ClawHub

Zeko

v0.0.1-main.4.1

Use when a user needs to actually use or build on Zeko: bridge with Bridge CLI or Bridge SDK, get testnet funds, find the right Zeko and Mina endpoints, run...

0· 126·0 current·0 all-time
by@hebilicious
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
Name/description (bridge, faucet, endpoints, o1js) align with required binaries (curl, node, npx), required env vars (WALLET_PRIVATE_KEY, MINA_PRIVATE_KEY, GITHUB_TOKEN, PUBLIC_KEY, ADDRESS), and the npm packages the skill installs (@zeko-labs/bridge-cli, @zeko-labs/faucet-cli, o1js). Each required credential is referenced in the docs and examples.
Instruction Scope
SKILL.md instructs the agent to run CLI and node scripts, use env vars for signing/auth, and run curl against public Zeko/Mina endpoints. It does not instruct reading unrelated system files, secrets outside the declared env vars, or exfiltrating data to unexpected endpoints.
Install Mechanism
Install spec uses known Node packages (scoped @zeko-labs packages and o1js) — a standard npm install path. No arbitrary downloads, extract-from-URL steps, or personal server URLs are present.
Credentials
The five required env vars are justified by the examples: WALLET_PRIVATE_KEY for bridge CLI signing, MINA_PRIVATE_KEY for SDK/o1js signing, GITHUB_TOKEN for faucet CLI, and PUBLIC_KEY/ADDRESS for account inspection. PrimaryEnv set to WALLET_PRIVATE_KEY is reasonable for bridge-focused workflows.
Persistence & Privilege
The skill is not always-enabled and uses normal autonomous invocation settings. It does not request system-wide config modifications or access to other skills' credentials.
Assessment
This skill appears internally consistent, but it will handle sensitive signing keys and a GitHub token. Only install if you trust the npm packages (@zeko-labs/* and o1js) and the skill publisher. Recommendations before installing: (1) use testnet or ephemeral keys, not your mainnet/private production keys; (2) limit GITHUB_TOKEN scopes to the minimum required for the faucet flow; (3) verify the npm packages' publisher and versions via the registry (and consider checksum/signature verification if available); (4) run the CLI commands in a controlled environment and review any local logs the CLI writes; (5) if you want additional assurance, inspect the installed package source code before providing real secrets.

Like a lobster shell, security has layers — review code before you run it.

latestvk9753zcdst8qq2yya82ha0ygjx83jsc0

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Runtime requirements

Binscurl, node, npx
EnvWALLET_PRIVATE_KEY, MINA_PRIVATE_KEY, GITHUB_TOKEN, PUBLIC_KEY, ADDRESS
Primary envWALLET_PRIVATE_KEY

Install

Node
Bins: zeko-bridge
npm i -g @zeko-labs/bridge-cli
Node
Bins: zeko-faucet
npm i -g @zeko-labs/faucet-cli
Nodenpm i -g o1js

Comments