by 安全扫描
OpenClaw
可疑
medium confidenceNULL
评估建议
This package is functionally consistent with an on‑chain NFA agent, but review these points before installing:
- Secret handling: The agent needs the Agent private key (AGENT_PRIVATE_KEY or --key). Treat this as highly sensitive; prefer environment variable usage (AGENT_PRIVATE_KEY) over command‑line flags, and never use your main owner wallet private key. The skill metadata incorrectly lists no required env vars — assume the private key is required.
- External backend: By default the agent au...详细分析 ▾
ℹ 用途与能力
The code and docs implement an NFA Agent SDK (on‑chain reads/writes, levelUp, distributeSP, PK, merkle roots), which is consistent with the stated purpose. However the metadata claims no required env vars/credentials while the CLI and code clearly expect an agent private key (AGENT_PRIVATE_KEY or --key) and allow overriding contract addresses via environment variables — that mismatch should have been declared.
⚠ 指令范围
Runtime instructions and the packaged code require the agent private key to sign transactions and perform writeContract calls (levelUp, distributeSP, depositPK, updateLearningTree). The agent also authenticates with a backend (default https://wendaobsc.xyz) by signing and POSTing an auth message to obtain a JWT; PK matching and recovery interact with that backend. The agent persists a local file (.wendao-tree-<tokenId>.json) containing merkle leaves. These actions (network calls to a third party, signing, disk writes) are within the claimed feature set but expand trust to an external API and create local persistent state — both deserve explicit disclosure.
✓ 安装机制
There is no install spec in the skill metadata (instruction-only), but the package contains full JS/TS source and a package.json with dependencies (viem, commander, etc.). Dependencies are appropriate for a blockchain SDK. No remote download URLs or extract steps are present in the metadata that would increase install risk.
⚠ 凭证需求
The agent requires a private key (sensitive credential) at runtime but the skill metadata declares no required env vars or primary credential. The CLI encourages using AGENT_PRIVATE_KEY (preferred) but also supports passing --key (which leaks to shell history). The default API (https://wendaobsc.xyz) will receive signed messages and return JWTs; while the private key is never sent, the server sees signatures and agent addresses. The README/SKILL.md contains inconsistent statements about token custody (at points claiming the agent wallet has no $JW, elsewhere indicating PK consumes $JW from the agent wallet) — that inconsistency could lead users to fund the agent unexpectedly and risk token loss.
ℹ 持久化与权限
The skill does not request elevated system privileges and 'always' is false. It persists agent action leaves to disk (.wendao-tree-<tokenId>.json) and uses in‑process state (JWT stored on the instance). This per‑agent persistence is reasonable for the feature (Merkle learning tree) but is a durable local artifact that may include timestamps, actions, and tx hashes — users should know where these files are written and with what permissions.
安全有层次,运行前请审查代码。
运行时依赖
无特殊依赖
版本
latestv1.1.02026/4/13
NULL
● 无害
安装命令
点击复制官方npx clawhub@latest install wendao-agent
镜像加速npx clawhub@latest install wendao-agent --registry https://cn.longxiaskill.com