Clawphunks

v1.0.0

Mint and trade ClawPhunks NFTs. The first collection designed for AI agents.

⭐ 0· 306·0 current·0 all-time

byjef diesel@jefdiesel

Security Scan

VirusTotal

Suspicious

View report →

OpenClaw

Suspicious

medium confidence

ℹ

Purpose & Capability

The name/description (mint & trade ClawPhunks) align with the included server, MCP, LangChain and AgentKit integrations and the package.json dependencies. However the metadata declares only WALLET_PRIVATE_KEY as a required env var while the code/docs reference many other secrets (SIGNER_PRIVATE_KEY, AGENT_PRIVATE_KEY, SUPABASE_SERVICE_KEY, FACILITATOR_URL, etc.), which is an inconsistency — either the metadata is incomplete or the skill expects more credentials than declared.

Instruction Scope

Runtime instructions and included files instruct agents/users to POST to external endpoints, fetch executable scripts from another domain (chainhost.online /clawphunks/skills), generate and persist private keys to .env, and sign payment authorizations. The SKILL.md plus mcp get_mint_code explicitly guides saving private keys to disk and producing signed payment payloads — actions that go beyond simple read-only queries and expand scope to secret handling and remote code retrieval.

ℹ

Install Mechanism

There is no install spec in the skill bundle (instruction-only at registry level), which lowers immediate installation risk, but the package includes full source and a package.json with many runtime dependencies (coinbase SDK, supabase, viem, aws sdk, x402-express, etc.). If you or an agent run/install this project, it will pull many third-party packages — review them and prefer executing in an isolated environment.

Credentials

The declared required env var is a single WALLET_PRIVATE_KEY (primary credential). The code and docs, however, reference multiple sensitive env vars (SIGNER_PRIVATE_KEY, AGENT_PRIVATE_KEY, SUPABASE_SERVICE_KEY, PAYMENT_RECIPIENT, FACILITATOR_URL, GAS_STIPEND_WEI) that are not listed in the metadata. Requiring a wallet private key is plausible for an agent that must sign transactions, but giving a private key to a skill that will fetch and potentially return executable scripts increases attack surface; the env requirements are under-declared and therefore disproportionate without additional justification.

ℹ

Persistence & Privilege

The skill does not request always:true and does not appear to modify other skills or global agent configs. Autonomous invocation is allowed (default). That is expected for an agent-facing NFT tool, but combined with the skill's request for a private key and ability to fetch scripts from external domains, autonomous invocation raises additional risk — ensure the agent's wallet policies and invocation safeguards are appropriate.

What to consider before installing

This skill is about minting/trading NFTs and contains full server and client code, but it asks for sensitive wallet keys and provides instructions that write keys to disk and fetch executable scripts from external domains. Before installing or providing any private key: (1) review every source file yourself (or have a trusted auditor) to confirm what env vars are actually read and what remote hosts are contacted; (2) do not reuse an existing high-value wallet — create a new wallet funded with minimal funds for testing; (3) avoid pasting long-term private keys into agent-level env variables unless you fully trust the code and host; (4) verify the smart-contract addresses and on-chain contracts independently (Etherscan/chain explorers) before sending value; (5) if you plan to let an autonomous agent invoke this skill with a private key, add strict policy controls (spending limits, require human approval) or avoid providing the private key at all and use an external signing service/wallet that enforces approvals.

Like a lobster shell, security has layers — review code before you run it.

Runtime requirements

👾 Clawdis

EnvWALLET_PRIVATE_KEY

Primary envWALLET_PRIVATE_KEY

latestvk97fy4hgv4y7p0vw3wfkretn1x82bhpy

306downloads

0stars

1versions

Updated 16h ago

v1.0.0

MIT-0

ClawPhunks

10,000 unique left-facing pixel punks with OpenClaw red (#C83232) backgrounds. The first NFT collection designed for AI agents.

Rarity & Value

ClawPhunks mirror the original CryptoPunks rarity. Rare types command significant premiums.

Types (5)

Type	Count	%	Rarity Rank
Alien	9	0.09%	★★★★★
Ape	24	0.24%	★★★★☆
Zombie	88	0.88%	★★★☆☆
Female	3,840	38.4%	★★☆☆☆
Male	6,039	60.39%	★☆☆☆☆

Legendary Aliens (9 total - 0.09%)

The rarest type. Only 9 exist:

Token ID	Accessories
#0635	Bandana, Regular Shades
#2890	Cap
#3100	Headband
#3443	Earring, Cowboy Hat
#5822	Bandana
#5905	Do-rag, Small Shades
#6089	Earring, Knitted Cap
#7523	Earring, Knitted Cap, Medical Mask
#7804	Cap Forward, Pipe, Small Shades

Rare Apes (24 total - 0.24%)

Token ID	Accessories
#0372	Cap Forward
#1021	Cap, Eye Patch
#2140	Knitted Cap, Small Shades
#2243	Bandana, Nerd Glasses
#2386	Headband, Small Shades
#2460	Bandana, VR
#2491	Cap
#2711	Cap Forward, Earring
#2924	Hoodie
#4156	Bandana
#4178	Do-rag
#4464	Eye Mask, Vape, Do-rag
#5217	Gold Chain, Knitted Cap
#5314	Horned Rim Glasses, Do-rag
#5577	Cowboy Hat
#5795	Police Cap
#6145	Cigarette, Cap, Earring
#6915	Cap, Earring, Eye Patch
#6965	Fedora
#7191	Nerd Glasses, Knitted Cap
#8219	Knitted Cap
#8498	Top Hat, Regular Shades
#9265	Bandana, Big Shades
#9280	3D Glasses, Cowboy Hat

Zombies (88 total - 0.88%)

All 88 Zombie token IDs:

Token ID	Accessories
#0117	Messy Hair, Front Beard Dark
#0987	Wild Hair, Horned Rim Glasses
#1119	Shadow Beard, Do-rag, Eye Patch
#1190	Cigarette, Bandana, Handlebars, Earring
#1374	Big Shades, Earring, Mohawk Dark
#1478	Shadow Beard, Wild Hair
#1526	Cap, Gold Chain, Eye Patch
#1658	Stringy Hair
#1748	Front Beard, Frown, Knitted Cap
#1886	Messy Hair, Shadow Beard
#1935	Earring, Shaved Head
#2066	Knitted Cap
#2132	Normal Beard Black, Hoodie, Nerd Glasses
#2249	Bandana, Eye Patch
#2306	Cigarette, Mohawk Thin, Earring
#2329	Peak Spike, Earring
#2338	Mohawk Thin
#2424	Bandana, Frown, Earring
#2484	Wild Hair, Classic Shades
#2560	Front Beard, Earring, Headband, VR
#2566	Messy Hair, Normal Beard
#2681	Clown Eyes Blue, Cap
#2708	Bandana, Earring
#2938	Wild Hair
#2967	Mohawk Thin, Chinstrap
#3211	Goat, Headband
#3328	Cigarette, Messy Hair
#3393	Frown, Crazy Hair
#3489	Stringy Hair, Eye Patch
#3493	Peak Spike, Shadow Beard
#3609	Earring, Do-rag
#3636	Front Beard Dark, Earring, Top Hat
#3831	Vampire Hair, Big Shades, Medical Mask
#4472	Cigarette, Purple Hair
#4513	Beanie, Luxurious Beard, Earring
#4559	Stringy Hair, Earring
#4747	Clown Eyes Blue, Headband
#4830	Wild Hair, Classic Shades, Medical Mask
#4850	Purple Hair
#4874	Cigarette, Messy Hair, Clown Nose, Mustache, Earring (5 acc!)
#5066	Earring, Knitted Cap, Smile
#5234	Big Shades, Earring, Crazy Hair
#5253	Messy Hair, Mole
#5299	Cigarette, Handlebars, Earring, Mohawk Dark
#5312	Luxurious Beard, Knitted Cap
#5336	Police Cap
#5412	Nerd Glasses, Crazy Hair
#5489	Fedora
#5573	Luxurious Beard, Mohawk, 3D Glasses
#5742	Mohawk Dark
#5761	Bandana, Horned Rim Glasses
#5944	Mohawk
#6275	Shadow Beard, Mohawk Dark
#6297	Cigarette, Nerd Glasses, Top Hat
#6304	Crazy Hair, Regular Shades
#6491	Cap Forward, Shadow Beard, Earring
#6515	Cigarette, Wild Hair
#6586	Knitted Cap, Smile
#6649	Front Beard Dark, Crazy Hair
#6704	Cigarette, Earring, Rosy Cheeks
#6784	Cigarette, Bandana, Frown
#7014	Cigarette, Frumpy Hair
#7121	Frumpy Hair, Horned Rim Glasses
#7127	Bandana, Eye Mask, Earring
#7252	Chinstrap, Earring, Crazy Hair
#7337	Normal Beard Black, Peak Spike
#7458	Shadow Beard, Knitted Cap, Regular Shades
#7660	Smile, Do-rag
#7756	Shadow Beard, Horned Rim Glasses, Do-rag
#7914	Normal Beard Black, Knitted Cap
#8127	Headband
#8307	Stringy Hair, Mustache
#8386	Classic Shades, Crazy Hair
#8472	Mohawk Thin, Small Shades
#8531	Stringy Hair, Goat, Regular Shades
#8553	Front Beard Dark
#8780	Frumpy Hair, Shadow Beard
#8857	Wild Hair, 3D Glasses
#8909	Luxurious Beard, Police Cap, Regular Shades
#8957	Frumpy Hair, Luxurious Beard
#9203	Clown Nose, Cap Forward, Goat, Mole
#9368	Hoodie, Earring
#9474	Peak Spike
#9804	Stringy Hair, Shadow Beard, Smile, Small Shades
#9838	Peak Spike, Front Beard Dark, Earring
#9909	Cap
#9955	Shaved Head
#9997	Front Beard, Cap Forward

Rare Accessories (87 unique)

Accessory	Count	Rarity
Beanie	44	★★★★★
Choker	48	★★★★★
Pilot Helmet	54	★★★★★
Tiara	55	★★★★★
Orange Side	68	★★★★☆
Buck Teeth	78	★★★★☆
Welding Goggles	86	★★★★☆
Top Hat	115	★★★☆☆
Cowboy Hat	142	★★★☆☆
Tassle Hat	178	★★★☆☆
Fedora	186	★★★☆☆
Police Cap	203	★★☆☆☆
Clown Nose	212	★★☆☆☆
Hoodie	259	★★☆☆☆
Bandana	481	★☆☆☆☆
Earring	2,459	Common

Accessory Count Rarity

Phunks with more accessories are rarer:

7 accessories: ~1 phunk
6 accessories: ~5 phunks
5 accessories: ~26 phunks
4 accessories: ~227 phunks
3 accessories: ~1,340 phunks
2 accessories: ~3,254 phunks
1 accessory: ~3,046 phunks
0 accessories: ~8 phunks (also rare!)

How It Works

1. Create a Wallet

import { privateKeyToAccount, generatePrivateKey } from 'viem/accounts';
import { createWalletClient, http } from 'viem';
import { mainnet } from 'viem/chains';

const privateKey = generatePrivateKey();
const account = privateKeyToAccount(privateKey);
console.log('Address:', account.address);
// Store privateKey securely!

const walletClient = createWalletClient({
  account,
  chain: mainnet,
  transport: http('https://eth.llamarpc.com'),
});

2. Mint a Phunk

Endpoint: POST https://clawphunks.vercel.app/mint

Payment: $1.99 USDC on Base via x402 protocol

Request:

{
  "recipient": "0xYourWalletAddress"
}

Response:

{
  "success": true,
  "tokenId": 1234,
  "txHash": "0x...",
  "ethscriptionId": "0x...",
  "gasStipendWei": "13333333333333",
  "viewerUrl": "https://ethscriptions.com/ethscriptions/0x...",
  "nextSteps": {
    "trade": "Use escrow contract on L1",
    "list": "depositAndList(ethscriptionId, priceWei)",
    "buy": "buy(ethscriptionId) with msg.value = price"
  }
}

You receive:

A random unminted ClawPhunk as an ethscription on Ethereum L1
~$0.03 ETH gas stipend for trading

3. Trade on L1

Escrow Contract: 0x3e67d49716e50a8b1c71b8dEa0e31755305733fd

The escrow contract handles trustless trading using ESIP-2.

List for Sale

Transfer your ethscription to the escrow contract
Call depositAndList(bytes32 ethscriptionId, uint256 priceWei)

import { encodeFunctionData } from 'viem';

// First, send ethscription to escrow (send tx to contract with ethscription data)
// Then list it:
const data = encodeFunctionData({
  abi: ESCROW_ABI,
  functionName: 'depositAndList',
  args: [ethscriptionId, priceWei],
});

await walletClient.sendTransaction({
  to: '0x3e67d49716e50a8b1c71b8dEa0e31755305733fd',
  data,
});

Buy a Listing

// Check listing
const [active, seller, price] = await publicClient.readContract({
  address: '0x3e67d49716e50a8b1c71b8dEa0e31755305733fd',
  abi: ESCROW_ABI,
  functionName: 'getListing',
  args: [ethscriptionId],
});

// Buy it
await walletClient.writeContract({
  address: '0x3e67d49716e50a8b1c71b8dEa0e31755305733fd',
  abi: ESCROW_ABI,
  functionName: 'buy',
  args: [ethscriptionId],
  value: price,
});

Cancel Listing

await walletClient.writeContract({
  address: '0x3e67d49716e50a8b1c71b8dEa0e31755305733fd',
  abi: ESCROW_ABI,
  functionName: 'cancelAndWithdraw',
  args: [ethscriptionId],
});

API Reference

GET /health

Health check.

GET /collection

Returns collection info, mint stats, and agent instructions.

{
  "name": "ClawPhunks",
  "symbol": "CPHUNK",
  "totalSupply": 10000,
  "minted": 0,
  "available": 10000,
  "mintPrice": "1.99",
  "mintCurrency": "USDC",
  "chain": "ethereum",
  "escrowContract": "0x3e67d49716e50a8b1c71b8dEa0e31755305733fd",
  "agentInstructions": { ... }
}

POST /mint

Mint a random phunk. Requires x402 payment ($1.99 USDC on Base).

Escrow Contract ABI

[
  {
    "name": "depositAndList",
    "type": "function",
    "inputs": [
      { "name": "ethscriptionId", "type": "bytes32" },
      { "name": "price", "type": "uint256" }
    ]
  },
  {
    "name": "buy",
    "type": "function",
    "stateMutability": "payable",
    "inputs": [
      { "name": "ethscriptionId", "type": "bytes32" }
    ]
  },
  {
    "name": "cancelAndWithdraw",
    "type": "function",
    "inputs": [
      { "name": "ethscriptionId", "type": "bytes32" }
    ]
  },
  {
    "name": "getListing",
    "type": "function",
    "stateMutability": "view",
    "inputs": [
      { "name": "ethscriptionId", "type": "bytes32" }
    ],
    "outputs": [
      { "name": "active", "type": "bool" },
      { "name": "seller", "type": "address" },
      { "name": "price", "type": "uint256" }
    ]
  },
  {
    "name": "updatePrice",
    "type": "function",
    "inputs": [
      { "name": "ethscriptionId", "type": "bytes32" },
      { "name": "newPrice", "type": "uint256" }
    ]
  }
]

Traits

Each ClawPhunk has embedded traits in the ethscription metadata:

{
  "attributes": [
    { "trait_type": "Type", "value": "Female" },
    { "trait_type": "Accessory", "value": "Mohawk" },
    { "trait_type": "Accessory", "value": "3D Glasses" },
    { "trait_type": "Accessory", "value": "Earring" }
  ]
}

x402 Payment

ClawPhunks uses the x402 protocol for payments:

Call /mint without payment → get 402 Payment Required with payment details
Pay $1.99 USDC on Base
Retry with payment proof in header
Receive your phunk

If using Coinbase AgentKit, x402 is handled automatically.

Comments

Loading comments...