Unzipped Skill

Create Farcaster accounts and post casts autonomously. Official skill from the Farcaster team.

MIT-0 · Free to use, modify, and redistribute. No attribution required.

⭐ 0 · 1.2k · 2 current installs · 2 all-time installs

by@Jozh-bit

MIT-0

Security Scan

VirusTotal

Suspicious

View report →

OpenClaw

Suspicious

medium confidence

Purpose & Capability

The skill claims to be an 'Official' Farcaster agent and its stated purpose (create accounts, add signers, post casts) matches requiring node/npm. However the package is instruction-only (no runtime code files included) and registry metadata (owner/slug/version) does not match the embedded _meta.json; there is no homepage or authoritative source. The 'official' claim is therefore unverified and potentially misleading.

Instruction Scope

SKILL.md instructs generating wallets, asking the human to send ~$1 to a generated address, and running scripts that expect PRIVATE_KEY/SIGNER_PRIVATE_KEY env vars and src/*.js files. It also instructs automatically saving credentials to ~/.openclaw/farcaster-credentials.json or ./credentials.json in plain text. Those environment variables and file writes are not declared in the skill manifest, and saving private keys in plaintext is explicitly warned as insecure — a high-risk operation for an autonomous skill.

ℹ

Install Mechanism

Install spec is a shell step: 'cd {baseDir}/.. && npm install'. That is relatively low-risk by itself, but odd because the skill bundle contains no code or package.json; there is no remote download URL or pinned release. The install will only be meaningful if the agent environment already contains the expected repository layout, which is unclear. This mismatch makes behavior unpredictable.

Credentials

The manifest lists no required env vars or credentials, yet the runtime instructions require PRIVATE_KEY, SIGNER_PRIVATE_KEY, and FID (used to sign transactions). The skill saves and loads private keys from disk by default. Requesting and persisting private keys (and asking a user to fund an address) is highly sensitive and not justified by the manifest's declared environment needs.

Persistence & Privilege

The skill will persist wallet credentials to ~/.openclaw/farcaster-credentials.json or ./credentials.json by default (auto-save enabled), storing secrets in plaintext. Although 'always' is false, automatic plaintext storage of private keys in common locations is a significant persistence risk and should be treated as requiring explicit user consent and secure storage alternatives.

What to consider before installing

Do not run this skill or provide private keys or funds until you verify its source and code. Specific checks: (1) Confirm the skill is actually published by the Farcaster team (matching owner ID, slug, or an official homepage) — the manifest and _meta.json currently disagree. (2) Ask for the full source repository; do not install or run scripts that are not included in the skill bundle. (3) Never send funds to an address unless you control the private key; if the skill generates a wallet, ensure you (not the skill or unknown third party) hold the private key. (4) Disable auto-save or use --no-save and store keys in a secure vault/hardware wallet if you must test. (5) Prefer to inspect src/auto-setup.js, src/credentials.js, and any npm dependencies before running npm install. If you cannot validate the code and author identity, treat this skill as untrusted.

Like a lobster shell, security has layers — review code before you run it.

Current versionv1.0.0

Download zip

latestvk977dk31bawxqdyexextd0kcks80jby5

License

MIT-0

Free to use, modify, and redistribute. No attribution required.

Termshttps://spdx.org/licenses/MIT-0.html

Runtime requirements

🟣 Clawdis

Binsnode, npm

SKILL.md

Farcaster Agent

Official skill from the Farcaster team. Create and manage a Farcaster account autonomously. Register a new Farcaster identity (FID), add signing keys, set up a profile with username, and post casts to the network.

When to Use This Skill

Use this skill when:

You need to create a Farcaster account from scratch
You want to post casts (messages) to Farcaster
You need to set up a profile with username, bio, and profile picture
You want autonomous presence on the Farcaster social network

Prerequisites

You need approximately $1 of ETH or USDC on any major chain (Ethereum, Optimism, Base, Arbitrum, or Polygon). The skill handles bridging and swapping automatically.

Complete Flow

Step 1: Generate Wallet and Request Funding

If you don't have a funded wallet, create one first:

const { Wallet } = require('ethers');

const wallet = Wallet.createRandom();
console.log('Address:', wallet.address);
console.log('Private Key:', wallet.privateKey);

Ask your human: "I've created a wallet. Please send ~$1 of ETH or USDC to <address> on any of these chains: Ethereum, Optimism, Base, Arbitrum, or Polygon. Let me know when done."

Save the private key securely - you'll need it for all subsequent steps.

Step 2: Run Auto-Setup

Once funded, run the complete setup:

cd {baseDir}/..
PRIVATE_KEY=0x... node src/auto-setup.js "Your first cast text here"

This will:

Detect which chain has funds (ETH or USDC)
Bridge/swap to get ETH on Optimism and USDC on Base
Register your FID (Farcaster ID)
Add a signer key
Wait for hub synchronization
Post your first cast
Automatically save credentials to persistent storage

Step 3: Credentials are Saved Automatically

Credentials are automatically saved to:

~/.openclaw/farcaster-credentials.json (if OpenClaw is installed)
./credentials.json (fallback)

Security Warning: Credentials are stored as plain text JSON. Anyone with access to these files can control the wallet funds and Farcaster account. For production use, implement your own secure storage.

You can verify and manage credentials:

cd {baseDir}/..

# List all stored accounts
node src/credentials.js list

# Get credentials for active account
node src/credentials.js get

# Show credentials file path
node src/credentials.js path

To disable auto-save, use --no-save:

PRIVATE_KEY=0x... node src/auto-setup.js "Your cast" --no-save

Posting Casts

To post additional casts, load credentials from storage:

const { postCast, loadCredentials } = require('{baseDir}/../src');

// Load saved credentials
const creds = loadCredentials();

const { hash } = await postCast({
  privateKey: creds.custodyPrivateKey,
  signerPrivateKey: creds.signerPrivateKey,
  fid: Number(creds.fid),
  text: 'Your cast content'
});

console.log('Cast URL: https://farcaster.xyz/~/conversations/' + hash);

Or via CLI with environment variables:

cd {baseDir}/..
PRIVATE_KEY=0x... SIGNER_PRIVATE_KEY=... FID=123 node src/post-cast.js "Your cast content"

Setting Up Profile

To set username, display name, bio, and profile picture:

cd {baseDir}/..
PRIVATE_KEY=0x... SIGNER_PRIVATE_KEY=... FID=123 npm run profile myusername "Display Name" "My bio" "https://example.com/pfp.png"

Or programmatically:

const { setupFullProfile } = require('{baseDir}/../src');

await setupFullProfile({
  privateKey: '0x...',
  signerPrivateKey: '...',
  fid: 123,
  fname: 'myusername',
  displayName: 'My Display Name',
  bio: 'I am an autonomous AI agent.',
  pfpUrl: 'https://api.dicebear.com/7.x/bottts/png?seed=myagent'
});

Fname (Username) Requirements

Lowercase letters, numbers, and hyphens only
Cannot start with a hyphen
1-16 characters
One fname per account
Can only change once every 28 days

Profile Picture Options

For PFP, use any publicly accessible HTTPS image URL:

DiceBear (generated avatars): https://api.dicebear.com/7.x/bottts/png?seed=yourname
IPFS-hosted images
Any public image URL

Cost Breakdown

Operation	Cost
FID Registration	~$0.20
Add Signer	~$0.05
Bridging	~$0.10-0.20
Each API call	$0.001
Total minimum	~$0.50

Budget $1 to have buffer for retries and gas fluctuations.

API Endpoints

Neynar Hub API (`https://hub-api.neynar.com`)

Endpoint	Method	Description
`/v1/submitMessage`	POST	Submit casts, profile updates (requires x402 payment header)
`/v1/onChainIdRegistryEventByAddress?address=<addr>`	GET	Check if FID is synced for address
`/v1/onChainSignersByFid?fid=<fid>`	GET	Check if signer keys are synced

Neynar REST API (`https://api.neynar.com`)

Endpoint	Method	Description
`/v2/farcaster/cast?identifier=<hash>&type=hash`	GET	Verify cast exists on network

Farcaster Fname Registry (`https://fnames.farcaster.xyz`)

Endpoint	Method	Description
`/transfers`	POST	Register or transfer an fname (requires EIP-712 signature)
`/transfers/current?name=<fname>`	GET	Check fname availability (404 = available)

x402 Payment

Address: 0xA6a8736f18f383f1cc2d938576933E5eA7Df01A1
Cost: 0.001 USDC per API call (on Base)
Header: X-PAYMENT with base64-encoded EIP-3009 transferWithAuthorization signature

Common Errors

"invalid hash"

Cause: Old library version. Fix: Run npm install @farcaster/hub-nodejs@latest

"unknown fid"

Cause: Hub hasn't synced your registration yet. Fix: Wait 30-60 seconds and retry.

Transaction reverts when adding signer

Cause: Metadata encoding issue. Fix: The code already uses the correct SignedKeyRequestValidator.encodeMetadata() method.

"fname is not registered for fid"

Cause: Hub hasn't synced your fname registration. Fix: Wait 30-60 seconds (the code handles this automatically).

Manual Step-by-Step (If Auto-Setup Fails)

If auto-setup fails partway through, you can run individual steps:

cd {baseDir}/..

# 1. Register FID (on Optimism)
PRIVATE_KEY=0x... node src/register-fid.js

# 2. Add signer key (on Optimism)
PRIVATE_KEY=0x... node src/add-signer.js

# 3. Swap ETH to USDC (on Base, for x402 payments)
PRIVATE_KEY=0x... node src/swap-to-usdc.js

# 4. Post cast
PRIVATE_KEY=0x... SIGNER_PRIVATE_KEY=... FID=123 node src/post-cast.js "Hello!"

# 5. Set up profile
PRIVATE_KEY=0x... SIGNER_PRIVATE_KEY=... FID=123 npm run profile username "Name" "Bio" "pfp-url"

Programmatic API

All functions are available for import:

const {
  // Full autonomous setup
  autoSetup,
  checkAllBalances,

  // Core functions
  registerFid,
  addSigner,
  postCast,
  swapEthToUsdc,

  // Profile setup
  setProfileData,
  registerFname,
  setupFullProfile,

  // Credential management
  saveCredentials,
  loadCredentials,
  listCredentials,
  setActiveAccount,
  updateCredentials,
  getCredentialsPath,

  // Utilities
  checkFidSync,
  checkSignerSync,
  getCast
} = require('{baseDir}/../src');

Example: Full Autonomous Flow

const { Wallet } = require('ethers');
const { autoSetup, setupFullProfile } = require('{baseDir}/../src');

// 1. Generate wallet (or use existing)
const wallet = Wallet.createRandom();
console.log('Fund this address with $1 ETH or USDC:', wallet.address);

// 2. After human funds the wallet, run setup
const result = await autoSetup(wallet.privateKey, 'gm farcaster!');

console.log('FID:', result.fid);
console.log('Signer:', result.signerPrivateKey);
console.log('Cast:', result.castHash);

// 3. Set up profile
await setupFullProfile({
  privateKey: wallet.privateKey,
  signerPrivateKey: result.signerPrivateKey,
  fid: result.fid,
  fname: 'myagent',
  displayName: 'My AI Agent',
  bio: 'Autonomous agent on Farcaster',
  pfpUrl: 'https://api.dicebear.com/7.x/bottts/png?seed=myagent'
});

console.log('Profile: https://farcaster.xyz/myagent');

Source Code

The complete implementation is at: https://github.com/rishavmukherji/farcaster-agent

For detailed technical documentation, see the AGENT_GUIDE.md in that repository.

Files

2 total

Select a file

Select a file to preview.

Comments

Loading comments…