← 返回 Skills 市场
ZKGov
作者
Blockchain Oracle
· GitHub ↗
· v0.0.3
· MIT-0
100
总下载
0
收藏
0
当前安装
1
版本数
在 OpenClaw 中安装
/install zkgov
功能描述
Anonymous governance on HashKey Chain using zero-knowledge proofs. Query proposals, check voter status, register, create proposals, vote anonymously with ZK...
安全使用建议
This skill appears to do what it says (interact with ZKGov CLI to query and vote on a HashKey Chain testnet) but there are important practical and safety details missing from the registry metadata. Before installing or letting an agent use this skill: 1) Treat the wallet behavior as sensitive — the agent will generate and store a private key at ~/.zkgov/config.json unless you supply ZKGOV_PRIVATE_KEY; do not allow it to generate keys if you don't want a secret created. 2) Verify the npm packages (@zkgov/cli and @zkgov/mcp): check their npm pages, source repos, maintainers, and recent publication history; prefer inspecting code or using a wallet you control. 3) Expect the agent to be able to send on‑chain transactions (gas costs, even on testnet) — require user confirmation for any write action. 4) Ask the publisher/maintainer for explicit metadata updates (declare ZKGOV_PRIVATE_KEY and the ~/.zkgov/config.json path, provide package repository URLs and checksums). If the registry metadata is corrected and the npm packages are auditable/trusted (or you provide your own key), my concerns would be significantly reduced.
功能分析
Type: OpenClaw Skill
Name: zkgov
Version: 0.0.3
The 'zkgov' skill provides a legitimate interface for anonymous blockchain governance on the HashKey Chain testnet using Semaphore ZK proofs. It defines standard MCP tools and CLI commands (e.g., `zkgov-vote`, `zkgov-register`) for interacting with a specific smart contract (0xEa625841E031758786141c8b13dD1b1137C9776C). The instructions in SKILL.md are well-structured, align with the stated purpose, and do not contain any indicators of malicious intent, data exfiltration, or prompt injection.
能力标签
能力评估
Purpose & Capability
The name and description (ZKGov anonymous voting on HashKey Chain) match the CLI commands and read/write operations described. Requesting an npm CLI and an MCP helper is consistent with the claimed functionality. However, the registry metadata omits some practical requirements present in SKILL.md (see env/config mismatches below).
Instruction Scope
SKILL.md instructs the agent to run external CLI tools (npx/@zkgov/mcp and @zkgov/cli) and to perform write operations that generate and persist a wallet (~/.zkgov/config.json). It also references an environment variable override (ZKGOV_PRIVATE_KEY) and instructs the agent to perform on‑chain transactions. These behaviors are within the stated domain but expand the agent's scope (creating/storing a private key and sending transactions) and are not declared in the skill metadata.
Install Mechanism
There is no declared install spec in the registry, but SKILL.md tells users/agents to install packages from npm (npx @zkgov/mcp and npm install -g @zkgov/cli). Installing third‑party npm packages is a reasonable delivery mechanism for a CLI, but it is higher risk than an instruction-only read tool because it pulls code from the public registry. The skill does not provide package source/repos or checksums to verify provenance.
Credentials
SKILL.md references an override env var (ZKGOV_PRIVATE_KEY) and a persistent config path (~/.zkgov/config.json) for storing private keys, but the registry metadata lists no required env vars or config paths. The agent will either generate a private key and store it locally (sensitive persistent secret) or accept a user private key from an env var. Requesting or creating private keys is intrinsic to write operations here, but the metadata omission is an incoherence and a sensitive capability that should be explicit.
Persistence & Privilege
The skill instructs creating a persistent wallet file in the user's home directory and derives both the EVM account and ZK identity from the same private key; this is a lasting side effect. The skill is not marked always:true, but it does enable the agent to perform autonomous write actions (transactions) if invoked — that increases impact if the agent is allowed to act without explicit confirmation. The registry did not declare the config path, which is a persistence/privilege mismatch.
如何使用
- 确保已安装 OpenClaw(本地或 Docker 部署)
- 在对话框中输入安装命令:
/install zkgov - 安装完成后,直接呼叫该 Skill 的名称或使用
/zkgov触发 - 根据 Skill 的参数说明提供必要输入,即可获得结构化输出
版本历史
v0.0.3
- Added detailed documentation for ZKGov skill, covering usage, workflow, and error handling.
- Clarified when to use or avoid the skill, with specific on-chain governance scenarios.
- Outlined tool priority: MCP tools preferred, CLI as fallback, always use `--json`.
- Included step-by-step governance workflow and CLI flag examples.
- Listed all available read/write tools with their functions.
- Provided key technical facts about the platform and contract.
元数据
常见问题
ZKGov 是什么?
Anonymous governance on HashKey Chain using zero-knowledge proofs. Query proposals, check voter status, register, create proposals, vote anonymously with ZK... 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件,目前累计下载 100 次。
如何安装 ZKGov?
在 OpenClaw 或 Claude Code 对话框中运行命令「/install zkgov」即可一键安装,无需额外配置。
ZKGov 是免费的吗?
是的,ZKGov 完全免费,采用 MIT-0 许可证,可自由下载、安装和使用。
ZKGov 支持哪些平台?
ZKGov 跨平台运行,可在任意部署了 OpenClaw / Claude Code 的环境中使用(cross-platform)。
谁开发了 ZKGov?
由 Blockchain Oracle(@blockchain-oracle)开发并维护,当前版本 v0.0.3。
推荐 Skills