← 返回 Skills 市场

usd1 transfer

Name: usd1 transfer
Author: asgherali

作者 AsgherAli · GitHub ↗ · v1.0.0

cross-platform ✓ 安全检测通过

1378

总下载

当前安装

版本数

在 OpenClaw 中安装

/install usd1

功能描述

Securely transfer USD1 (USDC on Wormhole) between wallets via Wormhole Liquidity Facility on Testnet, returning transaction hash and status.

安全使用建议

This skill appears to do what it says (transfer USD1 via Wormhole) but exercise caution before installing or running it with real funds: - Private key handling: the skill requires a raw privateKey input. Avoid pasting production private keys. Prefer a signing service, ephemeral/test keys, or hardware wallet integration rather than exposing raw keys to skills. - Test first: run only on testnet and with very small amounts until you verify behavior. SKILL.md says Testnet by default, but confirm runtime actually uses testnet endpoints in your environment. - Address format: double-check the recipient address encoding for the chosen chain (the code constructs a UniversalAddress with 'hex' which may be incorrect for some chains such as Solana). Sending to a malformed address can irreversibly lose funds. - Dependency/supply-chain risk: there is a package-lock with many npm dependencies (some with deprecation/security notes). Audit or vendor the dependencies and run dependency scanners before installing in sensitive environments. - Operational controls: restrict this skill to user-invoked use only (do not enable it to run autonomously), and review logs/outputs for unexpected network calls. If possible, require an explicit approval step before sending transactions. If you want, I can: (a) list the dependency warnings found in package-lock, (b) check the code for specific address-format fixes, or (c suggest a safer design that uses an external signer instead of raw private keys.

功能分析

Type: OpenClaw Skill Name: usd1 Version: 1.0.0 The skill bundle is classified as benign. The `SKILL.md` clearly outlines the purpose of transferring USD1 (USDC on Wormhole) and explicitly marks the `privateKey` input as 'secure', reinforcing safe handling by the agent. The `index.js` code implements this functionality directly using the `@wormhole-foundation/sdk` and `@wormhole-foundation/sdk-base` libraries, operating on the 'Testnet' as specified. There is no evidence of data exfiltration, malicious execution, persistence mechanisms, or prompt injection attempts against the agent. Dependencies listed in `package-lock.json` are extensive but appear to be legitimate components of a multi-chain blockchain SDK.

能力评估

✓ Purpose & Capability

The skill name/SKILL.md describe a USD1 (Wormhole/USDC) transfer and the index.js implements a transfer using the Wormhole SDK. Required input (private key, amount, recipient) is consistent with a wallet transfer. Minor implementation issues (address format and numeric conversion) are present but do not indicate misalignment with the stated purpose.

ℹ Instruction Scope

SKILL.md confines behavior to performing a transfer and asks for the sender private key as a secure input. The runtime code only uses provided inputs and the Wormhole SDK; it does not read other files or unrelated environment variables. Note: instructions require direct private key input (raw key material), which expands the attacker surface if mishandled.

ℹ Install Mechanism

No install spec is provided (instruction-only), but a package.json and package-lock exist listing @wormhole-foundation/* and many third-party npm deps. There is no direct download-from-URL risk, but a dependency-heavy npm tree increases supply-chain risk and includes packages with deprecation/security notes (see guidance).

✓ Credentials

No environment variables or external credentials are requested beyond the sender private key (provided as a secure input), which is proportionate for a wallet transfer. The skill does not demand unrelated secrets or system credentials.

✓ Persistence & Privilege

The skill does not request always:true, does not declare system-wide config changes, and appears not to persist or escalate privileges. Agent autonomous invocation remains enabled by default (platform behavior) but is not requested by the skill itself.

如何使用

确保已安装 OpenClaw（本地或 Docker 部署）
在对话框中输入安装命令：/install usd1
安装完成后，直接呼叫该 Skill 的名称或使用 /usd1 触发
根据 Skill 的参数说明提供必要输入，即可获得结构化输出

版本历史

v1.0.0

USD1 WLF Transfer Skill 1.0.0 – Initial release - Securely transfer USD1 (USDC on Wormhole) between wallets using Wormhole Liquidity Facility. - Supports checking sender wallet balance (optional). - Returns transaction hash, status, and descriptive message after a transfer. - Operates on Testnet by default for enhanced safety. - Requires amount, recipient address, and sender private key as input. Chain selection is optional.

元数据

Slug usd1

版本 1.0.0

许可证 —

累计安装 0

当前安装数 0

历史版本数 1

常见问题

usd1 transfer 是什么？

Securely transfer USD1 (USDC on Wormhole) between wallets via Wormhole Liquidity Facility on Testnet, returning transaction hash and status. 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件，目前累计下载 1378 次。

如何安装 usd1 transfer？

在 OpenClaw 或 Claude Code 对话框中运行命令「/install usd1」即可一键安装，无需额外配置。

usd1 transfer 是免费的吗？

是的，usd1 transfer 完全免费（开源免费），可自由下载、安装和使用。

usd1 transfer 支持哪些平台？

usd1 transfer 跨平台运行，可在任意部署了 OpenClaw / Claude Code 的环境中使用（cross-platform）。

谁开发了 usd1 transfer？

由 AsgherAli（@asgherali）开发并维护，当前版本 v1.0.0。