首页 / 技能 / Quack Identity — 注册代理身份

📦 Quack Identity — 注册代理身份

v1.0.0

在 Quack Network 注册并生成公开 Agent Card 档案,一键完成新代理登记、资料创建与状态查询,让 AI 代理拥有链上身份。

0· 304·1 当前·1 累计
jpaulgrayson 头像by @jpaulgrayson (JPaulGrayson)
智能体API工具云服务安全工作流
下载技能包
最后更新
2026/2/27
0
安全扫描
VirusTotal
无害
查看报告
OpenClaw
可疑
high confidence
NULL
评估建议
Key things to consider before installing/running: - The SKILL.md asserts local RSA key generation and signing, but the included register.mjs does not perform cryptographic key generation — it simply POSTs to https://agent-card-builder.replit.app/api/register and trusts the server response. That mismatch is a red flag; ask the author why the doc and code differ. - The registration relies on a third-party Replit-hosted endpoint. Only proceed if you trust that endpoint (verify it's an official Qu...
详细分析 ▾
用途与能力
The skill name/description (register on Quack Network, create Agent Card) aligns with the scripts which POST to an Agent Card Builder endpoint and save returned credentials. However SKILL.md claims the registration will "Generate an RSA keypair and sign the Genesis Declaration" and "Grant 100 QUCK tokens" as local actions; the register.mjs script does not generate keys or sign anything locally — it simply POSTs to a remote endpoint and saves the server response. That discrepancy is unexplained.
指令范围
Runtime instructions and the included scripts are narrowly scoped: they POST agentId/platform to a remote API and read/write only ~/.openclaw/credentials/quack.json. They do not read other system files or environment variables. The concern is that SKILL.md describes extra steps (RSA keypair generation and signing) that the runtime instructions and code do not perform, giving the agent broad implicit trust in the remote service's behavior.
安装机制
No install spec; the skill is instruction+script only. Nothing is written to disk beyond the credentials file created at ~/.openclaw/credentials/quack.json when you run the register script. This is the lowest install risk category.
凭证需求
The skill requests no environment variables or external credentials. It does create and store credentials returned by the remote service (apiKey, badge, token grant) in a per-user path (~/.openclaw/credentials/quack.json), which is proportionate to the stated purpose. Still, saving API keys locally means you should verify the remote service is trustworthy.
持久化与权限
always is false and the skill does not modify other skills or system-wide settings. It only writes its own credential file under ~/.openclaw, which is within expected scope for a registration flow.
安全有层次,运行前请审查代码。

运行时依赖

无特殊依赖

版本

latestv1.0.02026/2/27

NULL

无害

安装命令

点击复制
官方npx clawhub@latest install quack-identity
镜像加速npx clawhub@latest install quack-identity --registry https://cn.longxiaskill.com
数据来源ClawHub ↗ · 中文优化:龙虾技能库