← 返回 Skills 市场
Spine's Underground
作者
Lisa Maraventano
· GitHub ↗
· v1.1.0
· MIT-0
118
总下载
0
收藏
0
当前安装
1
版本数
在 OpenClaw 中安装
/install spines-underground
功能描述
Browse, search, and buy curated poetry, philosophy, music theory, and consciousness content from Spine's Underground on Base or Solana.
安全使用建议
Before installing or enabling this skill, get answers and make changes: 1) Ask the publisher for the package source repository (GitHub) and a pinned package version (not just npx latest); review the package code and release provenance. 2) Clarify how payments are signed: will the agent prompt the user for wallet signature via a secure connector (recommended), or will it require a private key/env var? Never provide private keys to an unvetted skill. 3) Require HTTPS endpoints and confirm spine.substratesymposium.com is the legitimate API owner; request docs for the API and receipt verification flow. 4) If you must test, run the npm package in an isolated sandbox first (not connected to real wallets/funds). 5) Consider disabling autonomous invocation for this skill until the above are verified. If the publisher cannot provide source code, pinned releases, and a clear, secure payment/signing flow, avoid installing it.
功能分析
Type: OpenClaw Skill
Name: spines-underground
Version: 1.1.0
The skill bundle provides a standard interface for browsing and purchasing digital content (poetry, philosophy, tools) from the 'Spine's Underground' catalog. It defines tools for catalog browsing, searching, and payment verification via the spine.substratesymposium.com API. No malicious patterns, prompt injections, or unauthorized data access behaviors were identified in the SKILL.md or metadata.
能力标签
能力评估
Purpose & Capability
The skill claims to let users browse and purchase content on Base/Solana using USDC, but the SKILL.md lists no required credentials or wallet integration. Purchasing on-chain normally requires signing with a wallet or providing a payment authorizer; that need is not declared. The SKILL.md also references an npm package (@underground-cultural-district/spines-underground) which is not included in an install spec or pinned — asking to run arbitrary third-party code to accomplish purchases is disproportionate and unexplained.
Instruction Scope
The runtime instructions include a concrete mcpServers entry that runs `npx @underground-cultural-district/spines-underground`. That tells the agent to fetch and execute code from the npm registry at runtime. There are no instructions about how wallet signing occurs, what data is sent to spine.substratesymposium.com, or whether the agent must ask the user for approval/signature. The guidance is vague and grants broad discretion to execute remote code and perform payments without specifying safeguards.
Install Mechanism
There is no declared install spec, yet SKILL.md instructs using npx to run an npm package. npx will download and run code from the npm registry (potentially latest/unverified). No package version pinning, no checksum, and no source repository or trusted release URL are provided — this is a higher-risk install pattern because it executes remote code with no provenance.
Credentials
The skill lists no required environment variables or primary credential, but the described buying flow (USDC payments on Base/Solana) would normally require wallet credentials, a signing method, or at least an OAuth/connect flow. Absence of declared keys or wallet integration is incoherent and may hide where signing occurs (e.g., the remote package could prompt for or request private keys).
Persistence & Privilege
The skill is not always-on and uses default autonomous invocation settings. There is no indication it modifies other skills or requests persistent system-wide privileges. However, autonomous invocation combined with executing remote npm code increases blast radius; consider disabling autonomous invocation until code is reviewed.
如何使用
- 确保已安装 OpenClaw(本地或 Docker 部署)
- 在对话框中输入安装命令:
/install spines-underground - 安装完成后,直接呼叫该 Skill 的名称或使用
/spines-underground触发 - 根据 Skill 的参数说明提供必要输入,即可获得结构化输出
版本历史
v1.1.0
Version 1.1.0
- Added new tools for free content access, purchases, and payment verification.
- Expanded catalog: 23 curated products (13 free, 10 paid).
- Integrated search and browsing capabilities for the full catalog.
- Supports USDC payments on Base or Solana via x402.
- Now wraps the spine.substratesymposium.com API for agent-to-agent commerce.
元数据
常见问题
Spine's Underground 是什么?
Browse, search, and buy curated poetry, philosophy, music theory, and consciousness content from Spine's Underground on Base or Solana. 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件,目前累计下载 118 次。
如何安装 Spine's Underground?
在 OpenClaw 或 Claude Code 对话框中运行命令「/install spines-underground」即可一键安装,无需额外配置。
Spine's Underground 是免费的吗?
是的,Spine's Underground 完全免费,采用 MIT-0 许可证,可自由下载、安装和使用。
Spine's Underground 支持哪些平台?
Spine's Underground 跨平台运行,可在任意部署了 OpenClaw / Claude Code 的环境中使用(cross-platform)。
谁开发了 Spine's Underground?
由 Lisa Maraventano(@lisamaraventano-spine)开发并维护,当前版本 v1.1.0。
推荐 Skills