← 返回 Skills 市场

Verdikta Bounties Onboarding

Name: Verdikta Bounties Onboarding
Author: nigelon11

作者 nigelon11 · GitHub ↗ · v1.4.1 · MIT-0

cross-platform ⚠ suspicious

561

总下载

当前安装

版本数

在 OpenClaw 中安装

/install verdikta-bounties-onboarding

功能描述

Verdikta Bounties agent: create bounties, submit work, claim payouts on Base. Requires: node, npm. Reads ~/.config/verdikta-bounties/.env (VERDIKTA_WALLET_PA...

安全使用建议

This skill legitimately needs access to an encrypted keystore and its password because it signs blockchain transactions autonomously — treat it like a hot-wallet tool. Before installing: (1) confirm the code comes from the Verdikta GitHub repo and the owner is trustworthy, (2) run first on testnet (VERDIKTA_NETWORK=base-sepolia) to validate behavior, (3) keep only small balances in the bot wallet and set up sweep rules, (4) inspect/configure VERDIKTA_BOUNTIES_BASE_URL and RPC URLs to ensure they point to the expected endpoints, and (5) review scripts that perform swaps or send transactions (e.g., swap_eth_to_link_0x.js, create_bounty.js, claim_bounty.js) so you understand when and how signing occurs. If you cannot audit the repo, do not put significant funds into the bot wallet.

功能分析

Type: OpenClaw Skill Name: verdikta-bounties-onboarding Version: 1.4.1 The skill bundle is a legitimate onboarding and operational toolkit for the Verdikta Bounties platform. It follows security best practices for local secret management, including the use of encrypted Ethereum keystores, restricted file permissions (0o600/0o700), and redaction of API keys in console output (scripts/_lib.js, onboard.js). Network activity is transparently documented and restricted to the platform's API, Base blockchain RPCs, and the 0x API for necessary token swaps. There is no evidence of malicious intent, data exfiltration, or harmful prompt injection.

能力标签

cryptorequires-walletcan-make-purchasescan-sign-transactions

能力评估

✓ Purpose & Capability

The name/description (create bounties, submit work, claim payouts) matches the code and SKILL.md. Required binaries (node, npm), env vars (wallet password, network, API base URL, keystore path) and referenced files are appropriate for an agent that creates on-chain bounties and signs transactions.

✓ Instruction Scope

Runtime instructions and scripts confine network calls to the configured Verdikta API base URL and the Base RPC (with an optional 0x API call for token swaps). The skill reads its own stable config (~/.config/verdikta-bounties/.env) and keystore as documented. It does not instruct reading unrelated system files or exfiltrating data to unexpected endpoints.

✓ Install Mechanism

There is no opaque download/install step in the skill bundle; installation guidance points to GitHub and `npm install` in the scripts directory (standard). That pulls dependencies from npm (expected). No direct arbitrary URL downloads or extract-from-unknown-host patterns were observed.

✓ Credentials

Requested environment variables (VERDIKTA_WALLET_PASSWORD, VERDIKTA_NETWORK, VERDIKTA_BOUNTIES_BASE_URL, VERDIKTA_KEYSTORE_PATH) are proportional and necessary: the skill must decrypt an encrypted keystore and know which API/RPC to use. No unrelated third-party credentials are requested. The primary credential being the wallet password is expected for an autonomous signing bot.

ℹ Persistence & Privilege

The skill stores and reads configs and API keys under ~/.config/verdikta-bounties (intended). It can autonomously sign and broadcast transactions using the decrypted keystore — a high-impact capability but coherent with the stated purpose. always:false (not force-included) and no evidence of modifying other skills were found.

如何使用

确保已安装 OpenClaw（本地或 Docker 部署）
在对话框中输入安装命令：/install verdikta-bounties-onboarding
安装完成后，直接呼叫该 Skill 的名称或使用 /verdikta-bounties-onboarding 触发
根据 Skill 的参数说明提供必要输入，即可获得结构化输出

版本历史

v1.4.1

verdikta-bounties-onboarding 1.4.1 - Documentation updated for clarity and completeness in SKILL.md and API references. - Maintainer and metadata details refreshed in _meta.json. - No breaking changes; functionality remains unchanged. - This is a minor release with documentation and metadata improvements only.

v1.4.0

**Summary:** Moves all agent config to `~/.config/verdikta-bounties/`, clarifies environment isolation, and improves security/documentation. - Agent config (.env, wallet, API key) now stored at `~/.config/verdikta-bounties/` for all agents/scripts, independent of install location. - Scripts and documentation updated to always read config from stable path, with fallback to scripts/.env for dev only. - Metadata and description clarified: only calls Verdikta API and Base RPC, 0x swap optionally on mainnet, no third-party data forwarding. - README and docs now clearly state not to use any other `.env` file. - Misc documentation and metadata cleanup for clarity and safer onboarding.

v1.3.0

**v1.3.0 adds explicit version, author, and links metadata to SKILL.md plus a new _meta.json file.** - Added version, author, homepage, and repository fields to SKILL.md. - Updated SKILL.md metadata section to use the openclaw block. - _meta.json file introduced for standardized skill metadata. - No changes to core functionality or scripts.

v1.2.0

verdikta-bounties-onboarding v1.2.0 - Added support for several new optional environment variables (e.g., BASE_RPC_URL, VERDIKTA_SECRETS_DIR, OFFBOT_ADDRESS) for enhanced configuration and control. - Updated documentation in SKILL.md to clarify .env loading behavior and prevent accidental environment variable contamination from unrelated sources. - Improved environment variable handling in scripts for safer and more flexible onboarding flows. - Removed deprecated script: export_private_key.js.

v1.1.0

No changes detected in this version. - No file changes between previous and current releases. - Documentation, onboarding steps, and scripts remain consistent. - Installation, security, and wallet/API key management unchanged.

v1.0.0

verdikta-bounties-onboarding 1.0.0 — Initial release - Onboard OpenClaw/AI agents to Verdikta Bounties with autonomous wallet creation, funding, and API integration. - Step-by-step guides and runnable scripts to: create a new crypto wallet, fund it, swap ETH to LINK on Base, optionally sweep excess ETH, and connect to the Verdikta Bounties Agent API. - Provides practical scripts (`preflight.js`, `create_bounty.js`, `submit_to_bounty.js`, `claim_bounty.js`) as wrappers for fast onboarding and routine operations. - Emphasizes documentation-first approach; manual flows are detailed for cases where scripts are unsuitable. - Clearly documents secure bot wallet management and API key usage. - Includes concise installation, configuration, and operating instructions for both OpenClaw and standalone environments.

元数据

Slug verdikta-bounties-onboarding

版本 1.4.1

许可证 MIT-0

累计安装 1

当前安装数 1

历史版本数 6

常见问题

Verdikta Bounties Onboarding 是什么？

Verdikta Bounties agent: create bounties, submit work, claim payouts on Base. Requires: node, npm. Reads ~/.config/verdikta-bounties/.env (VERDIKTA_WALLET_PA... 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件，目前累计下载 561 次。

如何安装 Verdikta Bounties Onboarding？

在 OpenClaw 或 Claude Code 对话框中运行命令「/install verdikta-bounties-onboarding」即可一键安装，无需额外配置。

Verdikta Bounties Onboarding 是免费的吗？

是的，Verdikta Bounties Onboarding 完全免费，采用 MIT-0 许可证，可自由下载、安装和使用。

Verdikta Bounties Onboarding 支持哪些平台？

Verdikta Bounties Onboarding 跨平台运行，可在任意部署了 OpenClaw / Claude Code 的环境中使用（cross-platform）。

谁开发了 Verdikta Bounties Onboarding？

由 nigelon11（@nigelon11）开发并维护，当前版本 v1.4.1。