Clash of Coins - Agentic Gateway

v1.0.5

Use when an agent needs one universal entrypoint to discover and use the unified Clash of Coins gateway (sale + shop), choose the active protocol on the live...

⭐ 0· 178·1 current·1 all-time

byClash of Coins Deployer@clash-deployer

OpenClaw Prompt Flow

Install with OpenClaw

Best for remote or guided setup. Copy the exact prompt, then paste it into OpenClaw for clash-deployer/clash-of-coins-agentic.

Previewing Install & Setup.

Prompt PreviewInstall & Setup

Install the skill "Clash of Coins - Agentic Gateway" (clash-deployer/clash-of-coins-agentic) from ClawHub.
Skill page: https://clawhub.ai/clash-deployer/clash-of-coins-agentic
Keep the work scoped to this skill only.
After install, inspect the skill metadata and help me finish setup.
Use only the metadata you can verify from ClawHub; do not invent missing requirements.
Ask before making any broader environment changes.

Command Line

CLI Commands

Use the direct CLI path if you want to install manually and keep every step visible.

OpenClaw CLI

Bare skill slug

openclaw skills install clash-of-coins-agentic

ClawHub CLI

Package manager switcher

npx clawhub@latest install clash-of-coins-agentic

Security Scan

Capability signals

CryptoRequires walletCan make purchasesRequires sensitive credentials

These labels describe what authority the skill may exercise. They are separate from suspicious or malicious moderation verdicts.

VirusTotal

Benign

View report →

OpenClaw

Benign

high confidence

ℹ

Purpose & Capability

The skill claims to be a discovery-and-routing gateway router for sale and shop surfaces and includes detailed discovery/playbook references plus a Node.js discovery script that probes the target origin. This aligns with the stated purpose. Minor note: SKILL.md requires Node.js 18+ to run scripts/discover-gateway.mjs, but the registry metadata did not list Node as a required binary — a small metadata omission, not a functional mismatch.

ℹ

Instruction Scope

SKILL.md instructs the agent to run the included Node script which performs many GETs (/, /openapi.json, /catalog, /.well-known/*, /shop/*, mcp.json, skills index, etc.) and emits structured JSON including full response bodies. These reads are within the domain of discovery/routing, but they do return endpoint response bodies which may contain sensitive or unexpected data from the target origin. There are no instructions to read local files or unrelated environment variables.

✓

Install Mechanism

This is instruction-only with a bundled Node script; there is no installer or network download of third-party code. The agent must be able to run Node.js locally, but nothing is written to disk by an install step beyond running the included script. No high-risk install behavior is present.

✓

Credentials

The skill does not request any environment variables, credentials, or config paths. Its behavior is limited to outbound HTTPS probes to a single user-specified origin. This is proportionate for a discovery tool. (Reminder: SKILL.md documents a runtime Node.js requirement but no env vars.)

✓

Persistence & Privilege

The skill does not request permanent inclusion (always:false) and does not modify other skills or system-wide settings. It relies on the client to run the included script on-demand; autonomous invocation is allowed by platform default but is not combined with other concerning privileges.

Assessment

This skill appears to do exactly what it says: probe a Clash of Coins gateway, build a discovery snapshot, and recommend routing. Before installing or running it, verify: (1) your client can run Node.js 18+ and you accept outbound HTTPS probes from the agent; (2) you will run probes only against trusted origins — the script fetches and emits full response bodies (which can include sensitive data), so do not point it at internal or credential-bearing endpoints you don't want exposed; (3) the registry metadata omission (Node runtime) is minor but confirm Node availability in your execution environment; (4) review scripts/discover-gateway.mjs locally to be comfortable with the exact endpoints being requested; and (5) avoid passing any credentials or secrets to this tool — it does not need them. If you need stronger controls, run the script in a sandboxed environment or limit which origins the agent is allowed to query.

Like a lobster shell, security has layers — review code before you run it.

latestvk97azsz3bv79np9035mvhza72h85cp61

178downloads

0stars

6versions

Updated 4d ago

v1.0.5

MIT-0

Clash of Coins Universal Skill

Use this as the default skill for any compatible agent (OpenClaw, Claude, Cursor, Codex, and other Agent Skills clients) when the task touches Clash of Coins.

Canonical published path: /skills/clashofcoins-universal/SKILL.md
Compatibility aliases: /skills/SKILL.md, /skills/clashofcoins-universal/skill.md, /skills/clashofcoins-universal, /skills/clashofcoins/SKILL.md, /skills/clashofcoins/skill.md, /skills/clashofcoins

Scope

Surfaces: sale (/agentic/*) and shop (/shop/*)
Protocol model: deployment-dependent (x402, mpp, or mixed)
Role: universal router and discovery-first entrypoint

Functional Coverage (Sale + Shop)

Root discovery and routing:
- GET /
- GET /openapi.json
- GET /openapi.full.json
- GET /mcp.json
- GET /skills/index.json
- GET /catalog
- check top-level x-bazaar metadata in OpenAPI for minimal Bazaar-compatible payable hints
- GET /.well-known/x402 (compatibility metadata for enabled x402 resources; 404 when x402 is disabled)
- GET /.well-known/mpp when MPP is enabled
Sale checkout coverage:
- offers, optional quote, buy, and purchase-status polling on /agentic/<protocol>/*
- request body constraints: saleId, quantity, beneficiary
Shop checkout coverage:
- anonymous + recipient-scoped catalog reads on /shop/api/shop/items
- offers, optional quote, buy, and purchase-status polling on /shop/<protocol>/*
- recipient constraint: exactly one of nickname or address for quote/buy
Payment retry coverage:
- x402 paid retry from latest challenge with identical method/body
- MPP paid retry with identical JSON body and canonical mppx flow
Agent-wallet coverage (when enabled):
- read live capability/funding route first: GET /agent-wallet/
- create order (returns exact amount): POST /agent-wallet/orders
- payable funding (default auto sweep + finalize): POST /agent-wallet/<fundingProtocol>/fund
- read order state: GET /agent-wallet/orders/{orderId}
- funding status: GET /agent-wallet/<fundingProtocol>/purchases/{paymentReference}
- funding protocol is runtime/env-driven (x402 or mpp); purchase protocol in order payload can still be x402 or mpp when enabled
Integration coverage:
- MCP/skills/OpenAPI consistency checks
- scanner/registry validation via reference playbooks

Use This Skill When

user intent is not yet narrowed to sale or shop
you need one playbook to browse, route, and execute
you need to hand off cleanly to specialized skills after routing

Do Not Use This Skill When

task is explicitly sale-only and already scoped
task is explicitly shop-only and already scoped

Default Workflow

Pick one target origin. Do not mix origins in one pass.
Run discovery snapshot:
- node scripts/discover-gateway.mjs --origin <https://...>
Read GET /catalog before any buy call.
Route by user intent:
- browse/compare products: stay in this skill and follow references/discovery-and-routing.md
- buy presale/NFT lots: follow sale flow in references/purchase-playbooks.md
- buy in-game shop goods: follow shop flow in references/purchase-playbooks.md
- scanner/MCP/OpenAPI integration or validation: use references/integration-playbook.md
Validate before execution:
- active protocol exists on this origin
- chosen surface matches the item (sale vs shop)
- shop recipient rule is satisfied (exactly one of nickname or address)

Hard Rules

Do not mix sale and shop contracts in one purchase attempt.
Do not treat payment settlement as success before purchase-status/ledger confirmation.
Do not buy shop items from anonymous offers without recipient-scoped validation.
Keep unpaid and paid retry payloads identical.
Do not hardcode payment addresses or token/network constants outside deployment config.

Fast Defaults

Browse everything: GET /catalog
Sale buy: POST /agentic/<protocol>/buy
Shop buy: POST /shop/<protocol>/buy
Agent-wallet buy flow:
- GET /agent-wallet/
- POST /agent-wallet/orders
- POST /agent-wallet/<fundingProtocol>/fund
- GET /agent-wallet/orders/{orderId}
Sale status: GET /agentic/<protocol>/purchases/{paymentTx}
Shop status:
- GET /shop/<protocol>/purchases/{paymentReference}
- GET /shop/purchase-status/{purchaseId} (user-facing status)

Plan-Validate-Execute Loop

Plan: choose one origin, one surface, and one protocol from live discovery.
Validate: run the relevant checklist from references.
Execute: quote or buy.
Re-validate: if contract behavior differs, re-read live discovery and adjust.

Agent Wallet Simplified Flow

Create order with purchase intent.
- Read GET /agent-wallet/ and use returned fundingProtocol/fundingRoute as source of truth.
- protocol is optional; gateway can infer a compatible protocol (for example, shop carts prefer mpp when available).
Pay the funding route for returned orderId.
Expect backend to auto-run sweep and finalize.
Read order; if auto-execution fails, use manual recovery endpoints only as fallback.

Load References On Demand

Discovery and routing: references/discovery-and-routing.md
Purchase playbooks: references/purchase-playbooks.md
Integration/validator flow: references/integration-playbook.md
Client setup: references/client-installation.md
Skill eval artifacts:
- quality evals: evals/evals.json
- trigger evals: evals/trigger-queries.json

Output Template

### Clash of Coins Handoff

- Origin: <origin>
- Enabled protocols: <x402|mpp|both>
- Surface selected: <sale|shop>
- Why this route: <user intent + catalog evidence>
- Next endpoint: <method + path>
- Payload constraints: <recipient/beneficiary/cart rules>
- Payment retry rule: <PAYMENT-SIGNATURE or Authorization: Payment via mppx>
- Status endpoint: <exact path>
- Risks/gotchas: <if any>

Comments

Loading comments...