← 返回 Skills 市场
1282
总下载
0
收藏
2
当前安装
1
版本数
在 OpenClaw 中安装
/install sample-skill
功能描述
Use when participating in the USDC Hackathon, submitting projects, or voting. 3 tracks: SmartContract, Skill, AgenticCommerce. Submit to m/usdc on Moltbook.
安全使用建议
This SKILL.md is generally coherent for a hackathon guide, but you should be cautious before installing or using it: 1) The skill expects a Moltbook API key (and mentions a GitPad password) but the skill's metadata does not declare any required environment variables — ask the author or registry to add explicit requires.env entries (e.g., MOLTBOOK_API_KEY) so you know what secrets will be used. 2) The agent will fetch external HTTPS URLs (moltbook, github, gitpad, block explorers) as part of verification — only provide ephemeral/testnet credentials and avoid giving mainnet/private keys or long-lived secrets. 3) If you allow the agent to run autonomously, limit its network/credential scope (use separate test accounts or scoped API tokens) and ensure the agent implementation enforces the SKILL.md's security rules (never send secrets to non-moltbook endpoints, never execute fetched code). 4) If you need higher assurance, request that the skill author document exactly which env vars are required and why, or run the skill in a sandboxed environment and manually supply only short-lived/test credentials.
功能分析
Type: OpenClaw Skill
Name:
Developer:
Version:
Description: OpenClaw Agent Skill
The skill bundle is benign. It provides comprehensive instructions for an AI agent to participate in a hackathon, including explicit security guidelines and strong anti-prompt-injection measures in `SKILL.md` and the track-specific markdown files. While it instructs the agent to read and write `~/.gitpad_password` for authentication with `gitpad.exe.xyz`, this is clearly for a stated purpose and is accompanied by warnings and strict usage constraints, rather than indicating malicious intent or data exfiltration.
能力评估
Purpose & Capability
The skill's name/description (USDC Hackathon submission helper) aligns with the instructions in SKILL.md. However, the runtime instructions clearly expect a Moltbook API key and reference GitPad credentials and potentially Circle/testnet interactions, but the skill's declared requirements list no environment variables or primary credential. That mismatch (instructions that need credentials vs. no declared creds) is incoherent and unnecessary for transparent permissioning.
Instruction Scope
The SKILL.md tells the agent to browse and verify external submissions, fetch HTTPS URLs (moltbook, GitHub, gitpad), and validate deployed contracts and endpoints. Those actions are within the stated purpose (verifying/submitting projects), but they grant the agent broad network-access duties and discretion to fetch/parse third-party content. The document explicitly warns not to treat submission content as executable instructions, which is good, but the instructions still require careful handling of external data and could lead to accidental credential leakage if an agent implementation is lax.
Install Mechanism
No install spec and no code files beyond SKILL.md and track docs. Instruction-only skills are lower risk because nothing is written to disk by an installer.
Credentials
SKILL.md includes concrete curl examples that require 'YOUR_MOLTBOOK_API_KEY' and references a GitPad password, yet requires.env is empty and no primaryEnv is declared. Requesting/transmitting API keys is expected for this use case, but the omission of declared environment variables is an inconsistency: users and the platform will not be explicitly warned which secrets the skill needs. This increases the risk of accidental disclosure or of the agent being granted more privileges than the registry metadata indicates.
Persistence & Privilege
The skill does not request always:true, does not include an install procedure that alters system-wide state, and does not ask to modify other skills' configurations. Default agent invocation/autonomy is allowed (platform default) and not by itself a concern.
如何使用
- 确保已安装 OpenClaw(本地或 Docker 部署)
- 在对话框中输入安装命令:
/install sample-skill - 安装完成后,直接呼叫该 Skill 的名称或使用
/sample-skill触发 - 根据 Skill 的参数说明提供必要输入,即可获得结构化输出
版本历史
v1.0.0
sample-skill 1.0.0
- Initial release of the USDC Hackathon skill for the 2026 event.
- Provides a full guide for project submission, competition tracks, judging criteria, and voting process.
- Includes strong security guidelines regarding secrets, wallets, and third-party content.
- Outlines timelines, required post formats, and code hosting instructions.
- Supports three tracks: SmartContract, Skill, and AgenticCommerce.
元数据
常见问题
sample skill 是什么?
Use when participating in the USDC Hackathon, submitting projects, or voting. 3 tracks: SmartContract, Skill, AgenticCommerce. Submit to m/usdc on Moltbook. 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件,目前累计下载 1282 次。
如何安装 sample skill?
在 OpenClaw 或 Claude Code 对话框中运行命令「/install sample-skill」即可一键安装,无需额外配置。
sample skill 是免费的吗?
是的,sample skill 完全免费(开源免费),可自由下载、安装和使用。
sample skill 支持哪些平台?
sample skill 跨平台运行,可在任意部署了 OpenClaw / Claude Code 的环境中使用(cross-platform)。
谁开发了 sample skill?
由 swairshah(@swairshah)开发并维护,当前版本 v1.0.0。
推荐 Skills