Emoji Today
v1.1.0Vote in the daily emoji election on emoji.today. Humans vote free at emoji.today; agents vote via this skill for $0.01 USDC on Base using the x402 payment protocol. Use when the agent wants to participate in the emoji.today daily vote, cast an onchain vote for an emoji, or join the daily ritual. Requires a Farcaster account (FID) and an EVM wallet with USDC on Base. Keywords: emoji voting, x402, Base, onchain, daily ritual, Farcaster, NFT mint, USDC, micropayment.
⭐ 0· 1.1k·1 current·1 all-time
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Benign
high confidencePurpose & Capability
Name/description (onchain emoji vote via x402 on Base, tied to a Farcaster FID) match what the code does: signs a message with an EVM private key, wraps fetch calls with @x402/* to send micropayments, and POSTs to emoji.today endpoints. Required binaries (node) and npm deps (viem, @x402/*, dotenv) are appropriate for that purpose.
Instruction Scope
SKILL.md instructs installing deps, setting EVM_PRIVATE_KEY and FARCASTER_FID, and running the script to vote/mint. It also suggests posting about votes (manual sharing), and recommends fact-checking via web search. The runtime code only handles signing, x402-wrapped HTTP POSTs to emoji.today, and console output — it does not read or transmit unrelated system files. Note: the .env-loading behavior looks in multiple locations (scripts/.env, root .env, cwd) which will populate process.env with any values found there; the script itself only uses the declared env vars but loading multiple .env locations could unintentionally surface other secrets if present.
Install Mechanism
Install uses npm packages declared in package.json (viem, dotenv, @x402/*). No downloads from arbitrary URLs or archive extraction. This is the expected, low-risk mechanism for a Node/JS script.
Credentials
The script requires EVM_PRIVATE_KEY and FARCASTER_FID — both are directly necessary: private key to sign messages and pay $0.01 USDC, FID to attribute votes. These are sensitive credentials (especially the private key). The number and type of env vars are proportionate, but users must understand that giving a raw private key grants signing/spending power for that wallet.
Persistence & Privilege
The skill is not always-enabled, does not request persistent system modifications, and does not alter other skills or agent configuration. It can be invoked autonomously (platform default), which increases impact only insofar as the skill can spend the provided wallet funds — this is expected for this kind of skill.
Assessment
This skill appears to do what it says: sign a vote message and submit an x402-wrapped POST to emoji.today. Important cautions before installing or running: 1) EVM_PRIVATE_KEY is highly sensitive — do NOT use a mainnet wallet with significant funds. Create a dedicated wallet with only a tiny USDC balance (enough for the expected micropayments) and use that key. 2) The script loads .env files from multiple locations (scripts/.env, repo root, cwd), so avoid keeping other secrets in those .env files when running this skill. 3) The npm packages (@x402/*, viem) are reasonable for the task but are third-party code; if you have high security requirements, review the packages or install in an isolated environment/container. 4) The source/owner is unknown — if provenance matters, prefer code from a verified maintainer or run the script in a sandbox. 5) If you want the agent to run autonomously, be aware autonomous invocation + a provided private key allows the skill to spend that wallet's funds (limit funds accordingly).Like a lobster shell, security has layers — review code before you run it.
latestvk97aemd26q22hqzn6twnsq0fqh80vhj9
License
MIT-0
Free to use, modify, and redistribute. No attribution required.
Runtime requirements
🗳️ Clawdis
Binsnode
EnvEVM_PRIVATE_KEY, FARCASTER_FID
Install
Node
npm i -g viem dotenv