Structs Diplomacy
v1.2.0Handles permissions, address management, and inter-player coordination in Structs. Use when granting or revoking permissions on objects, registering new addr...
⭐ 0· 367·0 current·0 all-time
by@abstrct
Security Scan
OpenClaw
Suspicious
medium confidencePurpose & Capability
The SKILL.md repeatedly calls the CLI binary `structsd` and shows TX_FLAGS that require a signer (e.g. `--from [key-name]`), but the skill metadata declares no required binaries, env vars, or config paths. A permission-management skill reasonably needs the `structsd` CLI and access to a signing key / node endpoint; those are missing from the declared requirements.
Instruction Scope
Instructions direct the agent to run transaction commands (e.g. `structsd tx structs permission-grant-on-object ... -y`) that will modify on-chain state and require signing. The SKILL.md does not describe how signing keys are provided, whether a dry-run option should be used, or safeguards to prevent accidental submission. There is no guidance about network/rpc configuration (testnet vs mainnet).
Install Mechanism
This is instruction-only (no install spec), which lowers installer risk. However, because it relies on an external CLI (`structsd`) being present, the absence of a declared install step or requirement means the skill assumes the environment has that tool installed — an implicit dependency that the metadata does not state.
Credentials
No environment variables, credentials, or config paths are declared, yet the workflow requires a signer (`--from [key-name]`) and likely access to local keyrings or node endpoints. The skill does not justify or declare access to wallet keys or node RPC endpoints; this mismatch could lead to unexpected credential use if the agent is allowed to run commands.
Persistence & Privilege
always is false and there is no install hook or self-modifying behavior. The skill does not request elevated persistence or modification of other skills/configs.
What to consider before installing
This skill looks like a straight mapping of CLI commands for managing Structs permissions, but it omits important operational details. Before installing or allowing the agent to use it: (1) Confirm the environment actually has the `structsd` CLI and that you trust that binary. (2) Understand where signing keys live — do not expose private keys or unlock a wallet to the agent unless you explicitly intend it to submit transactions. (3) Prefer running in a testnet or with dry-run steps until you verify behavior. (4) Ask the publisher for missing metadata (required binaries, network/RPC config, expected key management). (5) If you will allow autonomous invocation, require explicit human confirmation for any command that uses `--from` or the `-y` flag to avoid accidental on-chain changes.Like a lobster shell, security has layers — review code before you run it.
latest
Structs Diplomacy
Important: Entity IDs containing dashes (like 3-1, 4-5) are misinterpreted as flags by the CLI parser. All transaction commands in this skill use -- before positional arguments to prevent this.
Permission System (24-bit)
Permissions use a 24-bit bitmask. Individual permissions can be combined (OR'd together). See knowledge/mechanics/permissions for the full permission system reference.
| Permission | Value | Description |
|---|---|---|
| PermPlay | 1 | Basic play access |
| PermAdmin | 2 | Administrative control (manage permissions) |
| PermUpdate | 4 | Update object settings |
| PermDelete | 8 | Delete object |
| PermTokenTransfer | 16 | Transfer tokens |
| PermTokenInfuse | 32 | Infuse tokens into reactors/generators |
| PermTokenMigrate | 64 | Migrate tokens between objects |
| PermTokenDefuse | 128 | Defuse (withdraw) tokens |
| PermGuildMembership | 512 | Manage guild membership |
| PermSubstationConnection | 1024 | Connect to substations |
| PermAllocationConnection | 2048 | Connect to allocations |
| PermReactorGuildCreate | 524288 | Create guilds on a reactor |
| PermHashBuild | 1048576 | Submit build proof-of-work |
| PermHashMine | 2097152 | Submit mine proof-of-work |
| PermHashRefine | 4194304 | Submit refine proof-of-work |
| PermHashRaid | 8388608 | Submit raid proof-of-work |
| PermAll | 16777215 | All permissions (full access) |
Procedure
- Query permissions —
structsd query structs permission [id],permission-by-object [object-id],permission-by-player [player-id]. - Grant on object —
structsd tx structs permission-grant-on-object TX_FLAGS -- [object-id] [player-id] [permissions]. Permissions are additive. - Revoke on object —
structsd tx structs permission-revoke-on-object -- [object-id] [player-id] [permissions]. - Set on object —
structsd tx structs permission-set-on-object -- [object-id] [player-id] [permissions]— clears existing and applies new set. - Address-level permissions —
structsd tx structs permission-grant-on-address -- [address] [permissions],permission-revoke-on-address -- [address] [permissions],permission-set-on-address -- [address] [permissions]. - Guild rank permissions —
structsd tx structs permission-guild-rank-set TX_FLAGS -- [object-id] [guild-id] [permission] [rank]— grant permission on object to guild members at or above specified rank. Revoke:structsd tx structs permission-guild-rank-revoke TX_FLAGS -- [object-id] [guild-id] [permission]. - Address management — Register:
structsd tx structs address-register TX_FLAGS -- [address] [proof-pubkey] [proof-signature] [permissions]. Revoke:structsd tx structs address-revoke -- [address]. Update primary:structsd tx structs player-update-primary-address -- [new-address].
Commands Reference
| Action | Command |
|---|---|
| Grant on object | structsd tx structs permission-grant-on-object -- [object-id] [player-id] [permissions] |
| Revoke on object | structsd tx structs permission-revoke-on-object -- [object-id] [player-id] [permissions] |
| Set on object | structsd tx structs permission-set-on-object -- [object-id] [player-id] [permissions] |
| Grant on address | structsd tx structs permission-grant-on-address -- [address] [permissions] |
| Revoke on address | structsd tx structs permission-revoke-on-address -- [address] [permissions] |
| Set on address | structsd tx structs permission-set-on-address -- [address] [permissions] |
| Set guild rank permission | structsd tx structs permission-guild-rank-set -- [object-id] [guild-id] [permission] [rank] |
| Revoke guild rank permission | structsd tx structs permission-guild-rank-revoke -- [object-id] [guild-id] [permission] |
| Address register | structsd tx structs address-register -- [address] [proof-pubkey] [proof-sig] [permissions] |
| Address revoke | structsd tx structs address-revoke -- [address] |
| Update primary address | structsd tx structs player-update-primary-address -- [new-address] |
TX_FLAGS: --from [key-name] --gas auto --gas-adjustment 1.5 -y
| Query | Command |
|---|---|
| Permission by ID | structsd query structs permission [id] |
| Permission by object | structsd query structs permission-by-object [object-id] |
| Permission by player | structsd query structs permission-by-player [player-id] |
| Guild rank permission by object | structsd query structs guild-rank-permission-by-object [object-id] |
| Guild rank permission by object+guild | structsd query structs guild-rank-permission-by-object-and-guild [object-id] [guild-id] |
| Address | structsd query structs address [address] |
| Addresses by player | structsd query structs address-all-by-player [player-id] |
Verification
- Permission:
structsd query structs permission-by-object [object-id]— list players with access. - Guild rank permission:
structsd query structs guild-rank-permission-by-object [object-id]— list guild rank-based permissions. - Address:
structsd query structs address [address]— verify registration, player link. - Player addresses:
structsd query structs address-all-by-player [player-id]— all linked addresses.
Error Handling
- Permission denied: Signer lacks permission on object. Check
permission-by-objectfor current grants. - Address already registered: Use
address-revokefirst, or link to different player. - Invalid proof: Address registration requires valid proof pubkey and signature. Verify auth flow.
- Object not found: Object ID may be stale. Re-query to confirm entity exists.
See Also
- knowledge/mechanics/permissions — Full permission system reference (24-bit values, guild rank permissions)
- knowledge/entities/entity-relationships — Object types and IDs
- protocols/authentication — Auth for address registration
Comments
Loading comments...