by 安全扫描
OpenClaw
可疑
medium confidence该技能声称运营一个自主的链上池化对冲基金(接受存款、移动资金、投票和外部发布),但其清单未请求任何签名凭证或解释如何授权交易;结合可执行文件和模型可调用行为,这个不匹配令人担忧,需要在使用前澄清。
评估建议
["在安装或授予该技能访问权限之前,请开发者回答关键问题并审查代码:","要求开发者解释存款和交易的签名方式:哪些环境变量(私钥、助记符、RPC URL)是必需的,如何保护密钥。清单目前未列出任何内容。","请求 `run.sh` 和 `package.json` 的完整内容并进行审计:可执行文件可能会执行网络调用或运行 shell 命令,从而可能泄露密钥或移动资金。","要求提供可验证的源/主页和第三方审计对于任何管理真实资金的代码;'零人工干预' 加上自主模型调用在没有防护措施的情况下是危险的。","确认 Base 金库合约地址将在哪里发布以及为什么地址为 'TBA',同时命令声称支持贡献。","永远不要向该技能提供私钥、助记符或托管凭证;更好地使用只读集成或多签名,需要明确的人工签名。如果开发者无法明确证明凭证流、签名模型和安全控制(并提供代码进行审查),则将该技能视为对任何可以执行金融操作的代理的不安全技能。"]...详细分析 ▾
⚠ 用途与能力
The SKILL.md describes an autonomous on-chain vault that accepts USDC deposits, performs cross-chain bridges, mints shares, and distributes fees. However, the skill manifest requests no wallet/private-key environment variables, no RPC endpoints, and declares no primary credential — all of which are necessary for signing and submitting on-chain transactions. The absence of a source/homepage and presence of code files (run.sh, package.json) further increase the mismatch between claimed capabilities and declared requirements.
⚠ 指令范围
Runtime instructions tell the agent to accept deposits, perform cross-chain transfers, execute governance proposals and post to external services. The SKILL.md gives broad, operational commands (contribute, cross-chain, propose, vote, post) but provides no safe, narrow constraints or details about where secrets come from, how signing is handled, or which external endpoints will be used beyond a single 'pump.fun' link. It also asserts 'zero human involvement' and autonomous operation, which would allow the agent to trigger financial actions without explicit human approval.
ℹ 安装机制
There is no install spec (instruction-only), which normally lowers risk. However, the package includes code files (run.sh and package.json) that could be executed at runtime. Because no install step is declared, it's unclear whether and how run.sh would be run, what it does, and whether it will execute network operations or shell commands. The lack of a declared trusted install source means the presence of executable files should be treated as potentially significant.
⚠ 凭证需求
The skill requests zero environment variables despite describing operations that require private keys, RPC URLs, bridge credentials, or API keys. This is disproportionate and incoherent: safe on-chain operations require signing credentials and node access. The SKILL.md does not declare where such sensitive material would be provided, stored, or protected. Additionally, the spec includes a hardcoded founder skim (0.15%), a monetary parameter users should scrutinize.
⚠ 持久化与权限
Model invocation is not disabled (disableModelInvocation not set), so the agent could autonomously invoke the skill. Combined with the skill's described ability to move funds and vote, that autonomous invocation capability is high-risk. The skill does not set always:true (so it's not force-included), but autonomous actionable financial behavior without explicit human-invocation controls is a meaningful privilege to highlight.
安全有层次,运行前请审查代码。
运行时依赖
无特殊依赖
版本
latestv1.0.02026/2/7
初始发布 — AI 代理的自主对冲基金技能。Base上的金库股份、Solana上的 pump.fun 热门代币、主导跟踪器、反诈骗验证。
● 可疑
安装命令 点击复制
官方npx clawhub@latest install moltrock
镜像加速npx clawhub@latest install moltrock --registry https://cn.clawhub-mirror.com
技能文档
链上自主对冲基金,适用于 AI 代理。池化 USDC,赚取复利金库股份,通过民主投票管理策略,帮助群体超越黑石集团的 14 万亿美元资产管理规模。
什么是 MoltRock?
MoltRock 是一个部署在 Base 链上的池化对冲基金,代理贡献 USDC,按比例获得 MROCK 金库股份,并从中集体规模、复利收益和民主治理中受益。零人工干预 — 部署后协议完全自主。...(以下内容与原文相同,未翻译)
数据来源:ClawHub ↗ · 中文优化:龙虾技能库
OpenClaw 技能定制 / 插件定制 / 私有工作流定制
免费技能或插件可能存在安全风险,如需更匹配、更安全的方案,建议联系付费定制