← 返回 Skills 市场
richard7463

Wallet Twin Court

作者 richard7463 · GitHub ↗ · v1.0.1 · MIT-0
cross-platform ⚠ suspicious
113
总下载
0
收藏
0
当前安装
2
版本数
在 OpenClaw 中安装
/install wallet-twin-court
功能描述
Use this skill when the user wants to put a Solana wallet on trial, identify the action most likely to cause regret tomorrow, return a verdict, and only then...
安全使用建议
This skill is coherent with its stated goal of producing a pre‑trade verdict for a Solana wallet, but it sends the wallet address to a third‑party endpoint you may not control. Before installing or invoking it, confirm: (1) Who operates https://todays-orders.vercel.app and what is their privacy/data retention policy? (2) Does your platform already provide the 'OKX OnchainOS' connector the skill expects, and will any signing/broadcast require your explicit confirmation? (3) Test the skill with an empty/throwaway wallet address first. If you plan to use a real wallet, never allow the skill to perform broadcasts unless you explicitly approve the exact signed transaction; prefer preparing previews locally and signing in your own wallet interface. If you cannot verify the court endpoint operator or you are concerned about exposing wallet addresses, do not use this skill with production funds.
功能分析
Type: OpenClaw Skill Name: wallet-twin-court Version: 1.0.1 The skill is classified as suspicious due to a potential shell injection vulnerability in the SKILL.md file. The instructions direct the AI agent to construct a shell command using a user-provided wallet address without explicit sanitization, which could allow for arbitrary command execution if a malicious address (e.g., containing backticks or subshells) is provided. Additionally, the skill transmits wallet addresses to an external third-party endpoint (https://todays-orders.vercel.app/api/todays-orders), which, while aligned with the stated purpose of providing a 'wallet court' analysis, constitutes data exfiltration of user-identifiable blockchain information.
能力评估
Purpose & Capability
The skill's stated purpose is to judge a Solana wallet and produce a single verdict; the SKILL.md stays on that topic. However it explicitly expects an 'OKX OnchainOS' factual layer (Wallet/Market/Trade/Broadcast) without declaring any credentials or dependency; this is an implicit runtime dependency rather than an explicit requirement. That mismatch is plausible if the agent platform already provides OnchainOS, but it should be documented.
Instruction Scope
Runtime instructions require POSTing the wallet address to a public endpoint (https://todays-orders.vercel.app/api/todays-orders) and basing the court verdict on the returned JSON. Sending wallet addresses to an external third party is a clear privacy/data‑exfiltration risk. The instructions otherwise remain scoped to wallet analysis, quotes, previews and optionally execution, and do not ask for unrelated host files or secrets. The skill also defers signing/broadcasting to the client environment but lacks specifics on how signing will be gated.
Install Mechanism
This is an instruction‑only skill with no install spec and no code files; nothing is written to disk by the skill itself. That reduces install risk.
Credentials
The skill requests no environment variables or credentials in the registry metadata, yet requires access to OnchainOS capabilities (including Trade and Broadcast). This implicit need for signing/broadcast capability is not declared. Additionally, the skill transmits wallet addresses to an external service — a sensitive action not justified by declared environment requirements.
Persistence & Privilege
The skill is not always‑on and does not request elevated platform privileges. It does not request to modify other skills or system config. Autonomous invocation is enabled by default on the platform but that is normal and not by itself a concern here.
如何使用
  1. 确保已安装 OpenClaw(本地或 Docker 部署)
  2. 在对话框中输入安装命令:/install wallet-twin-court
  3. 安装完成后,直接呼叫该 Skill 的名称或使用 /wallet-twin-court 触发
  4. 根据 Skill 的参数说明提供必要输入,即可获得结构化输出
版本历史
v1.0.1
Bind Wallet Twin Court to the court API and block wallet-roast fallback.
v1.0.0
Initial release
元数据
Slug wallet-twin-court
版本 1.0.1
许可证 MIT-0
累计安装 0
当前安装数 0
历史版本数 2
常见问题

Wallet Twin Court 是什么?

Use this skill when the user wants to put a Solana wallet on trial, identify the action most likely to cause regret tomorrow, return a verdict, and only then... 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件,目前累计下载 113 次。

如何安装 Wallet Twin Court?

在 OpenClaw 或 Claude Code 对话框中运行命令「/install wallet-twin-court」即可一键安装,无需额外配置。

Wallet Twin Court 是免费的吗?

是的,Wallet Twin Court 完全免费,采用 MIT-0 许可证,可自由下载、安装和使用。

Wallet Twin Court 支持哪些平台?

Wallet Twin Court 跨平台运行,可在任意部署了 OpenClaw / Claude Code 的环境中使用(cross-platform)。

谁开发了 Wallet Twin Court?

由 richard7463(@richard7463)开发并维护,当前版本 v1.0.1。

推荐 Skills
self-improving agent
Captures learnings, errors, and corrections to enable continuous improvement. Use when: (1) A command or operation fails unexpectedly, (2) User corrects Clau...
⬇ 463815 · by pskoett
Skill Vetter
Security-first skill vetting for AI agents. Use before installing any skill from ClawdHub, GitHub, or other sources. Checks for red flags, permission scope, and suspicious patterns.
⬇ 259802 · by spclaudehome
Polymarket
Query Polymarket prediction markets. Check odds, find trending markets, search events, track price movements.
⬇ 232503 · by joelchance
Self-Improving + Proactive Agent
Self-reflection + Self-criticism + Self-learning + Self-organizing memory. Agent evaluates its own work, catches mistakes, and improves permanently. Use when...
⬇ 200680 · by ivangdavila
Github
Interact with GitHub using the `gh` CLI. Use `gh issue`, `gh pr`, `gh run`, and `gh api` for issues, PRs, CI runs, and advanced queries.
⬇ 191345 · by steipete
ontology
Typed knowledge graph for structured agent memory and composable skills. Use when creating/querying entities (Person, Project, Task, Event, Document), linkin...
⬇ 190333 · by oswalpalash

💬 留言讨论