← 返回 Skills 市场
droppingbeans

Trust Escrow

作者 droppingbeans · GitHub ↗ · v1.0.0
cross-platform ⚠ suspicious
1481
总下载
1
收藏
1
当前安装
1
版本数
在 OpenClaw 中安装
/install trust-escrow
功能描述
Create and manage USDC escrows for agent-to-agent payments on Base Sepolia. 30% gas savings, batch operations, dispute resolution.
安全使用建议
Before installing or using this skill: 1) Treat the skill as requiring transaction signing even though it doesn't declare credentials — do NOT paste private keys into the agent. Use an external signer (hardware wallet, WalletConnect, or an ephemeral signing service) if you intend to interact. 2) Verify the contract and USDC token addresses on a block explorer and review the escrow contract source yourself (or ask the author for verified source). 3) Confirm the skill's provenance: who published it, and does the web app/agent docs belong to a reputable project? 4) If you must test, use a throwaway account with minimal funds on the Sepolia testnet first. 5) Prefer skills that explicitly declare credential needs and recommend secure signing flows; if the agent will ever have signing power, restrict autonomous invocation or require explicit user approval for transactions.
功能分析
Type: OpenClaw Skill Name: trust-escrow Version: 1.0.0 The skill bundle describes a legitimate decentralized application for managing USDC escrows on Base Sepolia. It provides clear instructions and code examples for interacting with a smart contract using standard web3 libraries (viem). There is no evidence of prompt injection, data exfiltration, malicious execution, or persistence mechanisms. While the skill requires access to a private key for blockchain transactions, this is inherent to its stated purpose and not an attempt to steal credentials. All external links point to a Vercel-hosted web app, GitHub repository, or a block explorer, which are common for dApp projects, and none are instructed to be executed by the agent.
能力评估
Purpose & Capability
Name, description, and SKILL.md functions (create/release/autoRelease/dispute, batch ops) align with an on-chain USDC escrow contract on Base Sepolia. Contract and token addresses, RPC, and code examples are consistent with the stated purpose.
Instruction Scope
The SKILL.md contains concrete wallet code that requires a raw private key (privateKeyToAccount('0xYOUR_PRIVATE_KEY')) and shows writeContract calls. It does not instruct safe signing practices (e.g., external signer, hardware wallet, WalletConnect) and gives no constraints on where the private key comes from. That creates a real risk that an agent following these instructions could request, store, or transmit private keys. The doc links to external web apps (vercel.app) and an 'agent-info' page — these could be legitimate integration docs but are external endpoints the agent might contact; the SKILL.md does not specify or limit what agent-supplied data to send to those endpoints.
Install Mechanism
Instruction-only skill with no install spec and no code files — low install risk because nothing is written to disk by an installer. The scanner had no code to analyze.
Credentials
The skill declares no required environment variables or primary credential, yet its examples require a signing key (private key) and use an RPC endpoint. The implicit need for a private key (or other signer) is not declared nor constrained — a mismatch that could lead to insecure practices (pasting private keys into the agent).
Persistence & Privilege
always:false (normal). The skill allows autonomous invocation by default (platform default). While that alone is not a problem, autonomous invocation combined with access to a user's private key would be high-risk — the SKILL.md does not prevent the agent from performing on-chain writes if it obtains signing credentials.
如何使用
  1. 确保已安装 OpenClaw(本地或 Docker 部署)
  2. 在对话框中输入安装命令:/install trust-escrow
  3. 安装完成后,直接呼叫该 Skill 的名称或使用 /trust-escrow 触发
  4. 根据 Skill 的参数说明提供必要输入,即可获得结构化输出
版本历史
v1.0.0
Initial release: Production-ready escrow for agent-to-agent USDC payments on Base Sepolia. 30% gas savings, batch operations, dispute resolution.
元数据
Slug trust-escrow
版本 1.0.0
许可证
累计安装 1
当前安装数 1
历史版本数 1
常见问题

Trust Escrow 是什么?

Create and manage USDC escrows for agent-to-agent payments on Base Sepolia. 30% gas savings, batch operations, dispute resolution. 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件,目前累计下载 1481 次。

如何安装 Trust Escrow?

在 OpenClaw 或 Claude Code 对话框中运行命令「/install trust-escrow」即可一键安装,无需额外配置。

Trust Escrow 是免费的吗?

是的,Trust Escrow 完全免费(开源免费),可自由下载、安装和使用。

Trust Escrow 支持哪些平台?

Trust Escrow 跨平台运行,可在任意部署了 OpenClaw / Claude Code 的环境中使用(cross-platform)。

谁开发了 Trust Escrow?

由 droppingbeans(@droppingbeans)开发并维护,当前版本 v1.0.0。

推荐 Skills
self-improving agent
Captures learnings, errors, and corrections to enable continuous improvement. Use when: (1) A command or operation fails unexpectedly, (2) User corrects Clau...
⬇ 463283 · by pskoett
Skill Vetter
Security-first skill vetting for AI agents. Use before installing any skill from ClawdHub, GitHub, or other sources. Checks for red flags, permission scope, and suspicious patterns.
⬇ 259410 · by spclaudehome
Polymarket
Query Polymarket prediction markets. Check odds, find trending markets, search events, track price movements.
⬇ 232503 · by joelchance
Self-Improving + Proactive Agent
Self-reflection + Self-criticism + Self-learning + Self-organizing memory. Agent evaluates its own work, catches mistakes, and improves permanently. Use when...
⬇ 200423 · by ivangdavila
Github
Interact with GitHub using the `gh` CLI. Use `gh issue`, `gh pr`, `gh run`, and `gh api` for issues, PRs, CI runs, and advanced queries.
⬇ 191115 · by steipete
ontology
Typed knowledge graph for structured agent memory and composable skills. Use when creating/querying entities (Person, Project, Task, Event, Document), linkin...
⬇ 190156 · by oswalpalash

💬 留言讨论