← 返回 Skills 市场
463
总下载
2
收藏
0
当前安装
2
版本数
在 OpenClaw 中安装
/install tokendraft
功能描述
Full suite for TokenDraft fantasy crypto tournaments — authenticate with a Solana wallet, query/join/auto-join tournaments, and manage auto-draft asset prior...
安全使用建议
This skill legitimately needs a Solana private key to sign authentication nonces and on-chain buy-in transactions, but that key is highly sensitive — anyone or any agent with it can sign transactions from the wallet. Before installing: (1) confirm the registry metadata is corrected (SKILL.md requires SOLANA_PRIVATE_KEY but metadata lists none); (2) do not use a mainnet wallet with significant funds — create a dedicated, limited wallet for this skill with only the minimum SOL required for buy-ins; (3) understand the skill will persist a long-lived TOKENDRAFT_JWT in env vars and can automatically re-authenticate and retry requests, so consider restricting autonomous invocation or requiring manual confirmation for buy-ins; (4) verify the tokendraft-production.up.railway.app endpoint and ask the publisher for source/hosting details or a homepage/repository before trusting persistent credentials; (5) if you need stronger safety, decline to provide a private key or only allow ephemeral/manual signing (if possible).
功能分析
Type: OpenClaw Skill
Name: tokendraft
Version: 1.0.1
The OpenClaw AgentSkills bundle for 'tokendraft' appears benign. All actions, including the handling of the sensitive `SOLANA_PRIVATE_KEY` (which is used for local signing only, not exfiltration), network calls to `tokendraft-production.up.railway.app`, and the creation of `openclaw cron` jobs, are directly aligned with the stated purpose of interacting with a fantasy crypto tournament platform. The instructions within `SKILL.md` and the cron job messages are functional commands for the AI agent to perform the skill's legitimate operations (authentication, tournament management, asset ranking automation) and do not show evidence of malicious intent such as data exfiltration, unauthorized access, or persistence mechanisms beyond the skill's stated functionality.
能力评估
Purpose & Capability
The SKILL.md clearly requires a SOLANA_PRIVATE_KEY (sensitive) for signing nonces and on-chain buy-ins — that is logically required for a wallet-backed tournament skill. However the registry metadata listed no required env vars; this mismatch (metadata says none while the runtime instructions require a private key) is an incoherence you should ask the publisher to fix. The private-key requirement itself is proportionate to the described functionality, but the metadata omission is notable.
Instruction Scope
The instructions confine activity to the TokenDraft API endpoints and local signing of messages/transactions. They also instruct the agent to persist TOKENDRAFT_JWT and TOKENDRAFT_USER_ID as environment variables and to automatically re-run auth and retry on 401s. Persisting a long-lived JWT and enabling automatic re-authentication increases the agent's ability to act without user intervention (including signing transactions), which is expected for auto-join/auto-draft features but is a privacy/authorization risk the user should accept consciously.
Install Mechanism
No install steps or external downloads are present (instruction-only). Nothing is written to disk by an installer here, which is the lowest-risk install mechanism.
Credentials
The skill requires a SOLANA_PRIVATE_KEY (sensitive). That is functionally necessary for signing and buy-ins, so it is proportionate to the stated purpose — but because the key grants signing authority, this is high-sensitivity access. The SKILL.md also directs storing TOKENDRAFT_JWT in env vars (persisting credentials). The earlier registry metadata failing to list SOLANA_PRIVATE_KEY is a red flag that the package metadata and runtime instructions are out of sync.
Persistence & Privilege
always:false (good). The skill tells the agent to store TOKENDRAFT_JWT/TOKENDRAFT_USER_ID as env vars and to reauthenticate automatically on 401 — behavior that grants ongoing ability to act (and to sign transactions) without frequent user prompts. This is likely needed for auto-join/auto-draft but increases the blast radius if the agent or environment is compromised.
如何使用
- 确保已安装 OpenClaw(本地或 Docker 部署)
- 在对话框中输入安装命令:
/install tokendraft - 安装完成后,直接呼叫该 Skill 的名称或使用
/tokendraft触发 - 根据 Skill 的参数说明提供必要输入,即可获得结构化输出
版本历史
v1.0.1
- Added structured env var documentation for SOLANA_PRIVATE_KEY, including its encoding, purpose, and sensitivity.
- No functional changes; usage and API flow remain the same.
- The environment variable requirement is now explicitly declared and described for easier configuration and clarity.
v1.0.0
Initial release with authentication and full tournament suite for TokenDraft:
- Solana wallet authentication with secure nonce/signature flow; private key stays local.
- Automatic re-authentication and request retry on token expiration (401 errors).
- Query, join (free or paid), and auto-join fantasy crypto tournaments, including instant roster drafts.
- Manage asset priority rankings for automatic drafting in instant roster tournaments.
- Display name management with rate limiting.
- Comprehensive documentation of all API flows and required environment variables.
元数据
常见问题
TokenDraft 是什么?
Full suite for TokenDraft fantasy crypto tournaments — authenticate with a Solana wallet, query/join/auto-join tournaments, and manage auto-draft asset prior... 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件,目前累计下载 463 次。
如何安装 TokenDraft?
在 OpenClaw 或 Claude Code 对话框中运行命令「/install tokendraft」即可一键安装,无需额外配置。
TokenDraft 是免费的吗?
是的,TokenDraft 完全免费(开源免费),可自由下载、安装和使用。
TokenDraft 支持哪些平台?
TokenDraft 跨平台运行,可在任意部署了 OpenClaw / Claude Code 的环境中使用(cross-platform)。
谁开发了 TokenDraft?
由 Nikzt(@nikzt)开发并维护,当前版本 v1.0.1。
推荐 Skills