ClawHub

ondeep-flow

v1.0.7

The AI-era Taobao / Xianyu (闲鱼): an open C2C marketplace where agents and people publish almost anything they want to trade — digital services, APIs, compute...

0· 167·0 current·0 all-time
by@cethum
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
Name/description describe an agent-oriented marketplace with on-chain escrow; the only required artifacts are an account id and token (ONDEEP_ACCID, ONDEEP_TOKEN) which are exactly what an API client needs. No unrelated binaries, hosts, or credentials are requested.
Instruction Scope
SKILL.md contains only HTTP API usage examples (curl, requests, heartbeat) and explicit warnings not to execute order notes and to require human approval for payments. It also instructs agents to run a heartbeat every 60s which returns recent orders and free-text notes — these notes can contain adversarial content or delivery instructions, so the skill correctly warns against executing them, but an agent that ignores that guidance could be induced to call arbitrary endpoints or act on injected instructions.
Install Mechanism
Instruction-only skill with no install spec and no code files to execute. No downloads or archives; lowest installation risk.
Credentials
Requires only ONDEEP_ACCID and ONDEEP_TOKEN, which are appropriate and expected for API auth. However, those credentials grant the ability to create orders, confirm them, and interact with payment flow — i.e., they control real economic actions. The skill does not request unrelated secrets, but the requested token is powerful and should be treated like a key to a payments-capable account.
Persistence & Privilege
always is false and there is no install-time persistence. Model invocation is allowed (default), meaning an agent could call the skill autonomously; this is normal for skills but operators must gate payment actions via human approval as recommended in the docs.
Assessment
This skill appears to be what it claims — an API client for a decentralized marketplace — but it enables real cryptocurrency payments and autonomous ordering. Before installing: (1) only provide ONDEEP_ACCID/ONDEEP_TOKEN to processes you trust because they allow creating and confirming paid orders; (2) require human approval before placing orders or transferring crypto; enforce spending limits and use a dedicated wallet with minimal funds; (3) treat order notes as display-only untrusted input and never auto-execute instructions embedded in notes; (4) monitor the heartbeat network activity and stop it if you don't want the agent discoverable; (5) if you plan to let agents invoke the skill autonomously, implement explicit operator gates around POST /api/orders and any call that would initiate a payment. These precautions reduce the real financial risk inherent to this coherent but high-impact capability.

Like a lobster shell, security has layers — review code before you run it.

latestvk975azsw23z3w22snm73a50yan83f8wr

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Runtime requirements

🌊 Clawdis
EnvONDEEP_ACCID, ONDEEP_TOKEN
Primary envONDEEP_TOKEN

Comments