← 返回 Skills 市场
StonebornBot
作者
thepublisher
· GitHub ↗
· v1.0.0
763
总下载
0
收藏
2
当前安装
1
版本数
在 OpenClaw 中安装
/install stonebornbot
功能描述
High-speed NFT mint bot for Ethereum and EVM chains. Use when the user wants to snipe NFT mints, speed-mint collections, set up multi-wallet minting bots, configure mint sniping with pre-signed transactions, or automate NFT minting across multiple wallets. Supports ERC721A, Archetype contracts, Flashbots, war mode gas, WebSocket monitoring, mempool watching, and batch minting with 100+ wallets.
安全使用建议
This skill appears to implement what it claims, but it handles very sensitive data and has some inconsistencies — proceed cautiously. Before running or installing: 1) Review the JavaScript files yourself (or have someone you trust do it) paying attention to network calls that transmit private keys or signed data (bankrSign, bankrSubmit, Flashbots submission, raw RPC broadcasts). 2) Do NOT put your main/private keys or funded wallets into the provided config.json in a repo — use ephemeral/test wallets first. 3) Fix the obvious mismatch: batch-test.js expects config-test-all.json but the instructions create scripts/config.json; ensure test scripts point at the right file. 4) Use isolated environment (throwaway VM or container) and limit network exposure when first testing. 5) If you must use funded wallets, keep only minimal funds and prefer using a hardware wallet for the funding account. 6) Verify external endpoints (cfg.bankr.apiUrl, flashbots.relayUrl, rpcUrls) are correct/trusted before entering API keys. 7) Consider whether using a public npm package install is acceptable in your environment; inspect package.json after setup. If you are not comfortable auditing the code or providing private keys, do not run this skill.
功能分析
Type: OpenClaw Skill
Name: stonebornbot
Version: 1.0.0
The skill bundle is classified as suspicious due to its inherent high-risk functionality, specifically the direct handling of private keys for multiple cryptocurrency wallets as configured in `scripts/config.json` (derived from `assets/config-template.json`). While this capability is central to its stated purpose as an 'NFT Mint Bot' and the `references/wallet-management.md` documentation advises users on security best practices (e.g., 'Never commit private keys to version control'), the direct management of private keys within the application's configuration introduces a significant vulnerability risk if the user's environment or configuration file is compromised. There is no evidence of intentional malicious behavior such as data exfiltration to unauthorized endpoints, persistence mechanisms, or prompt injection attempts in `SKILL.md` beyond the skill's stated purpose.
能力评估
Purpose & Capability
Name/description (NFT mint bot, multi-wallet, pre-signed txs, Flashbots, Bankr) align with the included scripts (mint-bot.js, batch-test.js, wallet management, Flashbots and Bankr helpers). Required env vars and binaries are minimal/none which is coherent because configuration is file-based.
Instruction Scope
SKILL.md instructs running setup.sh and creating scripts/config.json and to use batch-test.js, but scripts/batch-test.js reads a different filename (config-test-all.json) that does not exist in the package — an inconsistency that will break testing. The code expects users to place private keys and API keys in config files and will POST signed transaction data and API keys to external services (Bankr, Flashbots relay, RPC endpoints). The instructions do not explicitly warn the user to avoid placing real private keys in repo-controlled files (the references mention not committing keys but the quick-start still creates a config file inside scripts).
Install Mechanism
There is no formal install spec, but setup.sh runs npm init and npm install ethers@^6. Installing a single well-known npm package is expected for a Node-based bot — moderate risk (npm packages run arbitrary code at install/run), but the install sources are standard (npm registry), not a raw download from an unknown URL.
Credentials
The skill requests no declared environment variables, but the runtime uses sensitive secrets stored in config.json: wallet private keys, optional Bankr apiKey, Flashbots authSignerKey, and RPC keys (Alchemy). These are proportionate to the bot's purpose but the SKILL.md/manifest do not declare or warn about them formally. Storing those secrets in plaintext project files is risky and the skill gives mixed guidance about where to keep wallet files.
Persistence & Privilege
always:false and no special system-wide persistence or privilege escalation. The skill runs as a one-off Node process and does not modify other skills or global agent settings.
如何使用
- 确保已安装 OpenClaw(本地或 Docker 部署)
- 在对话框中输入安装命令:
/install stonebornbot - 安装完成后,直接呼叫该 Skill 的名称或使用
/stonebornbot触发 - 根据 Skill 的参数说明提供必要输入,即可获得结构化输出
版本历史
v1.0.0
High-speed NFT mint bot - multi-wallet, Archetype support, war mode gas, Flashbots, WebSocket monitoring, mempool watching, batch minting 200+ wallets
元数据
常见问题
StonebornBot 是什么?
High-speed NFT mint bot for Ethereum and EVM chains. Use when the user wants to snipe NFT mints, speed-mint collections, set up multi-wallet minting bots, configure mint sniping with pre-signed transactions, or automate NFT minting across multiple wallets. Supports ERC721A, Archetype contracts, Flashbots, war mode gas, WebSocket monitoring, mempool watching, and batch minting with 100+ wallets. 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件,目前累计下载 763 次。
如何安装 StonebornBot?
在 OpenClaw 或 Claude Code 对话框中运行命令「/install stonebornbot」即可一键安装,无需额外配置。
StonebornBot 是免费的吗?
是的,StonebornBot 完全免费(开源免费),可自由下载、安装和使用。
StonebornBot 支持哪些平台?
StonebornBot 跨平台运行,可在任意部署了 OpenClaw / Claude Code 的环境中使用(cross-platform)。
谁开发了 StonebornBot?
由 thepublisher(@olawoyin206)开发并维护,当前版本 v1.0.0。
推荐 Skills