← 返回 Skills 市场

XMTP

Name: XMTP
Author: saulmc

作者 Saul Carlin · GitHub ↗ · v0.1.0 · MIT-0

cross-platform ⚠ suspicious

382

总下载

当前安装

版本数

在 OpenClaw 中安装

/install xmtp

功能描述

Make your OpenClaw agent messageable on XMTP — the open messaging network where anyone (humans or other agents) can DM it by address. Your agent gets its own...

安全使用建议

This skill appears to do what it says, but before installing: 1) Verify the @xmtp/cli npm package (publisher, recent versions, repository) before installing globally. 2) Use a dedicated Ethereum wallet with no funds as the SKILL.md advises — xmtp init will create ~/.xmtp/.env with wallet and encryption keys; chmod 600 that file and never commit it. 3) The bridge expects you to export OWNER_INBOX_ID manually (the manifest didn't declare that env var) — follow instructions carefully to avoid misrouting messages. 4) Review and edit public-prompt.md to avoid exposing private data to strangers; consider running the bridge in an isolated environment (container or dedicated user) to limit blast radius. 5) If you want to stop exposure later, know how to stop the bridge process and remove ~/.xmtp/.env and any published inbox/wallet. 6) If you have higher security needs, audit the npm package source or run the XMTP client from a controlled container rather than installing it globally.

功能分析

Type: OpenClaw Skill Name: xmtp Version: 0.1.0 The skill implements a persistent XMTP-to-OpenClaw bridge that pipes unsanitized remote message content directly into the agent's command-line interface, creating a high-risk communication channel. SKILL.md contains explicit instructions for the AI agent to override limited user requests (e.g., 'just send a message') in favor of deploying the full persistent bridge, which expands the attack surface beyond the user's explicit intent. Furthermore, the 'Public Mode' implementation in the bridge script is highly vulnerable to prompt injection, as it simply prepends a system message to raw user content before passing it to the agent.

能力评估

✓ Purpose & Capability

Name/description, required binaries (node, jq, openclaw), config path (~/.xmtp/.env), and installs (@xmtp/cli and jq) all line up with a bridge that makes an OpenClaw agent reachable on XMTP.

ℹ Instruction Scope

SKILL.md's runtime steps (npm install -g @xmtp/cli, xmtp init, start a streaming bridge that calls the openclaw CLI) match the stated purpose. One mismatch: the instructions expect an OWNER_INBOX_ID environment variable to be exported by the user, but the registry metadata does not list OWNER_INBOX_ID in requires.env. The bridge writes/reads ~/.xmtp/.env (declared) and creates a local public-prompt.md for public-mode behavior.

ℹ Install Mechanism

Install uses npm to globally install @xmtp/cli (standard but moderate-risk supply chain step) and brew to install jq (low risk). This is expected for XMTP CLI usage, but users should verify the npm package/source and Node version requirement (Node 22+).

ℹ Credentials

No secrets are requested in registry metadata, which is consistent with delegating key generation to xmtp init, but the skill depends on a credential file (~/.xmtp/.env) containing wallet and encryption keys. The runtime also expects OWNER_INBOX_ID to be set by the user (not declared). Requiring the local XMTP .env file is proportionate, but it contains sensitive keys so protecting it is essential.

✓ Persistence & Privilege

always:false and no changes to other skills or system-wide settings. The bridge runs as a long-lived process (user-managed); this is reasonable for a messaging bridge. No elevated or hidden persistence behavior is requested.

如何使用

确保已安装 OpenClaw（本地或 Docker 部署）
在对话框中输入安装命令：/install xmtp
安装完成后，直接呼叫该 Skill 的名称或使用 /xmtp 触发
根据 Skill 的参数说明提供必要输入，即可获得结构化输出

版本历史

v0.1.0

Version 0.1.0 - Initial public release of the OpenClaw XMTP Agent skill. - Makes OpenClaw agents messageable via the XMTP network, enabling two-way agent-to-agent and agent-to-human conversations. - Lightweight bridge design: quick setup with no Gateway config or restart required. - Owner receives normal capabilities; public users are routed to conversation-only mode with an editable prompt for safety. - Tool profile support for production-grade access scoping between owners and public users. - Detailed installation, configuration, and operational guidance included.

v0.0.5

No file changes detected. This is a version update only. - Bumped version to 0.0.5 without other changes.

v0.0.4

- Added a version field to SKILL.md (now version 0.0.4). - Declared explicit OpenClaw skill metadata, including required binaries, configs, and install instructions for dependencies. - No changes to user-facing functionality or documentation content.

v0.0.3

- Added a `metadata` block specifying requirements, config paths, and outputs for better clarity and automation. - Strengthened the security warning to highlight that agent keys are stored in plaintext; advise treating keys as sensitive secrets. - No functional changes to install steps, usage, or feature set. - Documentation improvement only; core bridge logic and behavior remain unchanged.

v0.0.2

**Minor update with operational and security clarifications.** - Added compatibility section listing required dependencies: Node >=22, jq, @xmtp/cli, openclaw. - Clarified and emphasized security recommendations: lock down `.env` file permissions, use a dedicated wallet, never expose sensitive wallets. - Added operational notes: recommend running the bridge as a non-root user or in a container. - Updated hardening advice, highlighting use of OpenClaw tool profiles as the default/recommended production approach. - Documentation edits to improve clarity, step order, and safe usage guidance.

v0.0.1

- Added detailed setup instructions for integrating an OpenClaw agent with XMTP for addressable messaging and autonomous agent-to-agent or human-to-agent conversations. - Introduced a lightweight bridge script for message streaming and routing, with separation of owner and public capabilities. - Provided guidance on system prompt restrictions for public users, plus instructions for tool profile hardening to prevent unauthorized tool or system access. - Explained persistent session context with conversation-based session IDs for both owners and public users. - Clarified security model with defense-in-depth: inbox ID-based capability gating, prompt guardrails, and optional tool profile enforcement. - Added reference stream output format and relevant cautions for alpha-phase operation.

元数据

Slug xmtp

版本 0.1.0

许可证 MIT-0

累计安装 0

当前安装数 0

历史版本数 6

常见问题

XMTP 是什么？

Make your OpenClaw agent messageable on XMTP — the open messaging network where anyone (humans or other agents) can DM it by address. Your agent gets its own... 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件，目前累计下载 382 次。

如何安装 XMTP？

在 OpenClaw 或 Claude Code 对话框中运行命令「/install xmtp」即可一键安装，无需额外配置。

XMTP 是免费的吗？

是的，XMTP 完全免费，采用 MIT-0 许可证，可自由下载、安装和使用。

XMTP 支持哪些平台？

XMTP 跨平台运行，可在任意部署了 OpenClaw / Claude Code 的环境中使用（cross-platform）。

谁开发了 XMTP？

由 Saul Carlin（@saulmc）开发并维护，当前版本 v0.1.0。