← 返回 Skills 市场
pewpewgogo

Tongateway

作者 Volodya Plotvinov · GitHub ↗ · v0.9.3 · MIT-0
cross-platform ⚠ suspicious
106
总下载
0
收藏
0
当前安装
4
版本数
在 OpenClaw 中安装
/install tongateway
功能描述
Access TON blockchain tools to check wallet info, tokens, send transfers, resolve .ton names, trade on DEX, and manage autonomous agent wallets.
安全使用建议
This skill appears to implement a legitimate TON agent gateway, but there are some practical safety gaps you should consider before installing: - Files written/read: SKILL.md and SECURITY.md say the skill stores a session JWT at ~/.tongateway/token and (only if you deploy an agent wallet) signing keys in ~/.tongateway/wallets.json. These paths were not declared in the registry metadata — expect local files to be created and readable by the agent process. - Autonomous wallet risk: The agent can deploy an 'Agent Wallet' that can sign and send transactions without phone approval. Only deploy and fund such an agent wallet with money you can afford to lose, and only after auditing the contract/agent code. - npx fetch: The recommended runtime is 'npx -y @tongateway/mcp' which downloads and runs an npm package. If you prefer to reduce risk, clone the GitHub repo and build/run the server locally or run it in a sandbox (VM or container) and inspect the code first. - Verify sources: The SKILL.md/README include GitHub and npm links — verify the package on npm matches the GitHub repo, and review the code (especially wallet key handling and any network endpoints). Confirm the API URL (AGENT_GATEWAY_API_URL) points to the expected domain. - Operational mitigations: use minimal funding for any agent wallets, revoke session tokens from the dashboard if needed, run the MCP server in a sandbox, and do not store large balances under the agent-managed wallet. If you want a higher-confidence verdict, provide the npm package tarball or the mcp repository contents for code-level review so you can confirm how tokens and agent keys are handled.
功能分析
Type: OpenClaw Skill Name: tongateway Version: 0.9.3 The skill bundle provides tools for TON blockchain interaction, including a high-risk 'autonomous mode' (agent_wallet.transfer) that allows the AI to execute transactions without per-action user approval. While the documentation in SKILL.md and SECURITY.md is transparent about the risks and uses a dedicated contract model to limit exposure, the capability to move funds autonomously and the storage of signing keys in ~/.tongateway/wallets.json are significant high-risk behaviors. The installation also relies on npx execution of the @tongateway/mcp package, which is standard for MCP servers but requires trust in the @tongateway npm scope.
能力评估
Purpose & Capability
Name/description align with the instructions: tools to read wallet state, resolve .ton domains, request transfers, place DEX orders, and optionally deploy autonomous agent wallets. The functions requested (including agent_wallet.*) are coherent with the stated purpose.
Instruction Scope
SKILL.md instructs the agent to run 'npx -y @tongateway/mcp' and describes persistent files (~/.tongateway/token and ~/.tongateway/wallets.json). The registry metadata declared no required config paths or env vars, yet the instructions explicitly read/write home-directory files and suggest an AGENT_GATEWAY_API_URL env in examples. The skill's instructions therefore access filesystem locations that were not declared to the registry and grant the agent discretion to deploy an autonomous wallet (which can sign and spend from that wallet).
Install Mechanism
There is no install spec in the registry (instruction-only), but SKILL.md and README recommend running via 'npx @tongateway/mcp', which will fetch code from npm at runtime. Using npx is common for MCP servers but does pull and execute code from the npm registry; the package and GitHub links are provided so users can audit or build locally. This is standard but not risk-free.
Credentials
Registry metadata lists no required env vars or config paths, yet the README and SKILL.md reference AGENT_GATEWAY_API_URL (as an environment override) and persistent files under ~/.tongateway (token JWT and agent wallet signing keys). Storing agent wallet signing keys in ~/.tongateway/wallets.json is particularly sensitive; the skill will create/read these files if agent wallets are deployed. The declared 'no env/config' footprint is therefore incomplete.
Persistence & Privilege
The skill does not request 'always:true' and is user-invocable only. However it persists a session token across restarts and (optionally) creates wallet signing-key files for agent wallets. Autonomous transfers are possible but only via an opt-in 'Agent Wallet' that the user must deploy and fund. This combination is operationally powerful and should be treated as potentially dangerous if the user enables agent wallets or grants long-lived tokens.
如何使用
  1. 确保已安装 OpenClaw(本地或 Docker 部署)
  2. 在对话框中输入安装命令:/install tongateway
  3. 安装完成后,直接呼叫该 Skill 的名称或使用 /tongateway 触发
  4. 根据 Skill 的参数说明提供必要输入,即可获得结构化输出
版本历史
v0.9.3
- Added a new README.md file for additional documentation. - No changes to functionality or features. - Existing documentation in SKILL.md remains unchanged.
v0.9.2
- Initial skill files and project structure added. - Added SECURITY.md link and section to documentation. - Improved usage examples (DEX order example uses a smaller amount). - No breaking changes to existing API or tools.
v0.9.1
- Tool/function names have changed to namespace-based (e.g. wallet.info, transfer.request, agent_wallet.deploy). - Updated usage examples and docs to reflect new tool names and parameters. - DEX order price is now human-readable instead of nanoTON. - Added token decimal clarification for major supported tokens. - Minor documentation improvements for clarity and consistency.
v0.9.0
- Introduced the Agent Gateway with 16 tools for interacting with the TON blockchain. - Added wallet tools: view balances, tokens, NFTs, and transaction history. - Enabled safe transfers (with user approval), including .ton domain resolution. - Added DEX tools to place and manage limit orders. - Introduced autonomous agent wallets for direct transfers without approval. - Improved authentication flow and persistent token management. - Provided usage examples and important safety notes for users.
元数据
Slug tongateway
版本 0.9.3
许可证 MIT-0
累计安装 0
当前安装数 0
历史版本数 4
常见问题

Tongateway 是什么?

Access TON blockchain tools to check wallet info, tokens, send transfers, resolve .ton names, trade on DEX, and manage autonomous agent wallets. 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件,目前累计下载 106 次。

如何安装 Tongateway?

在 OpenClaw 或 Claude Code 对话框中运行命令「/install tongateway」即可一键安装,无需额外配置。

Tongateway 是免费的吗?

是的,Tongateway 完全免费,采用 MIT-0 许可证,可自由下载、安装和使用。

Tongateway 支持哪些平台?

Tongateway 跨平台运行,可在任意部署了 OpenClaw / Claude Code 的环境中使用(cross-platform)。

谁开发了 Tongateway?

由 Volodya Plotvinov(@pewpewgogo)开发并维护,当前版本 v0.9.3。

推荐 Skills
self-improving agent
Captures learnings, errors, and corrections to enable continuous improvement. Use when: (1) A command or operation fails unexpectedly, (2) User corrects Clau...
⬇ 463283 · by pskoett
Skill Vetter
Security-first skill vetting for AI agents. Use before installing any skill from ClawdHub, GitHub, or other sources. Checks for red flags, permission scope, and suspicious patterns.
⬇ 259410 · by spclaudehome
Polymarket
Query Polymarket prediction markets. Check odds, find trending markets, search events, track price movements.
⬇ 232503 · by joelchance
Self-Improving + Proactive Agent
Self-reflection + Self-criticism + Self-learning + Self-organizing memory. Agent evaluates its own work, catches mistakes, and improves permanently. Use when...
⬇ 200423 · by ivangdavila
Github
Interact with GitHub using the `gh` CLI. Use `gh issue`, `gh pr`, `gh run`, and `gh api` for issues, PRs, CI runs, and advanced queries.
⬇ 191115 · by steipete
ontology
Typed knowledge graph for structured agent memory and composable skills. Use when creating/querying entities (Person, Project, Task, Event, Document), linkin...
⬇ 190156 · by oswalpalash

💬 留言讨论