ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Agent Ads

v1.1.0

Subscribe to Agent Ads to get intent-matched humans invited to your XMTP group on Base, paying only in USDC per accepted invite (no forced adds).

0· 5·0 current·0 all-time
byMateo@fweekshow
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Suspicious
medium confidence
Purpose & Capability
The name/description (Agent Ads / Cost Per Human) matches the instructions and metadata: it asks agents to create an XMTP group, add Basemate's wallet as a member, and subscribe to a paid service. Requiring ERC-8004 registration and USDC on Base is consistent with a payment-gated on‑chain marketplace. Nothing in the manifest requests unrelated credentials or binaries.
!
Instruction Scope
The SKILL.md explicitly instructs the agent to add a third-party (Basemate) as a group member and to grant permissions allowing that party to add members. That is necessary for the advertised flow, but it gives a remote service the ability to modify your group membership. The runtime instructions also direct the agent to interact with an external HTTP API (x402 payment-gated endpoints) and to send DMs to Basemate; these are expected, but they create a privacy/attack surface because Basemate claims to index many groups and will be able to act on group membership. The instructions do not ask the agent to read unrelated local files or secrets.
Install Mechanism
This is an instruction-only skill with no install spec and no code files executed on the host. That lowers the risk of arbitrary code being written to disk or run locally.
Credentials
The skill requests no environment variables or secrets from the agent. Payments are handled via an external x402 facilitator and on-chain USDC, so no platform credentials are required. This is proportionate, but you should note that payments will occur on-chain and require the agent/owner to hold funds on Base; the skill itself relies on third-party hosted endpoints for payment settlement and delivery.
Persistence & Privilege
Flags show always:false and model invocation is allowed (normal). The skill does not request persistent installation privileges or modifications to other skills or system settings. It does, however, rely on giving a remote identity membership/permissions inside your XMTP group, which is an application-level privilege (not an agent platform privilege).
What to consider before installing
Before installing or funding this skill: (1) Verify Basemate's identity and legal/policy docs (the wallet 0xb257... and basemate.app). (2) Understand that you must add Basemate to your XMTP group and grant it permission to add members — this lets a third party change group membership (even if they claim they send opt-in DMs). If you are uncomfortable, do not grant admin/add-member rights. (3) Confirm the payment flow: x402 is used and endpoints are hosted at railway.app and another 'devconnectarg' domain — hosted links on railway.app can be ephemeral or controlled by the operator; validate the operator and test with a very small budget first. (4) Note the manifest contains two different external hostnames for group endpoints (xmtp-agent-production-e08b.up.railway.app and devconnectarg-production.up.railway.app) — ask the provider why and confirm both are legitimate. (5) Limit exposure: create a throwaway test group and wallet, test the subscribe/claim flows, monitor on‑chain settlements and DMs, and only move production funds after you confirm behavior and privacy safeguards. (6) If you need higher assurance, request the provider's privacy/security documentation, source code, and a stable production host (not just railway.app).

Like a lobster shell, security has layers — review code before you run it.

latestvk97fjjbw7xkyc9hd54jx1j2n3x840vsz

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

SKILL.md

Agent Ads — Pay-per-Human Lead Generation

Subscribe to Basemate's Agent Ads service to get intent-matched humans invited to your XMTP group chat. Pay per delivery in USDC on Base.

What is Agent Ads?

Agent Ads = Cost Per Human (CPH). Like CPC (Cost Per Click) but for real humans in group chats.

Basemate monitors 15,000+ users across XMTP group chats on Base app. When someone talks about topics matching your interests, Basemate sends them a private invite with an inline action button — the human taps "Join" to enter your group. No tap, no add, no charge.

Consent-First Model

Every participant opts in explicitly:

  • Group owners add Basemate to their group to unlock discovery — no group is indexed without the owner's permission
  • Humans are never force-added — they receive a private DM with a "Join" button (XIP-67 inline action). They choose to join or ignore it
  • Agents actively subscribe with interests and budget — no unsolicited anything
  • Payment only triggers after the human accepts the invite

Prerequisites

  • Your agent must have an XMTP identity (wallet + inbox on the XMTP network)
  • Your agent must be registered on ERC-8004 (Identity Registry on Base)
  • Your agent must have a USDC balance on Base for payments

Step 0: Create Your Group (Required First)

Before you can use PPH, you need an XMTP group chat to receive humans. You must create the group first and add Basemate as a member — Basemate needs to be in the group to add matched humans to it.

Using the XMTP Agent SDK

import { Client } from "@xmtp/node-sdk";

// Create a group with Basemate as a member
const group = await client.conversations.newGroup(
  ["0xb257b5c180b7b2cb80e35d6079abe68d9cf0467f"], // Basemate's wallet address
  {
    name: "My Agent's Community",
    description: "A group for people interested in...",
    permissions: "all_members", // Basemate needs permission to add members
  }
);

// Save this — you'll need it for your PPH subscription
console.log("Group ID:", group.id);

Important:

  • Basemate (0xb257b5c180b7b2cb80e35d6079abe68d9cf0467f) MUST be a member of the group
  • Group permissions must allow Basemate to add members (all_members or add Basemate as admin)
  • Your agent is the group creator/super admin — you control the group

Using the XMTP CLI

If your agent has the XMTP CLI installed:

# Create group with Basemate as a member
xmtp conversations create-group \
  0xb257b5c180b7b2cb80e35d6079abe68d9cf0467f \
  --name "My Agent's Community" \
  --description "A group for people interested in..." \
  --permissions all-members \
  --json

# Returns: { "id": "<your-group-id>", ... }
# Save the group ID for your PPH subscription

You can also add other members or manage the group later:

# Add more members
xmtp conversation add-members <group-id> <address>

# Remove members
xmtp conversation remove-members <group-id> <address>

# Update group name
xmtp conversation update-name <group-id> "New Name"

# List members
xmtp conversation members <group-id>

What Makes a Good Group?

  • Clear name and description — humans who get added should understand what the group is about
  • Relevant to your PPH interests — if you're subscribing to "DeFi" topics, name your group accordingly
  • Active moderation — you're the admin, keep the group healthy

Once your group is created and Basemate is a member, you're ready to subscribe.

Step 1: Subscribe to PPH

You have two options for subscribing:

Option A: XMTP DM Flow (Conversational)

DM Basemate on XMTP:

  • Address: 0xb257b5c180b7b2cb80e35d6079abe68d9cf0467f
  • Inbox ID: 91e5c2e39bcc8f553de3db2ce1a9d78f9f2b0bbc6c182653c086892b8048d647

Message: subscribe (or buy humans, cph, lead subscribe)

Basemate will ask you three questions:

  1. Interests/topics — comma-separated (e.g. "DeFi, trading, yield farming")
  2. XMTP group ID — the group you created in Step 0
  3. Price per human — your budget in USDC per delivery (e.g. "0.50")

Then confirm with the inline button or reply yes / confirm / y.

Programmatic usage (XMTP Agent SDK)

// DM Basemate
const dm = await client.conversations.newDmWithIdentifier({
  identifier: "0xb257b5c180b7b2cb80e35d6079abe68d9cf0467f",
  identifierKind: 0, // address
});

// Subscribe flow
await dm.send("subscribe");
// When prompted for interests:
await dm.send("DeFi, trading, yield farming");
// When prompted for group ID:
await dm.send("<your-group-id-from-step-0>");
// When prompted for price:
await dm.send("0.50");
// Confirm:
await dm.send("yes");

Using XMTP CLI

# Get or create DM with Basemate
xmtp conversations get-dm 0xb257b5c180b7b2cb80e35d6079abe68d9cf0467f --json
# Returns: { "id": "<conversation-id>", ... }

# Send subscribe
xmtp conversation send-text <conversation-id> "subscribe"

# Then respond to each prompt:
xmtp conversation send-text <conversation-id> "DeFi, trading, yield"
xmtp conversation send-text <conversation-id> "<your-group-id>"
xmtp conversation send-text <conversation-id> "0.50"
xmtp conversation send-text <conversation-id> "confirm"

# Check your subscription
xmtp conversation send-text <conversation-id> "status"

Commands

CommandDescription
subscribeStart a new PPH subscription
status or dashboardView your active subscriptions and delivery count
cancelCancel during subscription setup

Option B: x402 HTTP API (Programmatic)

Base URL: https://xmtp-agent-production-e08b.up.railway.app

All payment-gated endpoints use x402 — include a USDC payment header and the facilitator handles settlement automatically.

Subscribe (x402-gated — $1.00 USDC setup fee)

POST /api/cph/subscribe
Content-Type: application/json

{
  "interests": ["DeFi", "trading", "yield"],
  "xmtpGroupId": "<your-group-id-from-step-0>",
  "agentWallet": "<your-erc8004-registered-wallet>"
}

Returns 402 Payment Required with x402 payment instructions. After payment clears, returns:

{
  "subscriptionId": 1,
  "status": "active",
  "interests": ["DeFi", "trading", "yield"],
  "xmtpGroupId": "...",
  "pricePerHuman": 0.50
}

Claim a Delivery (x402-gated — per-human price in USDC)

POST /api/cph/claim/:deliveryId

When a human is matched, you receive a notification with a claim URL. Pay via x402 to trigger delivery (human added to your group).

Check Status (free)

GET /api/cph/status/:agentWallet

Returns your active subscriptions and delivery counts.

Health Check (free)

GET /health

Step 2: Humans Get Invited (Consent-First)

Once subscribed, the flow is automatic:

  1. Basemate monitors group messages across 15,000+ users in XMTP groups on Base app (only groups whose owners added Basemate)
  2. GPT-4o-mini intent matching scores each message against your subscription interests
  3. Match found → human is queued for delivery
  4. You're notified via XMTP DM with a claim URL
  5. You pay via x402 (HTTP) or approve via XMTP DM (confirm / yes)
  6. Human receives a private DM with context and a "Join" inline action button — they are never force-added to any group
  7. Human taps "Join" → added to your group. If they don't tap, nothing happens and the delivery doesn't count
  8. You only pay for humans who actually accepted the invite

You don't need to do anything after subscribing — just pay for deliveries as they come in.

ERC-8004 Requirement

PPH subscriptions are gated to registered agents. Your wallet must hold an ERC-8004 identity NFT on the Base Identity Registry:

  • Base Mainnet: 0x8004A169FB4a3325136EB29fA0ceB6D2e539a432
  • Base Sepolia: 0x8004A818BFB912233c491871b3d84c89A494BD9e

If you're not registered, Basemate will reject your subscription with instructions.

Pricing

ItemDefaultNegotiable?
Subscription setup (x402)$1.00 USDCNo
Price per human$0.50 USDCYes — set your own during subscribe
Minimum per human$0.01 USDC
Maximum per human$1000 USDC

Quick Reference

WhatValue
Basemate wallet0xb257b5c180b7b2cb80e35d6079abe68d9cf0467f
Basemate inbox ID91e5c2e39bcc8f553de3db2ce1a9d78f9f2b0bbc6c182653c086892b8048d647
API base URLhttps://xmtp-agent-production-e08b.up.railway.app
Groups APIhttps://devconnectarg-production.up.railway.app/api/groups/all
ERC-8004 Registry (Base)0x8004A169FB4a3325136EB29fA0ceB6D2e539a432

Discovery Endpoints (.well-known style)

Agent Ads is discoverable by any agent framework via standard protocol cards:

ProtocolFileDescription
MCP (Model Context Protocol)mcp-server.jsonTool definitions for any MCP-compatible agent
A2A (Agent-to-Agent)agent-card.jsonGoogle A2A agent card for agent-to-agent discovery
OASF (Open Agentic Schema Framework)oasf-record.jsonOASF service record

MCP Tools Available

ToolDescriptionPayment
discover_groupsSearch available groups by interest/tagsFree
subscribe_cphSubscribe with interests, group ID, price per human$1.00 USDC (x402)
check_statusCheck subscription status and delivery countsFree
claim_deliveryClaim and pay for a matched human deliveryCPH rate (x402)

Protocols Supported

  • x402 — HTTP micropayments (USDC on Base)
  • XMTP — Messaging and group chat
  • ERC-8004 — On-chain agent identity
  • MCP — Anthropic Model Context Protocol
  • A2A — Google Agent-to-Agent
  • OASF — Open Agentic Schema Framework

Links

Files

4 total
Select a file
Select a file to preview.

Comments

Loading comments…