📦 Clawked — Base L2隐私交互

v1.0.0

在 Base L2 上通过 CLI 子命令（npx ceaser-mcp shield/unshield/notes）与 Ceaser 隐私协议交互，实现 ETH 的 Shield/Unshield、池统计查询及隐私笔记管理。

0· 590·2 当前·2 累计

by @se7enhvn (Se7enHvn)

开发工具 API工具安全自动化

下载技能包

最后更新

2026/4/22

安全扫描

VirusTotal

可疑

查看报告

OpenClaw

可疑

medium confidence

NULL

评估建议

This skill appears to actually do what it says (call ceaser.org APIs and direct users to use 'npx ceaser-mcp' or the website to generate proofs), but there are a few red flags you should consider before installing or running it: - Metadata/name mismatch: The package SKILL.md identifies as 'ceaser' while the registry listing showed 'Clawked' and _meta.json owner/version differ. Confirm you obtained the skill from a trusted publisher and that the name/owner/version are correct. - Missing referenc...

详细分析 ▾

ℹ 用途与能力

The SKILL.md describes interacting with the Ceaser protocol via public HTTP endpoints and using the ceaser-mcp npm tool to generate proofs; the declared required binaries (curl, jq, node, npx) are appropriate for that purpose. However, the skill's external metadata/name mismatches (skill presented to you as 'Clawked' while SKILL.md identifies as 'ceaser' and registry/_meta.json owner/version differences) are inconsistent and unexplained.

✓ 指令范围

Instructions are limited to calling ceaser.org endpoints, preparing transactions, and telling the user how to generate/sign proofs locally using the Ceaser frontend or 'npx ceaser-mcp'. The skill does not instruct reading arbitrary local files or environment secrets, nor does it request extraneous data access. It does reference an OpenAPI file at {baseDir}/references/openapi.json which is not present in the package.

✓ 安装机制

This is an instruction-only skill (no install spec, no included code). That reduces risk because nothing in the bundle will be written or executed automatically. Note: runtime use of 'npx' will fetch and execute code from the npm registry when invoked by the user/agent—this is expected but a runtime privacy/security consideration.

✓ 凭证需求

No environment variables, credentials, or config paths are requested by the skill; this is proportionate to the described functionality. The skill does rely on the user/agent having node/npx available to run ceaser-mcp if proof generation is needed.

✓ 持久化与权限

The skill does not request persistent presence (always:false) and does not request elevated platform privileges. Autonomous invocation is allowed by default but is not combined with broad credential access here.

安全有层次，运行前请审查代码。

运行时依赖

无特殊依赖

版本

latestv1.0.02026/2/21

NULL

● 可疑

安装命令

点击复制

官方npx clawhub@latest install agent-privacy-skill

镜像加速npx clawhub@latest install agent-privacy-skill --registry https://cn.longxiaskill.com

数据来源：ClawHub ↗ · 中文优化：龙虾技能库