← 返回 Skills 市场
Sur
作者
nkhromovweway
· GitHub ↗
· v1.0.0
664
总下载
2
收藏
0
当前安装
1
版本数
在 OpenClaw 中安装
/install sur-pub
功能描述
Create and trade tokens on SURGE via API with server-managed wallets, one-time free funding, and auto-routed pre-DEX and post-DEX trading on EVM (Base) or So...
安全使用建议
This skill will ask you to give it a SURGE API key and will then create and fund server-managed wallets and launch/trade tokens on your behalf. Before installing or handing over a key:
- Be aware of the metadata mismatch: the registry entry shows no required credentials, but the instructions require a secret API key. Ask the publisher why the registry metadata omits the API key requirement.
- Treat the API key as a secret. Prefer creating a dedicated, limited-scope test key for this skill, not your main account key. If possible, create a key you can revoke easily after testing.
- Do not paste long-lived production keys into public or shared chats. If you must provide a key to the agent, use a temporary/test key and revoke it after use.
- Understand custody implications: the SURGE backend (back.surgedevs.xyz) will manage wallets and private keys; you are trusting that service with funds. Verify the service identity (app.surgedevs.xyz), read their docs/privacy/security, and consider using only small/test amounts first.
- Because the skill's publisher/source is unknown and there is no homepage, exercise extra caution: ask for publisher verification, check reviews or community references, and consider contacting SURGE directly to confirm the API endpoints and behavior before giving access.
If you decide to proceed, create a minimal-scope test API key, use test funds only, monitor the key's activity, and revoke it when finished.
功能分析
Type: OpenClaw Skill
Name: sur-pub
Version: 1.0.0
The OpenClaw skill bundle is designed to help users create and trade tokens on the SURGE platform (DEV environment) via API calls to `https://back.surgedevs.xyz`. The `SKILL.md` provides extensive instructions to the AI agent, including strong guardrails such as 'Never invent data,' 'Always confirm before launch,' and 'Translate errors,' which mitigate common AI agent risks. While the agent is instructed to tell the user to use `curl -F ... https://file.io` for file uploads, this is a common pattern for users to provide direct links, not an instruction for the agent to execute arbitrary commands. The 'do this silently' instruction is for a benign configuration fetch (`GET /openclaw/launch-info`). There is no evidence of intentional data exfiltration, backdoor installation, or unauthorized remote control, and all API interactions are confined to the stated purpose and domain.
能力评估
Purpose & Capability
The SKILL.md describes a SURGE launchpad integrator that requires an API key (keys starting with 'sk-surge-...') and performs wallet creation, funding, token launches, and trading via back.surgedevs.xyz. However, the registry metadata for the skill lists no required environment variables, no primary credential, and gives no description or homepage. The declared metadata does not match the actual capabilities/integration documented in SKILL.md.
Instruction Scope
The instructions are self-contained and focused on the SURGE API: load launch-info, create server-managed wallets, trigger one-time funding, check balances, collect token data, and call endpoints. This is coherent with the stated function. However, the skill explicitly instructs the agent to ask the user for their API key (or to instruct the user to create one and paste it into chat) so the agent can perform sensitive actions on the user's behalf. Asking users to paste secrets into the chat is risky and should be highlighted to the user.
Install Mechanism
This is an instruction-only skill with no install spec and no code files—lowest installation risk. Nothing is written to disk by an installer described in the registry.
Credentials
The runtime requires an API key scoped to the SURGE backend (X-API-Key) to perform wallet and fund operations, but the skill metadata did not declare any required environment variables or a primary credential. That omission is an inconsistency: the skill needs a sensitive credential, yet the registry listing does not advertise it. The skill also asks the user to hand the key to the agent directly, which concentrates powerful permission into the agent session.
Persistence & Privilege
The skill does not request 'always: true' and does not declare system config changes. However, its behavior (managing server-side wallets and one-time funding) means the service behind the API holds private keys/funds for the user — installing this skill effectively delegates custody/trading authority to that external service via the provided API key. That is a trust and privilege decision users must make deliberately.
如何使用
- 确保已安装 OpenClaw(本地或 Docker 部署)
- 在对话框中输入安装命令:
/install sur-pub - 安装完成后,直接呼叫该 Skill 的名称或使用
/sur-pub触发 - 根据 Skill 的参数说明提供必要输入,即可获得结构化输出
版本历史
v1.0.0
test
元数据
常见问题
Sur 是什么?
Create and trade tokens on SURGE via API with server-managed wallets, one-time free funding, and auto-routed pre-DEX and post-DEX trading on EVM (Base) or So... 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件,目前累计下载 664 次。
如何安装 Sur?
在 OpenClaw 或 Claude Code 对话框中运行命令「/install sur-pub」即可一键安装,无需额外配置。
Sur 是免费的吗?
是的,Sur 完全免费(开源免费),可自由下载、安装和使用。
Sur 支持哪些平台?
Sur 跨平台运行,可在任意部署了 OpenClaw / Claude Code 的环境中使用(cross-platform)。
谁开发了 Sur?
由 nkhromovweway(@nkhromovweway)开发并维护,当前版本 v1.0.0。
推荐 Skills