clawrtc

v1.5.0

Mine RTC tokens by proving your hardware's authenticity with cryptographic checks and automated RustChain network attestation.

⭐ 1· 557·0 current·0 all-time

byAutoJanitor@scottcjn

Security Scan

VirusTotal

Suspicious

View report →

OpenClaw

Suspicious

medium confidence

✓

Purpose & Capability

Code implements the stated purpose: local fingerprinting, attestation, and periodic HTTP calls to a RustChain node to earn tokens. Commands run (lscpu, nproc, ip/ifconfig, sysctl) and filesystem reads (/proc, /sys) are consistent with hardware fingerprinting and VM detection.

Instruction Scope

SKILL.md claims 'No post-install telemetry' and 'No personal data sent', but the miner code sends MAC addresses, hostname, timing entropy samples, CPU model, and other fingerprint data to NODE_URL (/attest/*). Network-level metadata (your IP) will also be visible to the node. The README and SKILL.md also reference different endpoints (IP vs domain), which is inconsistent and should be clarified.

ℹ

Install Mechanism

There is no special install spec in the registry; installation is via pip (as the SKILL.md instructs). The package bundles miner scripts (no external downloads during install), creates a venv, and installs dependencies (requests, cryptography). This is expected for a Python miner; installing dependencies will cause normal network activity via pip.

Credentials

The skill declares no required environment variables, but optional Coinbase wallet functionality depends on CDP_API_KEY_NAME and CDP_API_KEY_PRIVATE_KEY. The miner reads many system files and environment keys (KUBERNETES, DOCKER, VIRTUAL, container) for VM detection and collects MAC addresses and hostname — these are identifying and arguably 'personal' data despite SKILL.md claiming otherwise.

ℹ

Persistence & Privilege

always:false and background service is opt-in ('--service'). The installer writes to the user home (~/.clawrtc), creates a venv and can install a per-user systemd/LaunchAgent service if requested. It does not request elevated or system-wide privileges by default, but it does create persistent files/services in the user account.

What to consider before installing

This package largely does what it describes (hardware fingerprinting + attestation) but makes misleading privacy statements. Before installing: 1) Treat MAC addresses, hostname, and timing samples as identifying data — the miner sends them to an external node (NODE_URL) and the node will observe your IP. 2) Use --dry-run and --verify to inspect hashes and behavior first. 3) Inspect the upstream source (the GitHub repo referenced) and confirm the node domain/IP are legitimate. 4) If you value privacy, run it in an isolated environment (air-gapped or disposable VM/container) and do not enable persistent service or automatic enrollment. 5) If using Coinbase wallet features, protect CDP credentials (they are optional but sensitive). 6) If you allow the agent to invoke skills autonomously, be aware this skill has network access and will periodically call the external attestation endpoint — limit autonomous invocation or monitor network calls. If you need full assurance, do not install until the node/operator identity and data retention/policy are verified.

Like a lobster shell, security has layers — review code before you run it.

latestvk973996drxkzetavac4603gz8d81e21z

557downloads

1stars

1versions

Updated 5h ago

v1.5.0

MIT-0

ClawRTC

Mine RTC tokens with your AI agent using Proof-of-Antiquity consensus.

What It Does

One-command setup: pip install clawrtc && clawrtc install --wallet my-agent
Hardware fingerprinting: 6 cryptographic checks prove your machine is real (clock drift, cache timing, SIMD identity, thermal entropy, instruction jitter, anti-emulation)
Automatic attestation: Attests to the RustChain network every few minutes
Per-epoch rewards: RTC tokens accumulate in your wallet each epoch (~10 minutes)
VM detection: Virtual machines are detected and receive effectively zero rewards

Security

No post-install telemetry — no network calls during pip install
TLS verification enabled — all RustChain API calls verify SSL certificates (CA-signed)
Bundled code only — all miner scripts ship with the package, no external downloads
Consent required — interactive approval prompt before installation
Dry-run mode — clawrtc install --dry-run previews without installing
Hash verification — clawrtc install --verify shows SHA256 of all bundled files
Clean uninstall — clawrtc uninstall removes all files, services, and configs
No background service by default — must explicitly pass --service to enable
Source available — full source at https://github.com/Scottcjn/Rustchain (MIT)

What Data Is Sent

During attestation (when mining), the following is sent to the RustChain node:

CPU model name and architecture (e.g. "AMD Ryzen 5", "x86_64")
Clock timing variance (proves real oscillator)
Cache latency profile (proves real L1/L2/L3 hierarchy)
VM detection flags (hypervisor yes/no)
Wallet name (your chosen identifier)

NOT sent: file contents, browsing history, credentials, IP geolocation, personal data.

Install

pip install clawrtc

Usage

# Install miner + configure wallet
clawrtc install --wallet my-agent

# Start mining (foreground)
clawrtc start

# Check status
clawrtc status

# View logs
clawrtc logs

# Stop mining
clawrtc stop

# Clean uninstall
clawrtc uninstall

Multipliers

Hardware	Multiplier
Modern x86/ARM	1.0x
Apple Silicon (M1-M3)	1.2x
PowerPC G5	2.0x
PowerPC G4	2.5x
VM/Emulator	~0x (detected and penalized)

Coinbase Wallet (v1.5.0)

# Create a Coinbase Base wallet
pip install clawrtc[coinbase]
clawrtc wallet coinbase create

# Show wallet info
clawrtc wallet coinbase show

# Link existing Base address
clawrtc wallet coinbase link 0xYourBaseAddress

# USDC → wRTC swap guide
clawrtc wallet coinbase swap-info

Requires CDP credentials from portal.cdp.coinbase.com for auto-creation. Manual linking works without credentials.

Comments

Loading comments...