← 返回 Skills 市场

Send Token

Name: Send Token
Author: ant-1984

作者 ant-1984 · GitHub ↗ · v0.1.2

cross-platform ⚠ suspicious

414

总下载

当前安装

版本数

在 OpenClaw 中安装

/install send-token

功能描述

Transfer tokens on Solana or Base. Use when the user wants to send, transfer, or pay tokens. Supports native coins (SOL, ETH) and tokens (USDC) by name, plus...

安全使用建议

This skill appears to do what it says (send tokens), but before installing or using it you should: 1) Confirm you have and trust the @openant-ai/cli package on npm (review its npm/GitHub page and prefer a pinned version rather than @latest). 2) Be aware that running the provided commands will cause npx to download and execute remote code at runtime — this can run arbitrary code on your machine. 3) Verify how your wallet/authentication is stored and that you’re comfortable the CLI will only use keys to sign transactions (check the authenticate-openant flow). 4) When using the skill, always double-check recipient addresses, chain selection, and gas reserves; consider running CLI commands yourself (not via an agent) until you trust the tool and package. 5) If you do install/use it, prefer manual invocation or require explicit human confirmation for any send operation; avoid granting this skill autonomous permission to execute transfers.

功能分析

Type: OpenClaw Skill Name: send-token Version: 0.1.2 The skill is classified as suspicious due to the broad `Bash(npx @openant-ai/cli@latest wallet send *)` permission defined in `SKILL.md`. The `*` wildcard allows arbitrary arguments to be passed to the `wallet send` command, which introduces a potential shell injection vulnerability if the underlying `openant-ai/cli` is exploitable or if the agent can be prompted to construct malicious commands. While the `SKILL.md` includes strong safeguards instructing the agent to confirm sensitive actions with the user, the broad permission itself represents a significant risk, even without clear evidence of intentional malicious behavior from the skill author.

能力评估

ℹ Purpose & Capability

The skill's name/description (send tokens on Solana/Base) aligns with the actions described in SKILL.md. However, the instructions require running 'npx @openant-ai/cli@latest', yet the skill metadata lists no required binaries or install steps. At minimum this implies the environment must have node/npm (or otherwise be able to run npx), which is not declared.

✓ Instruction Scope

The SKILL.md stays focused on token transfers: it instructs checking status and balance, mapping NL to CLI args, and explicitly requires explicit user confirmation before sending. It does not instruct reading arbitrary files or exfiltrating unrelated data. The 'override RPC' option could be used to point to arbitrary RPC endpoints, which is expected functionality but increases attack surface if misused.

⚠ Install Mechanism

There is no install spec, but the instructions rely on 'npx @openant-ai/cli@latest'. npx dynamically fetches and executes a package from the npm registry at runtime. That means arbitrary remote code could be executed when the agent runs these commands. Using npx is common, but it is a runtime code fetch that should be acknowledged and vetted (verify package ownership, version pinning, and review source).

ℹ Credentials

The skill declares no required env vars or config paths, but it implicitly depends on the OpenAnt CLI being authenticated to a wallet (mentions an 'authenticate-openant' skill). The SKILL.md does not state where keys/credentials are stored or accessed (local CLI config, OS keychain, hardware wallet, etc.). That omission is noteworthy because token transfers require access to signing credentials; the user should confirm how authentication is managed and protected.

✓ Persistence & Privilege

The skill does not request permanent presence (always:false) and does not modify other skills or system-wide config. disable-model-invocation is false (normal). There is no evidence it requests elevated platform privileges.

如何使用

确保已安装 OpenClaw（本地或 Docker 部署）
在对话框中输入安装命令：/install send-token
安装完成后，直接呼叫该 Skill 的名称或使用 /send-token 触发
根据 Skill 的参数说明提供必要输入，即可获得结构化输出

版本历史

v0.1.2

- Updated references from "EVM" to "Base" for clarity in chain and token support. - Clarified support: only Solana and Base chains are now listed (EVM references removed). - Updated argument descriptions and table entries to match new terminology (e.g., "Base" instead of "EVM"). - Adjusted error messages and NEVER section for chain/address compatibility to align with new scope. - Minor consistency and phrasing improvements throughout the documentation.

v0.1.1

Version 0.1.1 of send-token - No functional or documentation changes detected in this release. - All commands, usage guidelines, and examples remain unchanged. - No new features, bug fixes, or enhancements included.

v0.1.0

- Initial release of the send-token skill. - Supports sending tokens on Solana or Base (EVM) using the OpenAnt CLI. - Allows sending native coins (SOL, ETH), named tokens (USDC), and arbitrary tokens by mint/contract address. - Ensures user confirmation and address validation before transfers; provides safety checks for irreversible blockchain transactions. - Includes detailed instructions, command examples, and error handling guidance.

元数据

Slug send-token

版本 0.1.2

许可证 —

累计安装 0

当前安装数 0

历史版本数 3

常见问题

Send Token 是什么？

Transfer tokens on Solana or Base. Use when the user wants to send, transfer, or pay tokens. Supports native coins (SOL, ETH) and tokens (USDC) by name, plus... 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件，目前累计下载 414 次。

如何安装 Send Token？

在 OpenClaw 或 Claude Code 对话框中运行命令「/install send-token」即可一键安装，无需额外配置。

Send Token 是免费的吗？

是的，Send Token 完全免费（开源免费），可自由下载、安装和使用。

Send Token 支持哪些平台？

Send Token 跨平台运行，可在任意部署了 OpenClaw / Claude Code 的环境中使用（cross-platform）。

谁开发了 Send Token？

由 ant-1984（@ant-1984）开发并维护，当前版本 v0.1.2。