← 返回 Skills 市场
silostack

SilkyWay

作者 silostack · GitHub ↗ · v1.0.9
cross-platform ✓ 安全检测通过
656
总下载
0
收藏
0
当前安装
3
版本数
在 OpenClaw 中安装
/install silkyway
功能描述
Agent banking and payments on Solana. Send and receive stablecoins with cancellable escrow transfers. Optional on-chain accounts with policy-enforced spendin...
安全使用建议
This skill appears to do what it says (a Solana payments CLI) and uses an expected npm install path, but review these before installing or using with real funds: - Private keys are stored locally and unencrypted in ~/.config/silkyway/config.json (bs58). Protect that file, avoid syncing it to cloud backups, and restrict filesystem permissions. - There is an undocumented environment override: setting SILK_API_URL will redirect the CLI to any server. Only set this if you trust the server. A malicious endpoint could respond with crafted payloads or accept signed transactions; the private key itself still stays local, but changing the endpoint can alter transaction flows. - Verify the npm package origin (publisher, npm page, GitHub repo and releases) before installing globally. Confirm the published package includes the expected dist/cli binary and matches the source repository. - On first use, prefer devnet (test tokens) to exercise functionality before using mainnet with real USDC. - If you need stronger protection, consider using an encrypted key store or hardware signer rather than keeping raw secret keys in a plaintext config file. If you want, I can: (1) list exact files that hold private keys/config, (2) show the calls that use SILK_API_URL, or (3) draft a short checklist to harden local config and permissions before use.
功能分析
Type: OpenClaw Skill Name: silkyway Version: 1.0.9 The OpenClaw skill bundle provides a Solana CLI tool for payments, implementing a non-custodial 'build-sign-submit' transaction flow where private keys are generated and stored locally at `~/.config/silkyway/config.json` and never transmitted to the backend. While storing private keys in plaintext (base58-encoded) in a local configuration file is a security vulnerability if the user's machine is compromised, this behavior is explicitly documented in `SKILL.md` and `README.md`, indicating transparency rather than malicious intent. All network communications are directed to the expected `silkyway.ai` domains, and there are no signs of data exfiltration, unauthorized execution, persistence mechanisms, or prompt injection attempts in the `SKILL.md` or code files. Dependencies are standard and appropriate for a Solana CLI tool.
能力评估
Purpose & Capability
Name/description (agent banking/payments on Solana) matches the code and SKILL.md. The package is an npm CLI (@silkysquad/silk) that implements wallet creation, escrow transfers, claim/cancel, on-chain accounts, contacts, and a support chat — all coherent with the stated purpose.
Instruction Scope
SKILL.md instructs the agent to install and run the 'silk' CLI and references the expected config paths (~/.config/silkyway). The runtime instructions and included code only call the SilkyWay API (api.silkyway.ai / devnet-api.silkyway.ai) and the app web UI (app.silkyway.ai). One inconsistency: the code reads process.env.SILK_API_URL to override the API base, but the skill metadata/requirements do not declare this env var — this allows changing the server the CLI talks to and should be considered by deployers.
Install Mechanism
Install is an npm package (@silkysquad/silk). This is a standard distribution channel for a CLI; risk is moderate but expected for a Node.js CLI. No arbitrary HTTP download/extract install steps are present.
Credentials
The skill declares no required credentials or env vars, which aligns with the functionality. However, the code stores private keys locally (bs58-encoded) in ~/.config/silkyway/config.json in plaintext — expected for a simple CLI but a sensitive practice. Also, the code respects an undocumented SILK_API_URL env var which can redirect API calls to an arbitrary endpoint; that environment override is not described in SKILL.md/metadata and increases attack surface if misconfigured or set maliciously.
Persistence & Privilege
The skill is not always-included and uses normal autonomous invocation defaults. It persists its own config and contacts under ~/.config/silkyway and does not attempt to modify other skills or system-wide settings. Writing local wallet config (including private keys) is expected for a CLI wallet but is a sensitive action — documented in SKILL.md.
如何使用
  1. 确保已安装 OpenClaw(本地或 Docker 部署)
  2. 在对话框中输入安装命令:/install silkyway
  3. 安装完成后,直接呼叫该 Skill 的名称或使用 /silkyway 触发
  4. 根据 Skill 的参数说明提供必要输入,即可获得结构化输出
版本历史
v1.0.9
- Change default config/data path from `~/.config/silk` to `~/.config/silkyway` for all CLI data (wallets, contacts, etc). - Update documentation (README.md, SKILL.md) to reflect new config path and file locations. - Update package version to 1.0.9.
v1.0.8
SilkyWay 1.0.8 - Updated documentation in SKILL.md to provide detailed setup, usage, and command references for agent banking and payments on Solana. - Describes new features such as escrow payments with cancellable transfers, optional on-chain accounts with enforced spending limits, address book, multi-wallet support, and support chat. - Lists instructions for cluster configuration, funding, account setup, and detailed CLI usage. - Clarifies usage of both escrow payments and on-chain accounts, including their differences and appropriate scenarios.
v1.0.3
- New SKILL.md provides full documentation for installing and using silkyway (silk) for agent payments on Solana. - Details setup steps, multi-wallet support, USDC escrow payments, on-chain accounts, and address book features. - Includes CLI reference and explanations of agent/human roles, spending limits, and payment flows. - Adds support chat feature and clear instructions for testing on devnet vs mainnet.
元数据
Slug silkyway
版本 1.0.9
许可证
累计安装 0
当前安装数 0
历史版本数 3
常见问题

SilkyWay 是什么?

Agent banking and payments on Solana. Send and receive stablecoins with cancellable escrow transfers. Optional on-chain accounts with policy-enforced spendin... 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件,目前累计下载 656 次。

如何安装 SilkyWay?

在 OpenClaw 或 Claude Code 对话框中运行命令「/install silkyway」即可一键安装,无需额外配置。

SilkyWay 是免费的吗?

是的,SilkyWay 完全免费(开源免费),可自由下载、安装和使用。

SilkyWay 支持哪些平台?

SilkyWay 跨平台运行,可在任意部署了 OpenClaw / Claude Code 的环境中使用(cross-platform)。

谁开发了 SilkyWay?

由 silostack(@silostack)开发并维护,当前版本 v1.0.9。

推荐 Skills
self-improving agent
Captures learnings, errors, and corrections to enable continuous improvement. Use when: (1) A command or operation fails unexpectedly, (2) User corrects Clau...
⬇ 463283 · by pskoett
Skill Vetter
Security-first skill vetting for AI agents. Use before installing any skill from ClawdHub, GitHub, or other sources. Checks for red flags, permission scope, and suspicious patterns.
⬇ 259410 · by spclaudehome
Polymarket
Query Polymarket prediction markets. Check odds, find trending markets, search events, track price movements.
⬇ 232503 · by joelchance
Self-Improving + Proactive Agent
Self-reflection + Self-criticism + Self-learning + Self-organizing memory. Agent evaluates its own work, catches mistakes, and improves permanently. Use when...
⬇ 200423 · by ivangdavila
Github
Interact with GitHub using the `gh` CLI. Use `gh issue`, `gh pr`, `gh run`, and `gh api` for issues, PRs, CI runs, and advanced queries.
⬇ 191115 · by steipete
ontology
Typed knowledge graph for structured agent memory and composable skills. Use when creating/querying entities (Person, Project, Task, Event, Document), linkin...
⬇ 190156 · by oswalpalash

💬 留言讨论