5) add confirmations, (6) execute a tx onchain, or (7) troubleshoot Safe nonce/signature issues across chains (Base/Ethereum/Optimism/Arbitrum/Polygon/etc.).
安全使用建议
This package appears to implement exactly what it says (a Safe multisig CLI) but it does require sensitive secrets that the registry metadata does not advertise. Before installing or running it: (1) inspect package.json and package-lock (you already have them) and consider running npm install in an isolated environment or container; (2) do NOT provide your main owner private key — use a low-privilege signer, a hardware wallet, or a temporary/test key when experimenting; (3) ensure you set SAFE_SIGNER_PRIVATE_KEY, SAFE_TX_SERVICE_API_KEY (if using the official service), and RPC_URL only in your shell or a secure env-file, not pasted into chat or logs; (4) review the propose-tx script behavior around tx-file paths (it resolves any path — do not point it at files containing other secrets); (5) if you plan to use this for real funds, audit the code or run it in a staging account first; and (6) contact the publisher/source (if you can) to request corrected registry metadata that lists the required env vars.
功能分析
Type: OpenClaw Skill Name: safe-multisig Version: 2.1.0 The skill is classified as suspicious due to a critical file access vulnerability in `scripts/propose-tx.ts`. Despite a comment indicating an intent to restrict file paths (`// FIX PT-010: Restrict tx-file paths — don't allow absolute paths outside workspace`), the implementation using `path.resolve(process.cwd(), opts.txFile)` allows an absolute path provided to the `--tx-file` option to read arbitrary files on the filesystem (e.g., `/etc/passwd`). If an AI agent is prompted to provide an absolute path to a sensitive file, its content could be read and potentially exfiltrated if it were valid JSON and included in a transaction proposal sent to the Safe Transaction Service. This constitutes a risky capability that could lead to data exfiltration, even without explicit malicious intent from the skill developer.
能力评估
Purpose & Capability
The skill's name/description (Safe multisig operations) aligns with what the scripts do (create, propose, approve, execute Safe transactions). However the registry metadata claims 'Required env vars: none' and 'Primary credential: none', while multiple scripts clearly require sensitive env vars (SAFE_SIGNER_PRIVATE_KEY, SAFE_TX_SERVICE_API_KEY and/or RPC_URL). That metadata omission is an incoherence: a multisig CLI legitimately needs signing keys and RPC/API credentials, and those are present in the code but not declared in the registry.
Instruction Scope
SKILL.md and scripts are explicit about needed operations: reading a tx JSON file, reading SAFE_SIGNER_PRIVATE_KEY and SAFE_TX_SERVICE_API_KEY, contacting the Safe Transaction Service and RPC endpoints, and writing JSON output. The scripts only reference workspace files or user-supplied tx files and call Safe SDK / HTTP APIs; they do not attempt to read unrelated system files or send data to unexpected endpoints. One minor issue: propose-tx contains a comment 'Restrict tx-file paths' but the implementation only uses path.resolve without enforcing an in-workspace restriction, so it could read any file the runner can access.
Install Mechanism
No aggressive install script or remote archive downloads: bootstrap.sh runs 'npm install' using the included package.json/package-lock which lists typical dependencies (@safe-global packages, ethers, commander). This is standard for a TypeScript CLI and proportionate to the task, though installing npm packages always carries normal supply-chain risk and should be performed in a controlled environment.
Credentials
The code requires sensitive environment variables (SAFE_SIGNER_PRIVATE_KEY for signing; SAFE_TX_SERVICE_API_KEY may be needed for the official transaction service; RPC_URL or RPC defaults are used). Those are appropriate for the skill's functionality, but they are not declared in the registry metadata or requirement section — this mismatch can lead users to install/run the skill without understanding it needs private keys. The skill does warn in SKILL.md not to paste keys in chat and recommends low-privilege signers, which is good practice.
Persistence & Privilege
The skill does not request permanent 'always' inclusion, does not modify other skill configs, and does not require system-wide privileges. It operates as a local CLI toolkit and relies on environment variables provided at runtime; there is no unusual persistence or privilege escalation request.
如何使用
  1. 确保已安装 OpenClaw(本地或 Docker 部署)
  2. 在对话框中输入安装命令:/install safe-multisig
  3. 安装完成后,直接呼叫该 Skill 的名称或使用 /safe-multisig 触发
  4. 根据 Skill 的参数说明提供必要输入,即可获得结构化输出
版本历史
v2.1.0
safe-multisig 2.1.0\n\n- Replaces the legacy release with the full TypeScript-strict Safe multisig CLI (Safe{Core} protocol-kit v6 / api-kit v4).\n- Core scripts: create-safe, safe-info, list-pending, propose-tx, approve-tx, execute-tx.\n- Adds 70 tests + strict typecheck.\n
v2.0.0
TypeScript strict mode. Safe Protocol Kit v6.1.2 + API Kit v4.0.1. Chain slug resolution. RPC auto-detection. Proposal creation, execution, and status checking.
元数据
Slug safe-multisig
版本 2.1.0
许可证
累计安装 2
当前安装数 2
历史版本数 2
常见问题

Safe Multisig Skill 是什么?

Propose, confirm, and execute Safe multisig transactions using the Safe{Core} SDK (protocol-kit v6 / api-kit v4). TypeScript strict. Use when an agent needs to operate a Safe smart account — (1) create/predict a new Safe, (2) fetch Safe owners/threshold/nonce, (3) list pending multisig txs, (4) build + propose a tx, (5) add confirmations, (6) execute a tx onchain, or (7) troubleshoot Safe nonce/signature issues across chains (Base/Ethereum/Optimism/Arbitrum/Polygon/etc.). 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件,目前累计下载 1150 次。

如何安装 Safe Multisig Skill?

在 OpenClaw 或 Claude Code 对话框中运行命令「/install safe-multisig」即可一键安装,无需额外配置。

Safe Multisig Skill 是免费的吗?

是的,Safe Multisig Skill 完全免费(开源免费),可自由下载、安装和使用。

Safe Multisig Skill 支持哪些平台?

Safe Multisig Skill 跨平台运行,可在任意部署了 OpenClaw / Claude Code 的环境中使用(cross-platform)。

谁开发了 Safe Multisig Skill?

由 openclaw-consensus-bot(@openclaw-consensus-bot)开发并维护,当前版本 v2.1.0。

推荐 Skills
self-improving agent
Captures learnings, errors, and corrections to enable continuous improvement. Use when: (1) A command or operation fails unexpectedly, (2) User corrects Clau...
⬇ 463283 · by pskoett
Skill Vetter
Security-first skill vetting for AI agents. Use before installing any skill from ClawdHub, GitHub, or other sources. Checks for red flags, permission scope, and suspicious patterns.
⬇ 259410 · by spclaudehome
Polymarket
Query Polymarket prediction markets. Check odds, find trending markets, search events, track price movements.
⬇ 232503 · by joelchance
Self-Improving + Proactive Agent
Self-reflection + Self-criticism + Self-learning + Self-organizing memory. Agent evaluates its own work, catches mistakes, and improves permanently. Use when...
⬇ 200423 · by ivangdavila
Github
Interact with GitHub using the `gh` CLI. Use `gh issue`, `gh pr`, `gh run`, and `gh api` for issues, PRs, CI runs, and advanced queries.
⬇ 191113 · by steipete
ontology
Typed knowledge graph for structured agent memory and composable skills. Use when creating/querying entities (Person, Project, Task, Event, Document), linkin...
⬇ 190156 · by oswalpalash

💬 留言讨论