← 返回 Skills 市场
akshat-mishra101

WachAI-x402

作者 Akshat-Mishra101 · GitHub ↗ · v1.0.2
cross-platform ⚠ suspicious
1042
总下载
2
收藏
0
当前安装
3
版本数
在 OpenClaw 中安装
/install wachai-x402
功能描述
DeFi risk analysis toolkit powered by WACH.AI via x402 payments using AWAL wallet custody. Use when the user asks to check if a token is safe, assess DeFi ri...
安全使用建议
This skill is internally consistent for a paid DeFi risk tool that charges via an AWAL wallet, but check a few practical points before installing/using: 1) Confirm you have the AWAL CLI installed from the vendor's official source and that you trust the domain https://x402.wach.ai. 2) The skill will attempt on‑chain queries and make an external API call and a charged payment (0.01 USDC on Base) from your AWAL wallet — ensure you understand and authorize this. 3) Do not provide private keys, seed phrases, or local wallet files; the skill explicitly forbids them. 4) SKILL.md references an npm package (@quillai-network/x402-wach) but no install mechanism is provided — if you want programmatic usage, obtain the package from a trusted registry and verify its provenance. 5) Monitor your AWAL balance and payment receipts and verify any failed payment diagnostics the skill surfaces. If you need higher assurance, ask the publisher for a homepage, source repo, or verifiable release artifacts before use.
功能分析
Type: OpenClaw Skill Name: wachai-x402 Version: 1.0.2 The skill is classified as suspicious due to the potential for shell injection (RCE) via user-provided inputs to shell commands specified in `SKILL.md`. Instructions like `x402-wach wallet login <EMAIL>` and `x402-wach verify-risk <TOKEN_ADDRESS> <CHAIN_SHORT_NAME>` pass user-controlled data directly to the shell. If the OpenClaw agent does not rigorously sanitize these inputs, an attacker could inject arbitrary commands. While the `SKILL.md` includes strong 'Hard Rules' and 'Absolute Prohibitions' aimed at preventing malicious agent behavior (e.g., no secret exposure, no silent spend cap increase), the underlying command execution pattern presents a significant vulnerability.
能力评估
Purpose & Capability
The name/description, payment model (0.01 USDC on Base), AWAL custody requirement, and required runtime (Node.js/npm, AWAL CLI) align with a third‑party DeFi analysis tool that performs paid queries. No unrelated credentials or system-level access are requested.
Instruction Scope
SKILL.md instructs the agent to run AWAL/x402-wach CLI commands (setup, login/verify, balance, verify-risk) and to call an external API endpoint. The instructions explicitly prohibit asking for private keys and local wallet files, which reduces risk. Minor note: SKILL.md also shows a programmatic npm import (@quillai-network/x402-wach) but the skill provides no install spec — the skill expects a runtime environment with Node/npm and AWAL already available.
Install Mechanism
No install spec is present and there are no code files — this is an instruction-only skill. That is lower risk than an install that downloads or extracts arbitrary code. The requirement that Node/npm and AWAL be present is reasonable for the described JS client/CLI usage, though users should ensure AWAL and any npm packages come from trusted sources.
Credentials
The skill does not request environment variables, secret tokens, or access to unrelated services. It uses the user's AWAL-managed wallet for payments, which is proportionate to a paid analysis service. The skill's explicit prohibitions on private keys/seeds are appropriate.
Persistence & Privilege
always:false and normal autonomous invocation settings are used. The skill does not request persistent system-wide privileges or modification of other skills. There is no evidence it would persistently alter agent configuration.
如何使用
  1. 确保已安装 OpenClaw(本地或 Docker 部署)
  2. 在对话框中输入安装命令:/install wachai-x402
  3. 安装完成后,直接呼叫该 Skill 的名称或使用 /wachai-x402 触发
  4. 根据 Skill 的参数说明提供必要输入,即可获得结构化输出
版本历史
v1.0.2
**x402-wach 1.0.2 Changelog** - Migrated to AWAL custodial wallets; dropped support for local key files and direct private key handling. - Updated setup flow: users must use AWAL authentication and wallet management; legacy wallet instructions removed. - New safety guardrails added: tool will not request secrets, expose key material, or suggest manual wallet file management. - All usage, readiness, payment, and error handling now depend on AWAL status and authentication. - Payment cap enforced at 10,000 atomic USDC ($0.01) per request by default; can’t be raised except by explicit user action. - All analysis outputs include a TokenSense report link when possible; raw output errors are no longer suppressed.
v1.0.1
Initial release of x402-wach — DeFi risk analysis toolkit powered by WACH.AI, with x402 payment integration. - Automatically assesses ERC-20 and Solana SPL token risk (safety, honeypot status, liquidity, whales, code security) on Ethereum, Polygon, Base, BSC, and Solana. - CLI and Node.js/TypeScript SDK: installable with npm, supports wallet creation/import, and automatic 0.01 USDC per-query payment via x402 on Base. - Provides detailed risk reports: market, holders, liquidity, code, and social/community data. - Includes robust input validation and error handling for addresses, wallets, payments, and supported chains. - Easy programmatic use and CLI commands for setup, wallet management, and risk analysis.
v1.0.0
- Initial release of x402-wach: a DeFi risk analysis toolkit powered by WACH.AI and the x402 payment protocol. - Supports ERC-20 (Ethereum, Polygon, Base, BSC) and Solana SPL token risk analysis. - Provides CLI commands for token risk checks, wallet management, and setup guidance. - Each token analysis costs 0.01 USDC via automatic x402 payments on Base. - Reports include risk scores, liquidity, holder distribution, contract vulnerabilities, honeypot checks, and market data. - Validates addresses and chain selection client-side, and provides clear error messages for common setup and usage issues.
元数据
Slug wachai-x402
版本 1.0.2
许可证
累计安装 0
当前安装数 0
历史版本数 3
常见问题

WachAI-x402 是什么?

DeFi risk analysis toolkit powered by WACH.AI via x402 payments using AWAL wallet custody. Use when the user asks to check if a token is safe, assess DeFi ri... 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件,目前累计下载 1042 次。

如何安装 WachAI-x402?

在 OpenClaw 或 Claude Code 对话框中运行命令「/install wachai-x402」即可一键安装,无需额外配置。

WachAI-x402 是免费的吗?

是的,WachAI-x402 完全免费(开源免费),可自由下载、安装和使用。

WachAI-x402 支持哪些平台?

WachAI-x402 跨平台运行,可在任意部署了 OpenClaw / Claude Code 的环境中使用(cross-platform)。

谁开发了 WachAI-x402?

由 Akshat-Mishra101(@akshat-mishra101)开发并维护,当前版本 v1.0.2。

推荐 Skills
self-improving agent
Captures learnings, errors, and corrections to enable continuous improvement. Use when: (1) A command or operation fails unexpectedly, (2) User corrects Clau...
⬇ 463368 · by pskoett
Skill Vetter
Security-first skill vetting for AI agents. Use before installing any skill from ClawdHub, GitHub, or other sources. Checks for red flags, permission scope, and suspicious patterns.
⬇ 259467 · by spclaudehome
Polymarket
Query Polymarket prediction markets. Check odds, find trending markets, search events, track price movements.
⬇ 232503 · by joelchance
Self-Improving + Proactive Agent
Self-reflection + Self-criticism + Self-learning + Self-organizing memory. Agent evaluates its own work, catches mistakes, and improves permanently. Use when...
⬇ 200457 · by ivangdavila
Github
Interact with GitHub using the `gh` CLI. Use `gh issue`, `gh pr`, `gh run`, and `gh api` for issues, PRs, CI runs, and advanced queries.
⬇ 191163 · by steipete
ontology
Typed knowledge graph for structured agent memory and composable skills. Use when creating/querying entities (Person, Project, Task, Event, Document), linkin...
⬇ 190189 · by oswalpalash

💬 留言讨论