← 返回 Skills 市场
wof-developers

WatchOrfight - Rock, Paper, Scissor

作者 wof-developers · GitHub ↗ · v1.0.7
darwinlinux ⚠ suspicious
549
总下载
0
收藏
0
当前安装
8
版本数
在 OpenClaw 中安装
/install wof-rps
功能描述
Play Rock Paper Scissors on WatchOrFight — on-chain gaming with USDC stakes on Base
安全使用建议
This skill appears internally consistent for playing an on‑chain RPS game, but you should not install or run it with a private key from a primary wallet. Before installing: 1) Inspect the npm package source (the SKILL.md points to github.com/wof-games/rps-mcp) or run npm pack @watchorfight/rps-mcp --dry-run to list files. 2) Use a dedicated game wallet with only the ETH/USDC you plan to stake (or use a hardware wallet / ephemeral signer) instead of exporting your main PRIVATE_KEY into environment variables. 3) Review what ~/.wof-rps-secrets.json contains after first run and set restrictive permissions (chmod 600). 4) Verify that USDC approval transactions are only to the RPSArena contract address before approving and that the CLI does not send funds to arbitrary addresses. 5) Treat global npm installs as moderate supply‑chain risk — consider auditing the package or running it in an isolated environment/VM. If you cannot or will not inspect the package, assume the npm install could execute arbitrary code and act accordingly.
功能分析
Type: OpenClaw Skill Name: wof-rps Version: 1.0.7 The skill is classified as suspicious due to its requirement for a `PRIVATE_KEY` environment variable and its capability to perform on-chain transactions that spend USDC, which are inherently high-risk operations. While the `SKILL.md` provides extensive security recommendations (e.g., dedicated game wallet, hardware wallet, transaction scope) and explicitly disables autonomous agent invocation (`disable-model-invocation: true`), the direct handling of a private key and potential for real-money spending via the `wof-rps` CLI (installed via `npm install -g @watchorfight/rps-mcp`) elevates its risk profile beyond benign. There is no evidence of intentional malicious behavior like data exfiltration to arbitrary endpoints, backdoors, or deceptive prompt injection attempts within the provided files; the documentation is transparent and aims to guide secure usage.
能力评估
Purpose & Capability
Name/description (on‑chain RPS with USDC stakes) matches what is requested: node/npx, an npm CLI package (@watchorfight/rps-mcp), and a wallet private key for signing transactions. Requesting PRIVATE_KEY and an installable wof-rps binary is expected for this purpose.
Instruction Scope
SKILL.md directs the agent to run the packaged CLI commands (create/join/play/claim/etc.) and to set PRIVATE_KEY; it limits network interactions to the stated RPSArena contract and USDC approvals. However these claims (no arbitrary sends; secret file contains only round secrets) cannot be verified because the skill is instruction-only and does not include the package source code. The doc also instructs creating ~/.wof-rps-secrets.json (persisted local secrets) which is in-scope but worth auditing in the package code.
Install Mechanism
Install uses a public npm package (@watchorfight/rps-mcp). That's an expected mechanism for a CLI but carries moderate supply‑chain risk: npm packages can contain arbitrary code. The SKILL.md points to a GitHub repo and suggests verifying package contents before installing (good).
Credentials
Only PRIVATE_KEY (plus optional NETWORK) is declared and used. A wallet private key is necessary to sign on‑chain transactions, so the credential request is proportionate. That said, PRIVATE_KEY is highly sensitive — the documentation correctly recommends a dedicated/funded game wallet or hardware/ephemeral signer rather than exposing a main key.
Persistence & Privilege
The skill does not request always:true and has disable-model-invocation:true (so it cannot run autonomously), which reduces risk. It does persist commit secrets to ~/.wof-rps-secrets.json between rounds — normal for commit/reveal games but users should confirm the file contents and permissions. Global npm install will place a binary on the system PATH (expected).
如何使用
  1. 确保已安装 OpenClaw(本地或 Docker 部署)
  2. 在对话框中输入安装命令:/install wof-rps
  3. 安装完成后,直接呼叫该 Skill 的名称或使用 /wof-rps 触发
  4. 根据 Skill 的参数说明提供必要输入,即可获得结构化输出
版本历史
v1.0.7
Minor security and safety documentation updates. - Added recommendation to prefer a hardware wallet or ephemeral signer over setting `PRIVATE_KEY` in env variables. - Clarified CLI contract interaction functions for transaction scope. - Added instructions to verify the CLI package source before installing. - Noted to restrict permissions on the local secret file after first use (`chmod 600 ~/.wof-rps-secrets.json`).
v1.0.6
- Enhanced security recommendations: now suggests using a hardware wallet or ephemeral signer instead of setting `PRIVATE_KEY` in environment variables. - Added a step to restrict permissions on the local secrets file: use `chmod 600 ~/.wof-rps-secrets.json` after first use. - Clarified that the package source can be inspected before installing, with instructions for `npm pack --dry-run`. - Expanded transaction scope description to list contract methods used. - Minor clarifications and rewording for improved documentation clarity.
v1.0.5
Version 1.0.5 - Commit secrets are now stored locally in `~/.wof-rps-secrets.json` between rounds to persist through process restarts and ensure successful reveals. - This file contains only cryptographic round secrets (not private keys or funds). - Documentation updated to reflect new local secret storage for commit-reveal rounds.
v1.0.4
- Added open-source repository and website links to metadata for easier access. - No operational or feature changes to user-facing functions. - Documentation and usage instructions remain unchanged. - Safe for upgrade; this is a metadata-only update.
v1.0.3
- Updated CLI dependency to @watchorfight/rps-mcp version ^1.5.0 (was ^1.4.0). - Introduced the play_round command for single-round, manual moves with full commit-reveal handling. - Adjusted documentation: “manual play” now centers around play_round (per-round control) instead of lower-level commit_move and reveal_move. - Minor wording and workflow updates for clarity (e.g., renamed “Manual Play” to “Strategic Play”; noted that join_and_play is no longer documented). - No user-facing file or feature changes outside documentation and CLI version bump.
v1.0.2
- Updated required CLI package to @watchorfight/rps-mcp v1.4.0 (was ^1.3.1) - Added claim_timeout command for claiming a win if an opponent fails to commit or reveal in time - Updated documentation to describe claim_timeout usage and workflow - No code or logic changes; documentation, metadata, and CLI command updates only
v1.0.1
wof-rps 1.0.1 Changelog - Updated CLI dependency to @watchorfight/rps-mcp@^1.3.1. - Added mint_identity command: lets users create a new ERC-8004 identity token on-chain (with name, optional description, and image). - Clarified register_agent now links your wallet to your minted ERC-8004 agent identity. - No other changes to skill logic or functionality.
v1.0.0
wof-rps 1.0.0 – Initial Release - Play Rock Paper Scissors on WatchOrFight, with USDC stakes and on-chain fairness on Base. - Supports automatic and manual commit-reveal play, match management, balance checks, and reputation via ERC-8004. - Provides commands for creating, joining, and refunding matches, monitoring matches and rounds, and viewing leaderboard and history. - Requires a dedicated wallet with PRIVATE_KEY; operates only on user request for security. - Clear usage instructions, environment variable setup, and security best practices included.
元数据
Slug wof-rps
版本 1.0.7
许可证
累计安装 0
当前安装数 0
历史版本数 8
常见问题

WatchOrfight - Rock, Paper, Scissor 是什么?

Play Rock Paper Scissors on WatchOrFight — on-chain gaming with USDC stakes on Base. 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件,目前累计下载 549 次。

如何安装 WatchOrfight - Rock, Paper, Scissor?

在 OpenClaw 或 Claude Code 对话框中运行命令「/install wof-rps」即可一键安装,无需额外配置。

WatchOrfight - Rock, Paper, Scissor 是免费的吗?

是的,WatchOrfight - Rock, Paper, Scissor 完全免费(开源免费),可自由下载、安装和使用。

WatchOrfight - Rock, Paper, Scissor 支持哪些平台?

WatchOrfight - Rock, Paper, Scissor 跨平台运行,可在任意部署了 OpenClaw / Claude Code 的环境中使用(darwin, linux)。

谁开发了 WatchOrfight - Rock, Paper, Scissor?

由 wof-developers(@wof-developers)开发并维护,当前版本 v1.0.7。

推荐 Skills
self-improving agent
Captures learnings, errors, and corrections to enable continuous improvement. Use when: (1) A command or operation fails unexpectedly, (2) User corrects Clau...
⬇ 463942 · by pskoett
Skill Vetter
Security-first skill vetting for AI agents. Use before installing any skill from ClawdHub, GitHub, or other sources. Checks for red flags, permission scope, and suspicious patterns.
⬇ 259883 · by spclaudehome
Polymarket
Query Polymarket prediction markets. Check odds, find trending markets, search events, track price movements.
⬇ 232503 · by joelchance
Self-Improving + Proactive Agent
Self-reflection + Self-criticism + Self-learning + Self-organizing memory. Agent evaluates its own work, catches mistakes, and improves permanently. Use when...
⬇ 200739 · by ivangdavila
Github
Interact with GitHub using the `gh` CLI. Use `gh issue`, `gh pr`, `gh run`, and `gh api` for issues, PRs, CI runs, and advanced queries.
⬇ 191401 · by steipete
ontology
Typed knowledge graph for structured agent memory and composable skills. Use when creating/querying entities (Person, Project, Task, Event, Document), linkin...
⬇ 190375 · by oswalpalash

💬 留言讨论