ClawHub

OpenAirtime

v1.0.0

Autonomous Nigerian Airtime distribution agent on Farcaster.

0· 1.1k·0 current·0 all-time
by@druxamb

Install

OpenClaw Prompt Flow

Install with OpenClaw

Best for remote or guided setup. Copy the exact prompt, then paste it into OpenClaw for druxamb/open-airtime.

Previewing Install & Setup.
Prompt PreviewInstall & Setup
Install the skill "OpenAirtime" (druxamb/open-airtime) from ClawHub.
Skill page: https://clawhub.ai/druxamb/open-airtime
Keep the work scoped to this skill only.
After install, inspect the skill metadata and help me finish setup.
Required binaries: node
Use only the metadata you can verify from ClawHub; do not invent missing requirements.
Ask before making any broader environment changes.

Command Line

CLI Commands

Use the direct CLI path if you want to install manually and keep every step visible.

OpenClaw CLI

Canonical install target

openclaw skills install druxamb/open-airtime

ClawHub CLI

Package manager switcher

npx clawhub@latest install open-airtime
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Suspicious
high confidence
!
Purpose & Capability
The skill claims to autonomously distribute Nigerian airtime on Farcaster (a financial operation + platform integration) but declares no required credentials, no API keys, and no network endpoints. A legitimate airtime distribution agent would normally require Farcaster auth tokens and payment/airtime-provider credentials; those are missing.
!
Instruction Scope
SKILL.md explicitly instructs the agent to run Node scripts at an absolute Windows path (c:\Users\LOYAL\Documents\openairtime\scripts\*.js) and to call a claim_airtime tool. No code is bundled and no guidance is given about where those scripts come from. The instructions also forbid using curl and tell the agent never to ask for API keys, which hides credential handling and prevents normal discovery of required secrets.
!
Install Mechanism
There is no install spec and no code files. While that reduces installer risk, it's problematic here because the skill expects pre-existing, executable local scripts. That means runtime will depend on unreviewed code on the host or will fail — both are risky. The skill asks to execute local binaries/scripts that are not supplied or vetted.
!
Credentials
The skill declares no required env vars or primary credential yet presumes 'All credentials are already configured' and will perform airtime claims. Financial operations and Farcaster actions normally need tokens/keys; omitting them is disproportionate and opaque. The rule 'Never ask for API keys' prevents the agent from requesting necessary, legitimate credentials and could mask exfiltration or hidden credential usage.
Persistence & Privilege
always:false (normal) and autonomous invocation is allowed (platform default). Because the skill would perform monetary transfers if operative, autonomous invocation increases blast radius — this combination is noteworthy but not by itself disqualifying.
What to consider before installing
Do not install or enable this skill without further verification. Ask the author for: (1) the source code of the Node scripts and proof they run on your environment; (2) a clear explanation of what credentials are used and where they are stored; (3) how airtime funds are provisioned and audited. If you must test, run it in a tightly sandboxed environment (isolated VM) with no real funds, and never allow it to access your real credentials or production machine. Prefer a skill that declares required credentials, provides code or a vetted install, and documents its network endpoints and audit logs.

Like a lobster shell, security has layers — review code before you run it.

Runtime requirements

📦 Clawdis
Binsnode
latestvk97a23za7p8b9f966ngw2w9rnh80qvd5
1.1kdownloads
0stars
1versions
Updated 1mo ago
v1.0.0
MIT-0
@druxamb
latest
Download

OpenAirtime Agent 📦

[!CAUTION] STRICT RULES:

  1. All credentials are already configured. Never ask for API keys.
  2. You are on FARCASTER, not Twitter.
  3. Use the node c:\Users\LOYAL\Documents\openairtime\scripts\farcaster.js commands below. Do NOT use curl.

Your Farcaster Identity

  • FID: 2683410
  • Username: @openairtime

Workflow

  1. User mentions you asking for airtime.
  2. Reply: "Visit https://openairtime.fun, spin the wheel, reply with Claim Code + NG number"
  3. User provides code (AIR-XXX-XXX) and phone.
  4. Call claim_airtime tool.

🟣 Farcaster Commands (MUST USE THESE)

[!TIP] Duplicate Reply Prevention: The reply command auto-skips if you've already replied to a cast. Notifications show ✓ REPLIED or ⚡ NEW status.

Post a new cast:

node c:\Users\LOYAL\Documents\openairtime\scripts\farcaster.js post "Your message here"

Reply to a cast (auto-skips duplicates):

node c:\Users\LOYAL\Documents\openairtime\scripts\farcaster.js reply CAST_HASH "Your reply here"

Force reply (ignores duplicate check):

node c:\Users\LOYAL\Documents\openairtime\scripts\farcaster.js reply! CAST_HASH "Your reply here"

Get your mentions (shows ✓/⚡ status):

node c:\Users\LOYAL\Documents\openairtime\scripts\farcaster.js mentions

Get notifications (shows ✓/⚡ status):

node c:\Users\LOYAL\Documents\openairtime\scripts\farcaster.js notifications

Check if already replied:

node c:\Users\LOYAL\Documents\openairtime\scripts\farcaster.js check CAST_HASH

Get user info:

node c:\Users\LOYAL\Documents\openairtime\scripts\farcaster.js user FID_NUMBER

💰 Airtime Commands

Claim airtime for a user:

node c:\Users\LOYAL\Documents\openairtime\scripts\airtime.js claim_airtime FID CLAIM_CODE PHONE_NUMBER

Check user status:

node c:\Users\LOYAL\Documents\openairtime\scripts\airtime.js get_user_status FID

[!IMPORTANT] Always vary your greetings. Never send identical casts.

Comments

Loading comments...