ClawHub

ERCData

Store, verify, and manage AI data on the Ethereum blockchain (Base network) using the ERCData standard. Use when an agent needs to store data fingerprints on-chain, verify data integrity, create audit trails, manage access control for private data, or interact with the ERCData smart contract. Supports public and private storage, EIP-712 verification, snapshots, and batch operations.

MIT-0 · Free to use, modify, and redistribute. No attribution required.
1 · 1.4k · 3 current installs · 3 all-time installs
by@0xReisearch
MIT-0
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Suspicious
medium confidence
Purpose & Capability
The skill's name, description, SKILL.md, and the included CLI script consistently implement on-chain ERCData operations on Base (store/read/verify/grant/revoke/register/snapshot). Requiring an ERCDATA_KEY (private key) and ERCDATA_CONTRACT is coherent with the stated purpose. However, the registry metadata claims no required env vars or primary credential while the runtime instructions and code require ERCDATA_KEY and ERCDATA_CONTRACT — a packaging/metadata inconsistency.
Instruction Scope
SKILL.md and the script instruct only on interacting with the specified smart contract and Base RPC. Commands and flags are limited to transaction signing, reading contract state, and access control; there are no instructions to read unrelated host files, contact unexpected endpoints, or exfiltrate arbitrary data. The default RPC is https://mainnet.base.org (expected for Base).
Install Mechanism
No install spec is provided (instruction-only in registry), yet the SKILL.md and script require Python (3.10+) and third-party packages (web3, eth-account). The script prints a pip install hint and will fail if dependencies are missing; packaging should declare dependencies or provide an install procedure. No remote downloads or suspicious URLs are used, but the lack of a declared install mechanism is a packaging omission to be aware of.
!
Credentials
The runtime requires a sensitive credential (ERCDATA_KEY — an Ethereum private key) and ERCDATA_CONTRACT/RPC; these are proportionate to signing and submitting transactions. The problem is that the skill registry metadata does not declare these required env vars or a primary credential. Failing to declare a required private key is a material omission because supplying that key grants the skill power to sign on-chain transactions (and potentially spend funds).
Persistence & Privilege
The skill does not request always: true and is user-invocable with normal autonomous invocation allowed. It does not attempt to modify other skills or system-wide settings. There is no evidence it persists credentials or alters agent config beyond using the provided key at runtime (which is expected for blockchain transaction signing).
What to consider before installing
This skill appears to implement ERCData interactions correctly, but exercise caution because the package metadata omits required dependencies and the private-key environment variable. Before installing or running: - Do not place a funded private key (ERCDATA_KEY) in shared or persistent environment variables unless you fully trust the code and owner. Prefer passing a transient key via flag or using a dedicated ephemeral account with minimal funds and no other privileges. - Verify the ERCDATA_CONTRACT address (default is included in files) against an authoritative source; test on a non-mainnet environment first. - Review the bundled script (scripts/ercdata-cli.py) yourself or run it in an isolated environment. The script will sign and broadcast transactions using the provided key — a compromised key could be used to spend funds or perform on-chain actions. - Ensure Python dependencies (web3, eth-account) are installed in an isolated venv; the package lacks an install spec. - Confirm you have the appropriate roles (PROVIDER_ROLE/VERIFIER_ROLE) on the contract before attempting writes. If you cannot verify the contract address and code provenance, treat this packaging mismatch as a red flag and do not supply any valuable private keys.

Like a lobster shell, security has layers — review code before you run it.

Current versionv1.0.0
Download zip
latestvk97b7nfmznxp2ycv3vqptcmczd809p60

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

SKILL.md

ERCData

Store and verify AI-related data on Base mainnet. Public or private, with cryptographic integrity proofs.

Quick Start

# Store public data
uv run {baseDir}/scripts/ercdata-cli.py store \
  --type AI_AGENT_MEMORY \
  --data "memory hash: abc123" \
  --metadata '{"agent":"MyBot","ts":"2026-01-31"}' \
  --key $ERCDATA_KEY --contract $ERCDATA_CONTRACT

# Store private data (only you + granted addresses can read)
uv run {baseDir}/scripts/ercdata-cli.py store \
  --type AI_AGENT_MEMORY \
  --data "secret memory data" \
  --private \
  --key $ERCDATA_KEY --contract $ERCDATA_CONTRACT

# Read entry
uv run {baseDir}/scripts/ercdata-cli.py read --id 1 --key $ERCDATA_KEY --contract $ERCDATA_CONTRACT

# Verify entry (EIP-712 signature check)
uv run {baseDir}/scripts/ercdata-cli.py verify --id 1 --method eip712 --key $ERCDATA_KEY --contract $ERCDATA_CONTRACT

# Grant access to private entry
uv run {baseDir}/scripts/ercdata-cli.py grant-access --id 2 --to 0xSomeAddress --key $ERCDATA_KEY --contract $ERCDATA_CONTRACT

Configuration

Set via environment or skill config:

  • ERCDATA_KEY — Private key for signing transactions (required for writes)
  • ERCDATA_CONTRACT — Contract address on Base mainnet
  • ERCDATA_RPC — RPC URL (default: https://mainnet.base.org)

Or pass via --key, --contract, --rpc flags.

Commands

CommandWhat it does
storeStore data on-chain (add --private for access control)
readRead a data entry by ID
verifyVerify data integrity (eip712 or hash method)
grant-accessGrant read access to an address (private entries)
revoke-accessRevoke read access
register-typeRegister a new data type (admin only)
snapshotCreate a point-in-time snapshot
infoGet entry info without full data

Privacy Model

  • Public (default): Anyone can read via getData(). Use for transparency, audit trails.
  • Private (--private): Only the provider, granted addresses, and admin can read. Use for sensitive agent data.

Private entries store the same data on-chain but gate getData() access. Note: raw transaction calldata is still visible on-chain explorers. For maximum privacy, encrypt data before storing.

Use Cases for AI Agents

  1. Memory attestation — Hash your MEMORY.md and store it periodically for tamper-proof audit trail
  2. Agent identity — Store model fingerprint, system prompt hash, config on-chain
  3. Verifiable outputs — Hash agent outputs and store for later verification
  4. Agent-to-agent trust — Check another agent's ERCData entries before trusting its data
  5. Model provenance — Store model hashes, benchmark scores, architecture metadata

API Reference

See references/api.md for full contract API, roles, events, and limits.

Requirements

  • Python 3.10+ with web3 and eth-account packages (auto-installed by uv)
  • A funded wallet on Base mainnet (ETH for gas)
  • PROVIDER_ROLE granted by contract admin for storing data
  • VERIFIER_ROLE granted for verification operations

Files

3 total
Select a file
Select a file to preview.

Comments

Loading comments…