← 返回 Skills 市场
95
总下载
0
收藏
0
当前安装
2
版本数
在 OpenClaw 中安装
/install wendao-agent
功能描述
Automates BNB Chain NFA cultivation with on-chain authorized Agent wallet for meditation, leveling, attribute allocation, PK, and breakthrough tasks.
安全使用建议
This package is functionally consistent with an on‑chain NFA agent, but review these points before installing:
- Secret handling: The agent needs the Agent private key (AGENT_PRIVATE_KEY or --key). Treat this as highly sensitive; prefer environment variable usage (AGENT_PRIVATE_KEY) over command‑line flags, and never use your main owner wallet private key. The skill metadata incorrectly lists no required env vars — assume the private key is required.
- External backend: By default the agent authenticates to and uses https://wendaobsc.xyz for JWT and PK matching. The backend receives signed messages (not your private key) but will be able to authenticate your agent and coordinate PK actions. Only use the default API if you trust that service; you can set --api "" or another URL to disable/replace it.
- Funding and risk: PK deposits and breakthroughs can require $JW (on‑chain token) and the agent will spend tokens from the agent wallet if present. Do not fund the agent wallet with large amounts — create a dedicated child wallet with only a small BNB balance for gas and, if you enable PK, only the minimal $JW you accept to risk. The README contains contradictory claims about whether the agent wallet holds $JW — assume PK can consume $JW from the agent wallet.
- Local files: The agent persists a Merkle leaf file named .wendao-tree-<tokenId>.json in the current working directory. These files contain action logs and should be protected (permissions/backups) or periodically inspected/cleaned if you are privacy‑conscious.
- Audit and provenance: The skill source lists no homepage and the registry metadata owner is opaque. If you plan to run this with real funds, consider auditing the pkg (especially execPK and execPKRecover flows that interact with the backend), running in read‑only mode first (status command), or running on a throwaway agent wallet to observe behavior before giving it any tokens.
If you want, I can point out the exact lines where the agent authenticates to the backend and where wallet writes occur, or help craft safe CLI/environment settings to minimize risk.
功能分析
Type: OpenClaw Skill
Name: wendao-agent
Version: 1.1.0
The WenDao Agent skill bundle is a legitimate automation tool for a BNB Chain-based game (BAP-578 protocol). The code (agent.ts, cli.ts) implements game-specific logic such as automated 'meditation', attribute point distribution, and 'PK' (player vs player) battles. While the tool requires a private key for an 'Agent sub-wallet', it follows security best practices by prioritizing environment variables over CLI arguments to prevent shell history exposure and uses the standard 'viem' library for secure signing. Network activity is restricted to the project's stated domain (wendaobsc.xyz) for authentication and game state resolution, with no evidence of data exfiltration, obfuscation, or malicious intent.
能力标签
能力评估
Purpose & Capability
The code and docs implement an NFA Agent SDK (on‑chain reads/writes, levelUp, distributeSP, PK, merkle roots), which is consistent with the stated purpose. However the metadata claims no required env vars/credentials while the CLI and code clearly expect an agent private key (AGENT_PRIVATE_KEY or --key) and allow overriding contract addresses via environment variables — that mismatch should have been declared.
Instruction Scope
Runtime instructions and the packaged code require the agent private key to sign transactions and perform writeContract calls (levelUp, distributeSP, depositPK, updateLearningTree). The agent also authenticates with a backend (default https://wendaobsc.xyz) by signing and POSTing an auth message to obtain a JWT; PK matching and recovery interact with that backend. The agent persists a local file (.wendao-tree-<tokenId>.json) containing merkle leaves. These actions (network calls to a third party, signing, disk writes) are within the claimed feature set but expand trust to an external API and create local persistent state — both deserve explicit disclosure.
Install Mechanism
There is no install spec in the skill metadata (instruction-only), but the package contains full JS/TS source and a package.json with dependencies (viem, commander, etc.). Dependencies are appropriate for a blockchain SDK. No remote download URLs or extract steps are present in the metadata that would increase install risk.
Credentials
The agent requires a private key (sensitive credential) at runtime but the skill metadata declares no required env vars or primary credential. The CLI encourages using AGENT_PRIVATE_KEY (preferred) but also supports passing --key (which leaks to shell history). The default API (https://wendaobsc.xyz) will receive signed messages and return JWTs; while the private key is never sent, the server sees signatures and agent addresses. The README/SKILL.md contains inconsistent statements about token custody (at points claiming the agent wallet has no $JW, elsewhere indicating PK consumes $JW from the agent wallet) — that inconsistency could lead users to fund the agent unexpectedly and risk token loss.
Persistence & Privilege
The skill does not request elevated system privileges and 'always' is false. It persists agent action leaves to disk (.wendao-tree-<tokenId>.json) and uses in‑process state (JWT stored on the instance). This per‑agent persistence is reasonable for the feature (Merkle learning tree) but is a durable local artifact that may include timestamps, actions, and tx hashes — users should know where these files are written and with what permissions.
如何使用
- 确保已安装 OpenClaw(本地或 Docker 部署)
- 在对话框中输入安装命令:
/install wendao-agent - 安装完成后,直接呼叫该 Skill 的名称或使用
/wendao-agent触发 - 根据 Skill 的参数说明提供必要输入,即可获得结构化输出
版本历史
v1.1.0
v1.1.0: 修复 JWT frozen config bug, PK 恢复 tier 读链上值, 文档更正
v1.0.0
WenDao Agent Skill 1.0.0 — Initial Release
- Automates NFA 修仙 actions on BNB Chain via BAP-578 Agent Protocol.
- Features include automatic closed-door meditation, leveling up, attribute assignment, PK matching, and境界突破.
- All agent actions are securely logged and anchored on-chain using a Merkle Tree.
- Supports customizable strategies: aggressive, defensive, and balanced.
- Security-focused: agent subwallet is fully isolated from the owner's main wallet.
- Includes setup instructions for quick installation and usage.
元数据
常见问题
问道 Agent SDK 是什么?
Automates BNB Chain NFA cultivation with on-chain authorized Agent wallet for meditation, leveling, attribute allocation, PK, and breakthrough tasks. 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件,目前累计下载 95 次。
如何安装 问道 Agent SDK?
在 OpenClaw 或 Claude Code 对话框中运行命令「/install wendao-agent」即可一键安装,无需额外配置。
问道 Agent SDK 是免费的吗?
是的,问道 Agent SDK 完全免费,采用 MIT-0 许可证,可自由下载、安装和使用。
问道 Agent SDK 支持哪些平台?
问道 Agent SDK 跨平台运行,可在任意部署了 OpenClaw / Claude Code 的环境中使用(cross-platform)。
谁开发了 问道 Agent SDK?
由 bb964305(@bb964305)开发并维护,当前版本 v1.1.0。
推荐 Skills