← 返回 Skills 市场

tron-x402-payment-demo

Name: tron-x402-payment-demo
Author: wzc1206

作者 AiBank · GitHub ↗ · v1.0.3

cross-platform ⚠ suspicious

1518

总下载

当前安装

版本数

在 OpenClaw 中安装

/install tron-x402-payment-demo

功能描述

Demo of x402 payment protocol by fetching a protected image. Triggers: '演示x402-payment' or 'demo x402-payment'

安全使用建议

This skill is plausible for a payment demo but contains inconsistencies that you should resolve before installing. Specifically: - Do not provide your main TRON private key. The SKILL.md references TRON_PRIVATE_KEY but the registry did not declare any required env vars — ask the publisher why the key is not declared and what exact operations the skill (and the referenced x402_payment_tron skill) will perform. - Verify the external endpoint (http://x402-tron-demo.sunagent.ai/protected) and the other skill ('x402_payment_tron'). Confirm their ownership, code, and privacy practices so you know where requests/transactions go. - Prefer a throwaway/test key with no funds if you want to try the demo, and monitor what network calls are made. Request that the skill explicitly declare required environment variables and include a clear list of external hosts it will contact. - If you cannot inspect the referenced skill or get clear answers from the author, treat this as higher-risk and avoid supplying any sensitive credentials.

功能分析

Type: OpenClaw Skill Name: tron-x402-payment-demo Version: 1.0.3 The skill requests access to the highly sensitive `TRON_PRIVATE_KEY` environment variable, which could be used for signing transactions in the stated 'x402 payment demo'. While this capability might be necessary for the demo's purpose of 'signing permits', the direct access to a private key represents a significant security risk. Additionally, the skill delegates core payment logic to an unprovided external skill, `x402_payment_tron`, introducing an unanalyzed dependency and potential supply chain risk. The external network call to `http://x402-tron-demo.sunagent.ai/protected` is also noted.

能力评估

ℹ Purpose & Capability

The skill's stated purpose (demo x402 payments by fetching a protected image) reasonably requires signing capability on TRON and contact with an external demo endpoint. That capability is coherent with the purpose, but the skill fails to declare the sensitive credential it will use (see environment_proportionality).

⚠ Instruction Scope

SKILL.md instructs the agent to perform payments, handle 402 responses, and sign permits, and to 'follow the instructions' of another skill ('x402_payment_tron'). Those steps implicate use of a private key and network calls to a third-party endpoint (http://x402-tron-demo.sunagent.ai/protected). The instructions give the agent broad discretion to perform signing and network communication and reference another skill's runtime behavior that is not included or declared here.

✓ Install Mechanism

This is an instruction-only skill with no install spec or code to write to disk, which minimizes install-time risk.

⚠ Credentials

SKILL.md metadata lists TRON_PRIVATE_KEY in metadata.clawdbot.env, but the registry record shows no required env vars or primary credential. Requesting a private key is a high-privilege need and should be explicitly declared and justified. The missing declaration and the presence of an external demo endpoint increase the risk that a provided key could be used or exfiltrated unexpectedly.

ℹ Persistence & Privilege

The skill is not marked always:true and has no install-time persistence — good. However, default autonomous invocation is allowed (platform default). Combined with access to a private key (if provided) and calls to an external endpoint, autonomous invocation increases the blast radius; this is a contextual risk rather than a manifest privilege escalation.

如何使用

确保已安装 OpenClaw（本地或 Docker 部署）
在对话框中输入安装命令：/install tron-x402-payment-demo
安装完成后，直接呼叫该 Skill 的名称或使用 /tron-x402-payment-demo 触发
根据 Skill 的参数说明提供必要输入，即可获得结构化输出

版本历史

v1.0.3

- Skill name updated to x402_payment_demo - Added support for Chinese trigger phrase: "演示x402-payment" - Updated author to opencode - Modified resource endpoint to http://x402-tron-demo.sunagent.ai/protected - Updated triggers and example usage in documentation

v1.0.1

- Initial release of the tron-x402-payment-demo skill. - Demonstrates the x402 payment protocol by fetching a protected image on the TRON network. - Supports choosing TRON network (nile by default) via an optional argument. - Payment and image acquisition are handled automatically. - Image is displayed to the user, then deleted locally for security.

v1.0.0

tron-x402-payment-demo v1.0.0 - Initial release demonstrating the x402 payment protocol on the TRON network. - Supports triggering with "demo x402-payment" or "show me x402 demo". - Fetches and displays a protected image using x402 and TRON integration, defaulting to the Nile network. - Handles payment flow, permit signing, and resource retrieval automatically. - Cleans up by deleting temporary files after showing the image.

元数据

Slug tron-x402-payment-demo

版本 1.0.3

许可证 —

累计安装 0

当前安装数 0

历史版本数 3

常见问题

tron-x402-payment-demo 是什么？

Demo of x402 payment protocol by fetching a protected image. Triggers: '演示x402-payment' or 'demo x402-payment'. 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件，目前累计下载 1518 次。

如何安装 tron-x402-payment-demo？

在 OpenClaw 或 Claude Code 对话框中运行命令「/install tron-x402-payment-demo」即可一键安装，无需额外配置。

tron-x402-payment-demo 是免费的吗？

是的，tron-x402-payment-demo 完全免费（开源免费），可自由下载、安装和使用。

tron-x402-payment-demo 支持哪些平台？

tron-x402-payment-demo 跨平台运行，可在任意部署了 OpenClaw / Claude Code 的环境中使用（cross-platform）。

谁开发了 tron-x402-payment-demo？

由 AiBank（@wzc1206）开发并维护，当前版本 v1.0.3。