← 返回 Skills 市场
243
总下载
0
收藏
0
当前安装
1
版本数
在 OpenClaw 中安装
/install use-usdc
功能描述
USDC is Circle's stablecoin deployed across multiple blockchain ecosystems including EVM chains (Ethereum, Base, Arbitrum, Polygon, Arc) and Solana. Use this...
安全使用建议
This skill appears to implement legitimate USDC operations for EVM and Solana, but it has an important mismatch: the documentation and examples expect you to provide private keys (via PRIVATE_KEY or SOLANA_PRIVATE_KEY env vars or local files), yet the skill metadata declares no required credentials. Before installing or using it: (1) do not paste your main/private keys into an untrusted agent — prefer hardware wallets, wallet-connect flows, or ephemeral/testnet keys; (2) insist the skill metadata be updated to explicitly declare required env vars/credential usage so you know what will be requested; (3) test all flows on testnets and faucets first; (4) prefer storing secrets in a secrets manager, not plaintext files, and verify any suggested file paths and .gitignore guidance; (5) review any npm packages the agent will install (viem, @solana/kit) and the exact RPC endpoints used (ensure they are official or self-hosted) to avoid accidental exfiltration. If you want, ask the skill author to add explicit metadata listing PRIVATE_KEY / SOLANA_PRIVATE_KEY and to provide optional hardware-wallet or signing-provider options instead of raw private-key instructions.
功能分析
Type: OpenClaw Skill
Name: use-usdc
Version: 0.1.0
The skill provides instructions for an AI agent to perform USDC transactions on EVM and Solana chains. While it includes defensive security rules and requires user confirmation for write operations, it explicitly guides the agent to read private keys from environment variables and specific filesystem paths like `~/.ethereum/keys/` and `~/.solana/keys/` in `references/evm.md` and `references/solana.md`. This represents a high-risk capability that could be leveraged for credential exfiltration if the agent's instructions are subverted via prompt injection, although no clear malicious intent is present in the provided code logic.
能力评估
Purpose & Capability
The skill's name and description (interact with USDC on EVM and Solana) match the code patterns in the guidance (balance checks, transfers, approvals). Recommending viem and @solana/kit is proportionate for the stated functionality. However, the skill metadata declares no required credentials while the runtime instructions clearly expect private keys for write operations — an inconsistency worth noting.
Instruction Scope
SKILL.md and the reference files explicitly instruct the agent to read environment variables (PRIVATE_KEY, SOLANA_PRIVATE_KEY) and local files under user home paths (~/.ethereum/keys/*, ~/.solana/keys/*). Those actions go beyond purely read-only queries and involve handling private keys. The metadata did not declare these env vars or file access patterns. While the file reads are necessary for write operations, the agent instructions do not restrict or limit when/how secrets are accessed (e.g., they allow file reads and env reads without metadata disclosure).
Install Mechanism
This is an instruction-only skill with no install spec, which is lowest-risk from an automatic-install perspective. It recommends installing npm packages (viem, @solana/kit, @solana-program/token, etc.), which is expected for this functionality and not disproportionate.
Credentials
The references require sensitive secrets for write operations (PRIVATE_KEY and SOLANA_PRIVATE_KEY or file copies). The skill metadata lists no required env vars or primary credential, so a user may not realize they must supply private keys. Requesting raw private keys (or instructions to store them in plaintext files) is high-risk unless explicit safeguards are used (hardware wallets, ephemeral keys, or a secrets manager).
Persistence & Privilege
The skill is not always-enabled and allows user invocation only. It does not request persistent system-wide privileges or claim to modify other skills' configs. That's appropriate for its purpose.
如何使用
- 确保已安装 OpenClaw(本地或 Docker 部署)
- 在对话框中输入安装命令:
/install use-usdc - 安装完成后,直接呼叫该 Skill 的名称或使用
/use-usdc触发 - 根据 Skill 的参数说明提供必要输入,即可获得结构化输出
版本历史
v0.1.0
use-usdc v0.1.0 – Initial release
- Enables USDC balance checks, transfers, approvals, and transaction verification on both EVM-compatible blockchains (Ethereum, Base, Arbitrum, Polygon, etc.) and Solana.
- Provides quick-reference USDC contract and mint addresses for supported mainnets and testnets.
- Details best practices and security rules for interacting with USDC on-chain.
- Offers clear setup and per-ecosystem implementation guidelines, including key differences between EVM and Solana.
- Lists alternatives for bridging or unified multi-chain USDC operations.
元数据
常见问题
Use Usdc 是什么?
USDC is Circle's stablecoin deployed across multiple blockchain ecosystems including EVM chains (Ethereum, Base, Arbitrum, Polygon, Arc) and Solana. Use this... 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件,目前累计下载 243 次。
如何安装 Use Usdc?
在 OpenClaw 或 Claude Code 对话框中运行命令「/install use-usdc」即可一键安装,无需额外配置。
Use Usdc 是免费的吗?
是的,Use Usdc 完全免费,采用 MIT-0 许可证,可自由下载、安装和使用。
Use Usdc 支持哪些平台?
Use Usdc 跨平台运行,可在任意部署了 OpenClaw / Claude Code 的环境中使用(cross-platform)。
谁开发了 Use Usdc?
由 Madelyn(@mscandlen3)开发并维护,当前版本 v0.1.0。
推荐 Skills