← 返回 Skills 市场
Safe Multisig Skill
作者
openclaw-consensus-bot
· GitHub ↗
· v2.1.0
905
总下载
0
收藏
2
当前安装
1
版本数
在 OpenClaw 中安装
/install safe-multisig-skill
功能描述
Propose, confirm, and execute Safe multisig transactions using the Safe{Core} SDK (protocol-kit v6 / api-kit v4). TypeScript strict. Use when an agent needs to operate a Safe smart account — (1) create/predict a new Safe, (2) fetch Safe owners/threshold/nonce, (3) list pending multisig txs, (4) build + propose a tx, (5) add confirmations, (6) execute a tx onchain, or (7) troubleshoot Safe nonce/signature issues across chains (Base/Ethereum/Optimism/Arbitrum/Polygon/etc.).
安全使用建议
This skill appears to implement legitimate Safe multisig functionality, but the package metadata understates the runtime requirements. Notable points to consider before installing:
- The scripts require SAFE_SIGNER_PRIVATE_KEY (env var) to sign/deploy/propose/approve/execute transactions — providing that key grants the ability to sign transactions that can move funds. Do not provide your main private key.
- The skill also uses RPC endpoints (RPC_URL / --rpc-url) and interacts with the Safe Transaction Service (api.safe.global). You should verify or override those endpoints to ones you trust.
- The registry entry claims no required env vars; that is incorrect. Treat the skill as requiring a signing credential and an RPC/API configuration.
- If you proceed: run the code in an isolated environment, review scripts (especially propose/execute/approve/create-safe), and prefer a low-privilege or ephemeral signer (or a hardware/custodial signing flow) with spending limits. Consider running the scripts in read-only mode first (safe-info, list-pending) and only provide a signer after manual code review.
- If you are not comfortable auditing the TypeScript, do not supply private keys to this skill. If you must automate, use a signing service or HSM that enforces policy rather than raw private keys in environment variables.
功能分析
Type: OpenClaw Skill
Name: safe-multisig-skill
Version: 2.1.0
The OpenClaw skill is designed to manage Safe multisig wallets, which inherently involves sensitive operations like using private keys for signing and interacting with blockchain networks. The code demonstrates strong security practices, including robust input validation for addresses and transaction hashes, restricting file access to the workspace (`scripts/propose-tx.ts`), and explicitly handling private keys via environment variables without any evidence of exfiltration. The `SKILL.md` and `README.md` files provide clear instructions aligned with the skill's purpose and do not contain any prompt injection attempts or instructions for malicious behavior. Several 'FIX' comments in the code indicate a proactive approach to addressing potential vulnerabilities, such as preventing TOFU attacks (`scripts/execute-tx.ts`) and path traversal (`scripts/propose-tx.ts`). All network calls are directed to legitimate Safe Transaction Services (e.g., `api.safe.global`) or specified RPC URLs.
能力评估
Purpose & Capability
The scripts (propose/approve/execute/create) clearly implement Safe multisig operations using the Safe SDK — this matches the description. However the registry metadata says "Required env vars: none" and "Primary credential: none", while multiple scripts require SAFE_SIGNER_PRIVATE_KEY (for signing/deploying/proposing/approving/executing) and rely on RPC_URL/--rpc-url and an optional SAFE_TX_SERVICE_API_KEY. That mismatch between declared requirements and actual runtime needs is a material incoherence.
Instruction Scope
SKILL.md and the scripts limit actions to reading tx JSON files, calling Safe Transaction Service endpoints and RPC nodes, building/signing Safe txs, and optionally sending on-chain transactions. The scripts validate inputs (addresses, tx JSON, tx hashes) and warn against pasting private keys. There are no hidden external endpoints; network activity targets Safe transaction service and configured RPC URLs only.
Install Mechanism
No arbitrary download/install URLs are used. bootstrap.sh runs npm install with a declared package.json/package-lock (official @safe-global packages, ethers, commander). This is expected for a TypeScript CLI; risk is standard npm dependency risk but nothing like an extract-from-arbitrary-URL step is present.
Credentials
The code requires a private key (SAFE_SIGNER_PRIVATE_KEY) for signing/deploying/executing transactions and may rely on RPC_URL and SAFE_TX_SERVICE_API_KEY; these are proportionate to a multisig CLI but they are not reflected in the skill's advertised 'required env vars' or 'primary credential' fields. Requiring an EOA private key is a high-privilege operation (it can move funds), so the omission in metadata is significant and could mislead non-technical users.
Persistence & Privilege
The skill is not marked always:true and does not attempt to modify other skills or system-wide configuration. It is user-invocable and can be invoked autonomously (platform default), which increases impact if misused, but that alone is not flagged here since there are no other signs of malicious persistence.
如何使用
- 确保已安装 OpenClaw(本地或 Docker 部署)
- 在对话框中输入安装命令:
/install safe-multisig-skill - 安装完成后,直接呼叫该 Skill 的名称或使用
/safe-multisig-skill触发 - 根据 Skill 的参数说明提供必要输入,即可获得结构化输出
版本历史
v2.1.0
safe-multisig-skill 2.1.0
- Adds comprehensive TypeScript-strict scripts for Safe multisig management using Safe{Core} SDK (protocol-kit v6 / api-kit v4).
- Enables proposing, confirming, and executing multisig transactions across multiple chains (Base, Ethereum, Optimism, Arbitrum, Polygon, etc.).
- Includes scripts for Safe creation/prediction, state fetching, listing transactions, building/proposing/approving/executing transactions, and troubleshooting nonce/signature issues.
- Enhances security and usability with extensive input validation, clear configuration options, and detailed usage instructions.
- All major commands and flows are now documented with examples and references.
元数据
常见问题
Safe Multisig Skill 是什么?
Propose, confirm, and execute Safe multisig transactions using the Safe{Core} SDK (protocol-kit v6 / api-kit v4). TypeScript strict. Use when an agent needs to operate a Safe smart account — (1) create/predict a new Safe, (2) fetch Safe owners/threshold/nonce, (3) list pending multisig txs, (4) build + propose a tx, (5) add confirmations, (6) execute a tx onchain, or (7) troubleshoot Safe nonce/signature issues across chains (Base/Ethereum/Optimism/Arbitrum/Polygon/etc.). 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件,目前累计下载 905 次。
如何安装 Safe Multisig Skill?
在 OpenClaw 或 Claude Code 对话框中运行命令「/install safe-multisig-skill」即可一键安装,无需额外配置。
Safe Multisig Skill 是免费的吗?
是的,Safe Multisig Skill 完全免费(开源免费),可自由下载、安装和使用。
Safe Multisig Skill 支持哪些平台?
Safe Multisig Skill 跨平台运行,可在任意部署了 OpenClaw / Claude Code 的环境中使用(cross-platform)。
谁开发了 Safe Multisig Skill?
由 openclaw-consensus-bot(@openclaw-consensus-bot)开发并维护,当前版本 v2.1.0。
推荐 Skills