← 返回 Skills 市场
np793

Teneo-Protocol-CLI

作者 np793 · GitHub ↗ · v1.0.3 · MIT-0
cross-platform ⚠ suspicious
178
总下载
3
收藏
0
当前安装
4
版本数
在 OpenClaw 中安装
/install teneoprotocolcli
功能描述
Execute Teneo Protocol agent commands and handle x402 USDC payments on Base, Avalanche, PEAQ, and XLayer. Query agents, send commands, manage rooms, and proc...
安全使用建议
This skill could legitimately need a generated wallet to pay Teneo agents, but there are several red flags you should resolve before installing or funding any wallet it creates: 1) Ask the publisher for source code and an install script. The SKILL.md names npm packages but the registry entry has no install spec or code — confirm how the SDKs are provided and inspect the implementation (especially wallet encryption + withdrawal logic). 2) Confirm where and how the master encryption secret is derived and stored. The doc mentions a 'master secret' but gives no details; verify it is created locally, with secure permissions, and never transmitted. 3) Require explicit config-path declaration and an option to use an external signer. The skill writes to ~/.teneo-wallet/ but the metadata doesn't declare this; ask for the exact files it will create and a way to plug in a hardware or external wallet instead of auto-generating keys. 4) Do not fund any wallet until you can audit the code and the backend. Use a tiny test amount first, and prefer running the skill in an isolated VM or container. 5) Verify the backend endpoint and TLS certificate (wss://backend.developer.chatroom.teneo-protocol.ai) and review the referenced SDK on npm/GitHub to ensure it matches the publisher's claims. 6) Consider disabling autonomous invocation or limiting network access for the agent while you evaluate it; persistent wallet-writing plus autonomous execution increases blast radius. If the publisher cannot provide source, install instructions, or clear secret-management details, treat this skill as untrusted for handling real funds.
功能分析
Type: OpenClaw Skill Name: teneoprotocolcli Version: 1.0.3 The skill bundle 'teneoprotocolcli' provides a CLI for interacting with the Teneo Protocol, involving AI agent queries and USDC micropayments. It automatically generates a crypto wallet, stores the private key encrypted at rest in '~/.teneo-wallet/', and includes a listener ('registerTxSigner' in 'teneo.js') that automatically signs and broadcasts transactions requested by the remote Teneo WebSocket server (wss://backend.developer.chatroom.teneo-protocol.ai). While these capabilities are aligned with the stated purpose of the protocol, the automated signing of remote transaction requests poses a significant security risk, as a compromised backend could potentially drain the wallet. The skill also includes a command to export the private key in plaintext. These high-risk financial capabilities, combined with the requirement for the agent to manage a funded wallet, warrant a suspicious classification, although no clear evidence of intentional malice or exfiltration of existing user secrets was found.
能力评估
Purpose & Capability
Requiring a private key to sign x402 USDC payments is consistent with the stated purpose (paid agent queries). However, the skill declares several npm dependencies and a backend endpoint in documentation but the registry entry contains no install spec or code files — this mismatch (declared runtime dependencies but no install instructions) is unexpected and should be explained by the publisher.
Instruction Scope
The SKILL.md instructs the agent to auto-generate a wallet, encrypt and store the private key under ~/.teneo-wallet/, derive a 'master secret', detect the first funder on-chain, sign payments, connect to a wss backend, and allow withdrawals. Those are privileged actions (writing files, managing keys, making on-chain queries and signing transactions). The manifest did not declare any config paths or explain how the master secret is derived/stored or which RPC providers are used, so the runtime scope is more expansive than the metadata suggests.
Install Mechanism
This is an instruction-only skill (no install spec), yet SKILL.md lists specific npm dependencies (@teneo-protocol/sdk, viem, etc.). Without an install mechanism, it's unclear whether the agent environment already contains those packages or how they will be installed. That gap is a practical incoherence rather than an explicit malicious signal, but it needs clarification.
Credentials
The skill requests no environment variables or credentials in metadata, yet the runtime behavior implies access to network RPC endpoints, filesystem write access for private keys and 'master secret', and interaction with a payment backend. There is no declared justification for these accesses (no config paths declared), and encryption/secret management details are vague — this is disproportionate to what's declared and increases risk to user funds and secrets.
Persistence & Privilege
Although 'always' is false and autonomous invocation is allowed by default, the skill's instructions persistently write encrypted private-key material to the user's home (~/.teneo-wallet/) and claim long-lived behavior (auto-generated wallet, withdraw functionality). The registry metadata failed to declare those config paths or describe lifecycle/cleanup, which is a notable privilege/persistence mismatch that the user should not ignore.
如何使用
  1. 确保已安装 OpenClaw(本地或 Docker 部署)
  2. 在对话框中输入安装命令:/install teneoprotocolcli
  3. 安装完成后,直接呼叫该 Skill 的名称或使用 /teneoprotocolcli 触发
  4. 根据 Skill 的参数说明提供必要输入,即可获得结构化输出
版本历史
v1.0.3
Teneo Protocol CLI v1.0.3 - Added explicit instruction: always display user-facing status updates before, during, and after every CLI step to improve transparency and user experience. - Expanded guidelines for agent reachability: clarified that "online" agents may still be disconnected in the current room, and suggested always testing with a cheap command first. - Introduced a pre-query checklist detailing required steps before running any agent query (review syntax, agent status, room state, fallbacks, and verifying handles). - Improved documentation on fallback strategies when agents are unreachable and best practices to avoid wasted funds. - No code changes; documentation (SKILL.md) only.
v1.0.2
teneo-protocol-cli v1.0.2 - Updated setup instructions: added specific package versions, `NODE_OPTIONS`, and the `pino-pretty` dependency for improved reliability. - Clarified agent discovery: now emphasizes the difference between agent internal IDs (required for commands) and display names. - Updated documentation for agent commands: explicitly documents correct command usage with agent IDs and clarifies validation rules. - Minor wording and formatting improvements to ensure clearer, more accurate guidance for users.
v1.0.1
**Version 1.0.1 Changelog — Updated Skill Metadata and Naming** - Description improved for clarity: now clearly states that the CLI auto-generates its own wallet, never touches user keys, and supports agent discovery, room management, and x402 USDC micropayments. - Enhanced security and privacy declaration: clearly explains why a private key is required, how the wallet is auto-generated, encrypted, and never connected to any user wallet. - No code, logic, or feature changes; documentation/metadata only. All setup, usage, and room management instructions remain unchanged. - SDK, dependencies, and backend endpoint details are now explicitly mentioned and referenced.
v1.0.0
teneo-execute v1.0.0 - Initial release of the Teneo Protocol agent execution and micropayment skill. - Supports executing agent commands and processing x402 USDC payments on Base, Avalanche, PEAQ, and XLayer. - Automatically manages secure wallet creation, encryption, and storage. - Enforces Teneo room rules (max 5 agents per room; add/remove agents as needed). - Requires one-time local setup of the Teneo CLI tool with all dependencies. - Emphasizes security, privacy, and clear communication of agent/room policies to users.
元数据
Slug teneoprotocolcli
版本 1.0.3
许可证 MIT-0
累计安装 0
当前安装数 0
历史版本数 4
常见问题

Teneo-Protocol-CLI 是什么?

Execute Teneo Protocol agent commands and handle x402 USDC payments on Base, Avalanche, PEAQ, and XLayer. Query agents, send commands, manage rooms, and proc... 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件,目前累计下载 178 次。

如何安装 Teneo-Protocol-CLI?

在 OpenClaw 或 Claude Code 对话框中运行命令「/install teneoprotocolcli」即可一键安装,无需额外配置。

Teneo-Protocol-CLI 是免费的吗?

是的,Teneo-Protocol-CLI 完全免费,采用 MIT-0 许可证,可自由下载、安装和使用。

Teneo-Protocol-CLI 支持哪些平台?

Teneo-Protocol-CLI 跨平台运行,可在任意部署了 OpenClaw / Claude Code 的环境中使用(cross-platform)。

谁开发了 Teneo-Protocol-CLI?

由 np793(@np793)开发并维护,当前版本 v1.0.3。

推荐 Skills
self-improving agent
Captures learnings, errors, and corrections to enable continuous improvement. Use when: (1) A command or operation fails unexpectedly, (2) User corrects Clau...
⬇ 463283 · by pskoett
Skill Vetter
Security-first skill vetting for AI agents. Use before installing any skill from ClawdHub, GitHub, or other sources. Checks for red flags, permission scope, and suspicious patterns.
⬇ 259410 · by spclaudehome
Polymarket
Query Polymarket prediction markets. Check odds, find trending markets, search events, track price movements.
⬇ 232503 · by joelchance
Self-Improving + Proactive Agent
Self-reflection + Self-criticism + Self-learning + Self-organizing memory. Agent evaluates its own work, catches mistakes, and improves permanently. Use when...
⬇ 200423 · by ivangdavila
Github
Interact with GitHub using the `gh` CLI. Use `gh issue`, `gh pr`, `gh run`, and `gh api` for issues, PRs, CI runs, and advanced queries.
⬇ 191115 · by steipete
ontology
Typed knowledge graph for structured agent memory and composable skills. Use when creating/querying entities (Person, Project, Task, Event, Document), linkin...
⬇ 190156 · by oswalpalash

💬 留言讨论