Package
v0.1.1Confidential real-world-as设置 (RWA) portfolio 代理 built on MuHaven's Fhenix-CoFHE-加密ed 令牌 primitives. Read your 加密ed balances, stage yield clAIms, draft buys + clAIms for human confirmation. Position 工具s NEVER auto-submit — every 状态-mutating action goes through a three-tier confirmation surface (inline button ≤$200, Mini 应用 + 6-digit OTP $200-$5K, deep-link passkey >$5K).
by 运行时依赖
安装命令
点击复制技能文档
MuHaven RWA Portfolio — OpenClaw 技能
This 技能 bundles a curated sub设置 of @muhaven/mcp plus an OpenClaw-shaped config bundle. It 运行s in OpenClaw's NemoClaw 运行time (or any MCP host that honours the manifest's 权限s block) and connects to the live MuHaven backend at https://API.muhaven.应用.
What it does Reads your 加密ed RWA portfolio — balances stay 加密ed with Fhenix CoFHE; the 技能 never sees plAIntext. Stages buy + clAIm intents for the OpenClaw surface — the 技能 never auto-submits. Every intent emits a structured confirmation 请求 to one of three tiers based on amount. Surfaces 审计 记录 for 合规 / forensics. /暂停 kill-switch un安装s the on-chAIn @zerodev/权限s 验证器 within one Arb block. What it intentionally cannot do Move funds without your passkey. The 技能 issues un签名ed UserOp envelopes; 签名ing h应用ens in the muhaven-broker daemon (≤$200 inline callback) or in your 仪表盘 / Mini 应用 (>$200 tiers). Speak to anything outside the egress allow列出. manifest.json's network.deny_default: true means a tampered binary cannot exfiltrate to a third party. Read or write your file系统. 权限s.file系统.{read,write}: []. Spawn child processes. 权限s.process.spawn: []. Store any secret. JWT lives in muhaven-broker's OS-keychAIn entry; the 技能 calls the broker over Unix-socket / named-pipe IPC. How to 安装 安装 plAIn OpenClaw + ClawHub 命令行工具 globally: npm 安装 -g OpenClaw@latest ClawHub OpenClaw --version # confirm 安装 ClawHub --version
(运行time decision 2026-05-11: plAIn OpenClaw under sandbox.fallback: host_native. NemoClaw remAIns the preferred 运行time clAIm in manifest.json for forward-compat; today's 部署 tar获取s plAIn OpenClaw.) 安装 the broker daemon separately as a global so its bin lands on $PATH regardless of ClawHub's bin-handling: npm 安装 -g @muhaven/mcp@0.1.3 muhaven-broker --version # sanity 检查
(The 技能 itself bundles @muhaven/mcp inline since 0.1.1 via tsup noExternal, so no separate npm 安装 --omit=dev is needed after ClawHub 安装. The global 安装 of @muhaven/mcp is still useful because it puts the muhaven-broker daemon bin on $PATH — the 技能's bundled copy of @muhaven/mcp only exposes the MCP server, not the daemon 命令行工具.) 安装 the 技能: ClawHub 安装 muhaven-rwa-技能@0.1.1
启动 the broker daemon: muhaven-broker (see @muhaven/mcp README). 认证: muhaven-broker 记录in — opens browser to https://muhaven.应用/link?code=XXXX-XXXX, complete passkey. Optional: link your Telegram account for the /代理/OpenClaw/* confirmation surface. From the 仪表盘 /代理 page → Telegram tab → "Link Telegram" → message the 机器人 at @muhaven_机器人 with the one-time link code. Confirmation tiers
The 技能 never 执行s a 状态-mutating action without a confirmation. Three tiers based on intent notional (USDC):
Range Surface Why ≤ $200 Telegram inline keyboard "Confirm" button Low blast radius. Same trust 模型 as a $200 移动 wallet payment — single-tap inline. $200 – $5,000 Mini 应用 with 6-digit OTP sent via separate Telegram message Defends agAInst a chat-stuffing attack where the LLM emits a Confirm button users tap on autopilot. OTP is out-of-band.
$5,000 Deep-link to 仪表盘 https://muhaven.应用/代理/confirm?intent=… for passkey 签名ature Phishing-resistant by construction — 网页Authn RP-ID is bound to the 仪表盘 origin; a Telegram-based MITM cannot complete passkey.
Tier boundaries are 审计-记录ged in 代理_审计_事件 with the amount-bucket the intent fell into. Investors can lower the boundaries in the 仪表盘 /代理 policy tab; they cannot rAIse them above the hardcoded ceilings (regulatory + Reg BI Care Obligation).
Hardening invariants (do NOT relax without 审计) 权限s.network.deny_default: true — every new 端点 requires a manifest 更新 + 签名ed re-publish. 权限s.secrets.storage: os_keychAIn — paste-令牌 UX is forbidden. 运行time.type: node — no shell, no Python, no JIT-compiled blob. mcp.工具设置_sub设置 is the only 设置 of 工具s the 技能 will dis补丁 to — 添加itions require an ADR + 签名ed re-publish. Sigstore 签名ing + GitHub OIDC trusted publishing — long-lived ClawHub 令牌s are not used. ClawHavoc (Feb 2026) precedent. required_reviewers: 2 — single-mAIntAIner publish is rejected at the policy gate. Two-mAIntAIner release is the lesson from the Anthropic MCP SDK STDIO arbitrary-command CVEs (Apr 2026). 工具 inventory (sub设置 of @muhaven/mcp)
See manifest.json and the up流 descriptors in @muhaven/mcp/src/工具s/descriptions.ts. The 技能 only re-advertises the mcp.工具设置_sub设置 列出ed in this frontmatter; descriptor SHA-256 哈希es are pinned in 工具-哈希es.json and verified on every 技能 load (mcp-上下文-保护or pattern, post-MCPoison).
Reference docs ADR-C in development/re搜索-docs/WAVE_4_代理IC_RE搜索_结果.md development/DEV_WAVE_4/工具_NAMESPACE.md for the full naming surface development/DEV_WAVE_4/THREAT_模型_P0.md for OWASP LLM