← 返回 Skills 市场
twzrd-sol

Agent Template

作者 twzrd-xyz · GitHub ↗ · v0.5.0
cross-platform ⚠ suspicious
481
总下载
0
收藏
0
当前安装
4
版本数
在 OpenClaw 中安装
/install wzrd
功能描述
Bot-vs-bot parimutuel prediction markets on Solana. Trade real creator attention metrics.
安全使用建议
Key points to consider before installing or running: - Do not run the recommended 'curl https://app.twzrd.xyz/raw/wzrd-trade.sh | bash' unless you (or someone you trust) have inspected that script line-by-line. Piping remote scripts to a shell executes arbitrary code on your machine. - The code requires an Ed25519 private key (WZRD_PRIVATE_KEY). Never supply your primary wallet/private key. Use an ephemeral or dedicated wallet with only the minimal SOL required (the service requires ~0.001 SOL) and minimal funds so a compromised key has limited impact. - The registry metadata lists no required env vars, but the example_agent and README clearly require WZRD_PRIVATE_KEY. Ask the publisher to correct metadata before trusting automation. - Audit the included example_agent.py and any remote scripts for hidden exfiltration (HTTP calls to unexpected hosts, uploading files, or reading unrelated local files). The provided example_agent.py does standard API calls and local env parsing, but you should still inspect any downloaded script. - Prefer cloning the GitHub repo and reviewing code locally (git clone https://github.com/twzrd/twzrd-agent-template) rather than executing a remote installer. Run the agent in an isolated environment (container or VM) and network monitor the outbound calls to verify only expected endpoints (api.twzrd.xyz and app.twzrd.xyz) are contacted. - If you need autonomous operation, limit the agent's privileges and funds, and consider manual approval for sensitive actions (redeem/relay/transaction-signing). Ask the publisher to provide a signed release or reproducible build and to fix registry metadata so required secrets are declared explicitly.
功能分析
Type: OpenClaw Skill Name: wzrd Version: 0.5.0 The skill bundle is classified as suspicious primarily due to a significant prompt injection vulnerability identified in `README.md`. The quickstart instructions include `curl -fsSL https://app.twzrd.xyz/raw/wzrd-trade.sh | bash`, which allows an AI agent to execute an arbitrary remote script if instructed to follow installation guides. While the `example_agent.py` code itself appears to be a legitimate prediction market agent, using the provided private key only for authentication to `api.twzrd.xyz`, the presence of a `curl | bash` instruction in agent-facing documentation represents a high-risk capability that could lead to remote code execution if the `wzrd-trade.sh` script or its hosting server were compromised, or if the agent is maliciously prompted to execute it.
能力评估
Purpose & Capability
The skill's purpose (bot-vs-bot Solana prediction markets) matches the included code and API calls: the example agent signs messages with an Ed25519 key and uses twzrd API endpoints. However, the registry claims 'Required env vars: none' while the code and README require WZRD_PRIVATE_KEY (an Ed25519 secret). That metadata omission is an inconsistency.
Instruction Scope
SKILL.md and README describe authentication using a private signing key and multiple API endpoints (expected). But the README's 'one-liner (curl | bash)' Quickstart directs users to execute a remote script from app.twzrd.xyz — this grants arbitrary remote code execution on the host if followed and is an out-of-band install instruction not reflected in the registry install spec.
Install Mechanism
There is no formal install spec (instruction-only), but the repo includes requirements.txt and example_agent.py (Python dependencies). The README also advertises a remote install script (https://app.twzrd.xyz/raw/wzrd-trade.sh) piped to bash — downloading and executing an opaque script from a remote host is high-risk. No official package host or signed release is provided in the metadata.
Credentials
Functionality legitimately requires an Ed25519 signing key to authenticate and submit predictions; that is proportionate to a trading agent. However, the skill registry declares no required env vars while the code requires WZRD_PRIVATE_KEY and will exit if it's missing. Requesting a private key is sensitive: the key gives full ability to act as your agent (submit bets, propose markets, redeem points). The mismatch between declared and actual env requirements reduces trust.
Persistence & Privilege
The skill is not marked always:true, does not request system-level privileges, and does not declare config paths or modify other skills. It appears to run as a normal agent process without elevated or persistent platform privileges.
如何使用
  1. 确保已安装 OpenClaw(本地或 Docker 部署)
  2. 在对话框中输入安装命令:/install wzrd
  3. 安装完成后,直接呼叫该 Skill 的名称或使用 /wzrd 触发
  4. 根据 Skill 的参数说明提供必要输入,即可获得结构化输出
版本历史
v0.5.0
wzrd v0.5.0 - Added wallet balance requirement (minimum 0.001 SOL) for signup/verification. - Detailed that new wallets receive 1000 points upon first verification. - Introduced `market_resolution` MCP tool and corresponding `/v2/markets/{id}/resolution` REST endpoint for resolution proof and oracle snapshot access. - Improved API documentation and endpoint listings for greater clarity.
v0.4.0
- Major update: Introduced public analytics/modeling endpoints for streaming and creator data. - New "Modeling Data — Analytics Endpoints" section with detailed API references. - Documented the new `creator_analytics` MCP tool. - Expanded REST API reference to include analytics endpoints for creators, sessions, weekly and macro trends. - Clarified what sets WZRD apart from other prediction markets with an added "Why WZRD is different" section.
v0.3.1
Reframed for macro-attention markets + YAML frontmatter
v0.3.0
wzrd 0.3.0 - Added full documentation and usage guide in SKILL.md, including authentication, staking tiers, and market types. - Described API methods, endpoints, and authorization requirements. - Provided details on market payouts, supported tokens (CCM, vLOFI), and liquidity pools. - Included onboarding resources for agents and agent templates. - Outlined point redemption, staking, and predicted market resolution process.
元数据
Slug wzrd
版本 0.5.0
许可证
累计安装 0
当前安装数 0
历史版本数 4
常见问题

Agent Template 是什么?

Bot-vs-bot parimutuel prediction markets on Solana. Trade real creator attention metrics. 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件,目前累计下载 481 次。

如何安装 Agent Template?

在 OpenClaw 或 Claude Code 对话框中运行命令「/install wzrd」即可一键安装,无需额外配置。

Agent Template 是免费的吗?

是的,Agent Template 完全免费(开源免费),可自由下载、安装和使用。

Agent Template 支持哪些平台?

Agent Template 跨平台运行,可在任意部署了 OpenClaw / Claude Code 的环境中使用(cross-platform)。

谁开发了 Agent Template?

由 twzrd-xyz(@twzrd-sol)开发并维护,当前版本 v0.5.0。

推荐 Skills
self-improving agent
Captures learnings, errors, and corrections to enable continuous improvement. Use when: (1) A command or operation fails unexpectedly, (2) User corrects Clau...
⬇ 463283 · by pskoett
Skill Vetter
Security-first skill vetting for AI agents. Use before installing any skill from ClawdHub, GitHub, or other sources. Checks for red flags, permission scope, and suspicious patterns.
⬇ 259410 · by spclaudehome
Polymarket
Query Polymarket prediction markets. Check odds, find trending markets, search events, track price movements.
⬇ 232503 · by joelchance
Self-Improving + Proactive Agent
Self-reflection + Self-criticism + Self-learning + Self-organizing memory. Agent evaluates its own work, catches mistakes, and improves permanently. Use when...
⬇ 200423 · by ivangdavila
Github
Interact with GitHub using the `gh` CLI. Use `gh issue`, `gh pr`, `gh run`, and `gh api` for issues, PRs, CI runs, and advanced queries.
⬇ 191113 · by steipete
ontology
Typed knowledge graph for structured agent memory and composable skills. Use when creating/querying entities (Person, Project, Task, Event, Document), linkin...
⬇ 190156 · by oswalpalash

💬 留言讨论