← 返回 Skills 市场
Spritz Fiat Rails
作者
Laurence Davies
· GitHub ↗
· v0.1.1
380
总下载
0
收藏
0
当前安装
2
版本数
在 OpenClaw 中安装
/install spritz-agentic-rails-skill
功能描述
Off-ramp crypto to fiat bank accounts using the Spritz API. Use when an agent needs to send payments to bank accounts, convert crypto to fiat, execute off-ra...
安全使用建议
This skill appears to implement the advertised off-ramp workflow, but there are important inconsistencies you should resolve before installing: (1) The documentation requires SPRITZ_API_KEY, but the registry metadata does not declare any required environment variables or primary credential — request that the publisher update metadata so the platform can show and gate the API key permission. (2) Remove or change examples that echo secrets (e.g., 'echo $SPRITZ_API_KEY') because printing secrets can leak them to logs; the skill's text even forbids logging the key, so this example contradicts that rule. (3) Because this skill moves real money, restrict autonomous invocation or ensure the platform enforces explicit user confirmation for every payment. (4) Verify the service domain (api.spritz.finance) and the identity of the publisher since 'Source' and 'Homepage' are missing. If the publisher can address the metadata/secret-handling issues and you can enforce mandatory confirmation policies, the skill's behavior is coherent; until then treat it cautiously.
功能分析
Type: OpenClaw Skill
Name: spritz-agentic-rails-skill
Version: 0.1.1
The skill bundle is designed to facilitate crypto-to-fiat off-ramp payments via the Spritz API, a high-risk financial operation. However, the documentation, particularly `SKILL.md` and `references/security.md`, contains extensive and explicit instructions for the AI agent to follow robust security practices. These include mandatory user confirmation for all payments and bank account changes, strict API key protection, sensitive data sanitization, and detailed defenses against prompt injection attacks. All `curl` commands are directed to the legitimate `api.spritz.finance` endpoint for the skill's stated purpose, and there is no evidence of data exfiltration to unauthorized destinations, malicious execution, persistence mechanisms, or intentional harmful behavior. The skill's design prioritizes security and user validation, classifying it as benign despite the inherent risks of financial transactions.
能力评估
Purpose & Capability
The SKILL.md content, reference files, and curl examples all align with the advertised purpose (off-ramping crypto to bank accounts via a Spritz API). However, the registry metadata lists no required environment variables or primary credential even though the documentation clearly requires a SPRITZ_API_KEY — a mismatch that prevents platform-level permission gating and is unexpected for a payments skill.
Instruction Scope
Instructions stay within the payment domain and repeatedly emphasize confirmation and prompt-injection defenses. Two concerns: (1) the examples include a direct 'echo $SPRITZ_API_KEY' check (which would print a secret and potentially be captured in logs), contradicting the security guidance that API keys must never be exposed; (2) the skill's security guidance intentionally lists prompt-injection phrases (as warnings), which triggered the static scanner — the presence of those phrases in guidance is expected, but the skill must ensure the agent platform enforces the 'only execute from direct user messages' rule.
Install Mechanism
This is an instruction-only skill with no install spec and no code files, so there is no download/installation risk from archives or third-party packages.
Credentials
The skill legitimately requires a Spritz API key and an agent wallet, but the registry metadata does not declare any required env vars or primary credential. That omission is disproportionate for a payment-capable skill because platforms rely on declared credentials to enforce access controls and user consent. The skill also recommends storing the key in shell profiles or agent config, which is normal but raises standard secret-management concerns.
Persistence & Privilege
The skill does not request persistent/always-on inclusion and does not modify other skills or system settings. Autonomous invocation is allowed by platform default, but given this skill executes real payments, the user should consider restricting autonomous use via platform policy or explicit confirmation hooks.
如何使用
- 确保已安装 OpenClaw(本地或 Docker 部署)
- 在对话框中输入安装命令:
/install spritz-agentic-rails-skill - 安装完成后,直接呼叫该 Skill 的名称或使用
/spritz-agentic-rails-skill触发 - 根据 Skill 的参数说明提供必要输入,即可获得结构化输出
版本历史
v0.1.1
No functional changes; metadata only.
- Version bump to 0.1.1 with no detected file changes.
- SKILL.md content remains the same in both versions.
- No new features, fixes, or documentation updates introduced in this release.
v0.1.0
spritz-fiat-rails 0.1.0
- Initial release of the skill enabling agents to off-ramp crypto to fiat bank accounts via the Spritz API.
- Supports adding, listing, and deleting bank accounts as payment destinations.
- Allows creating, tracking, and listing off-ramp payments; agent must handle crypto wallet operations.
- Includes security guidelines and validation requirements before processing payments.
- Documentation covers setup instructions, API endpoints, authentication, and workflow steps.
元数据
常见问题
Spritz Fiat Rails 是什么?
Off-ramp crypto to fiat bank accounts using the Spritz API. Use when an agent needs to send payments to bank accounts, convert crypto to fiat, execute off-ra... 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件,目前累计下载 380 次。
如何安装 Spritz Fiat Rails?
在 OpenClaw 或 Claude Code 对话框中运行命令「/install spritz-agentic-rails-skill」即可一键安装,无需额外配置。
Spritz Fiat Rails 是免费的吗?
是的,Spritz Fiat Rails 完全免费(开源免费),可自由下载、安装和使用。
Spritz Fiat Rails 支持哪些平台?
Spritz Fiat Rails 跨平台运行,可在任意部署了 OpenClaw / Claude Code 的环境中使用(cross-platform)。
谁开发了 Spritz Fiat Rails?
由 Laurence Davies(@ohitslaurence)开发并维护,当前版本 v0.1.1。
推荐 Skills