← 返回 Skills 市场
XMTP Agents
作者
Saul Carlin
· GitHub ↗
· v0.0.1
320
总下载
0
收藏
0
当前安装
1
版本数
在 OpenClaw 中安装
/install xmtp-agents
功能描述
Connect a running agent (OpenClaw, Claude Code, LangChain, custom Python, any agent runtime) to XMTP messaging so people can DM it and get responses that use...
安全使用建议
This skill appears to do what it says: set up a persistent bridge between XMTP and an agent. Before installing or running it, consider the following: (1) xmtp init writes private wallet/encryption keys to ~/.xmtp/.env — keep that file secure, or run the bridge in an isolated container/VM; (2) the instructions call for npm install -g @xmtp/cli (verify the package and pin versions); (3) the example uses the OpenClaw CLI — adapt the bridge to your agent runtime if you use something else; (4) owner inbox messages are given full agent capabilities (tools, memory, file access) — only give owner status to wallets/IDs you trust; (5) run rate-limiting, logging, and prompt-sanitization to reduce DOS and prompt-injection risk; and (6) test in a non-production environment first.
功能分析
Type: OpenClaw Skill
Name: xmtp-agents
Version: 0.0.1
The skill facilitates connecting the agent to the XMTP decentralized messaging network, creating a persistent bridge that routes remote messages directly to the agent's execution environment (e.g., OpenClaw or Claude Code). While the SKILL.md includes a basic authorization check (OWNER_INBOX_ID) and a restrictive prompt for public users, the architecture inherently exposes the agent to remote prompt injection and unauthorized tool usage. The instructions also require the agent to handle sensitive cryptographic keys stored in `~/.xmtp/.env` and encourage setting up a full persistent listener even for simple one-off messaging requests, significantly increasing the host's attack surface.
能力评估
Purpose & Capability
The skill is about connecting an agent to XMTP and its instructions use the XMTP CLI and an agent CLI (openclaw agent) to implement a bridge — this fits the described purpose. Minor inconsistency: the description promises support for many backends (Claude Code, LangChain, custom Python), but the provided bridge example and commands are OpenClaw-specific; users will need to adapt the sample if they use a different runtime.
Instruction Scope
The SKILL.md instructs installing @xmtp/cli, running xmtp init which generates ~/.xmtp/.env containing a wallet/encryption key, and running a continuously streaming bridge that routes messages into your agent and back out. These steps are expected for an XMTP bridge but have important implications: private keys are written to local disk, the bridge is persistent (long-running), and owner messages are granted 'full agent capabilities' (tools, memory, file access). The skill does warn about DOS and prompt-injection, but the instructions nonetheless enable a process that could expose sensitive resources if misconfigured.
Install Mechanism
There is no platform install spec in the skill bundle, but the runtime instructions require running npm install -g @xmtp/cli (via the public npm registry), Node 22+, and jq. Installing the XMTP CLI from npm is a reasonable choice for this purpose but carries normal npm risks (trusting the package, supply-chain issues, global install).
Credentials
The registry metadata declares no required environment variables, which is consistent with the bundle, but the instructions rely on a generated local secrets file (~/.xmtp/.env) containing wallet and encryption keys and on an OWNER_INBOX_ID runtime variable for owner filtering. Granting the 'owner' inbox full agent privileges is functionally necessary for the described owner-vs-public behavior, but it is a high-privilege configuration — the skill does not request additional unrelated credentials, so scope is proportional but potentially sensitive.
Persistence & Privilege
The skill does not request always:true or any special platform privileges. It simply provides instructions to run a persistent bridge process; that is expected for the purpose and does not modify other skills or global agent settings.
如何使用
- 确保已安装 OpenClaw(本地或 Docker 部署)
- 在对话框中输入安装命令:
/install xmtp-agents - 安装完成后,直接呼叫该 Skill 的名称或使用
/xmtp-agents触发 - 根据 Skill 的参数说明提供必要输入,即可获得结构化输出
版本历史
v0.0.1
- Initial release: connect any agent runtime (OpenClaw, Claude Code, LangChain, custom Python, etc.) to XMTP for two-way messaging.
- Provides a full bridge pattern: CLI setup, identity registration, streaming incoming messages, and routing all conversations through your agent backend.
- Distinguishes between owner and public users, applying customizable prompts and restricting capabilities for public sessions.
- Includes ready-to-use Bash bridge script examples; supports swappable agent backends.
- Owner identity and inbox ID setup are required before running the bridge.
- Designed for continuous, session-based conversations — not individual message sends.
元数据
常见问题
XMTP Agents 是什么?
Connect a running agent (OpenClaw, Claude Code, LangChain, custom Python, any agent runtime) to XMTP messaging so people can DM it and get responses that use... 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件,目前累计下载 320 次。
如何安装 XMTP Agents?
在 OpenClaw 或 Claude Code 对话框中运行命令「/install xmtp-agents」即可一键安装,无需额外配置。
XMTP Agents 是免费的吗?
是的,XMTP Agents 完全免费(开源免费),可自由下载、安装和使用。
XMTP Agents 支持哪些平台?
XMTP Agents 跨平台运行,可在任意部署了 OpenClaw / Claude Code 的环境中使用(cross-platform)。
谁开发了 XMTP Agents?
由 Saul Carlin(@saulmc)开发并维护,当前版本 v0.0.1。
推荐 Skills