ClawHub

Build an Agent with Warden

v1.0.0

Build original LangGraph agents for Warden Protocol and prepare them for publishing in Warden Studio. Use this skill when users want to: (1) Create new Warden agents (not community examples), (2) Build LangGraph-based crypto/Web3 agents, (3) Deploy agents via LangSmith Deployments or custom infra, (4) Participate in the Warden Agent Builder Incentive Programme (open to OpenClaw agents), or (5) Integrate with Warden Studio for Agent Hub publishing.

1· 1.6k·0 current·0 all-time
by@kryptopaid
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Suspicious
medium confidence
!
Purpose & Capability
The skill's stated purpose (build LangGraph agents for Warden) matches the included code, templates, and deployment guidance. However, the registry metadata declares no required environment variables or primary credential, while the SKILL.md and included reference files/scripts clearly expect secrets such as OPENAI_API_KEY and LANGSMITH_API_KEY (and optionally other API keys). That mismatch between declared requirements and the actual runtime expectations is an incoherence that should be resolved before trusting the skill.
Instruction Scope
SKILL.md and reference files are instructional and confined to agent-building, scaffolding, testing, and deployment tasks. The instructions tell the agent to create projects, write config files (.env, package files), and run helper scripts (init-agent.py, test-agent.py). These actions are expected for a scaffolding skill, but they include guidance to populate .env with API keys and to deploy to third-party services. The instructions do not attempt to read unrelated system files or hidden credentials, but they do rely on the presence of secrets and may direct the user to expose keys during deployment.
Install Mechanism
There is no install spec — the skill is instruction-and-script-only. That is lower risk: nothing is automatically downloaded or executed by an install procedure. The included scripts are local scaffolding tools that write files under the user's chosen output directory.
!
Credentials
Although registry metadata lists no required env vars or primary credential, the skill and included templates explicitly require and reference multiple sensitive environment variables (OPENAI_API_KEY, LANGSMITH_API_KEY, COINGECKO_API_KEY, ALCHEMY_API_KEY, WEATHER_API_KEY, etc.). Requesting OpenAI and LangSmith keys is coherent with the described purpose, but the fact these are not declared in the skill metadata is a proportionality/information mismatch — users and the platform should be informed up front which secrets the skill will use. The skill also generates .env.example files and instructs users to copy them into .env, which can lead to accidental secret leakage if users commit .env to VCS.
Persistence & Privilege
The skill does not request permanent presence (always: false) and does not modify other skills or system-wide agent configuration. It scaffolds projects in the user's chosen output directory but does not assert elevated privileges or persistent access to the host environment.
What to consider before installing
What to check before installing/using this skill: - Metadata mismatch: The skill metadata declares no required env vars, but SKILL.md and included templates/scripts expect sensitive keys (OPENAI_API_KEY, LANGSMITH_API_KEY, and optional API keys). Assume the skill will ask you to supply those keys when scaffolding or deploying — confirm this explicitly. - Secrets handling: The scaffolder creates .env.example and instructs copying to .env. Never commit .env to version control. Use secret stores (LangSmith secrets, cloud secrets, or Kubernetes Secrets) when deploying, and rotate keys if they are exposed. - Source trust: The skill's source/homepage is unknown. The code and docs look coherent with the stated purpose, but you should review the included scripts (init-agent.py, test-agent.py) and templates yourself before running them. They write files to disk; inspect generated files for any unwanted commands or remote callbacks. - Deployment consequences: Deploying an agent will require registering keys on third-party services (OpenAI, LangSmith). Review those services' access scopes and billing implications. The skill and Warden docs impose phase-1 restrictions (no wallet access, no storage on Warden) — ensure your agent design respects those. - Recommended actions: (1) Manually inspect the SKILL.md, scripts, and reference files in a safe environment before use. (2) Confirm which environment variables you must provide and where they will be used. (3) Use least-privilege API keys and secret managers for deployment. (4) If you plan to let OpenClaw invoke scripts automatically, restrict that behavior until you verify the scripts' safety. If you want, I can: (a) list every environment variable used across the skill and where it's referenced, or (b) produce a short checklist of commands to safely run the scaffolding in an isolated/test directory.

Like a lobster shell, security has layers — review code before you run it.

LangChainvk97ftb3sjmdgqyq475zemzjjk980f183LangGraphvk97ftb3sjmdgqyq475zemzjjk980f183LangSmithvk97ftb3sjmdgqyq475zemzjjk980f183Wardenvk97ftb3sjmdgqyq475zemzjjk980f183blockchainvk97ftb3sjmdgqyq475zemzjjk980f183latestvk97ftb3sjmdgqyq475zemzjjk980f183onchain agentsvk97ftb3sjmdgqyq475zemzjjk980f183

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments