ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Planet Express Marketplace

v2.0.0

Decentralized file marketplace on Monad blockchain — buy, sell, and browse encrypted files with x402

0· 665·0 current·0 all-time
byFawnsworth@timowhite88

Install

OpenClaw Prompt Flow

Install with OpenClaw

Best for remote or guided setup. Copy the exact prompt, then paste it into OpenClaw for timowhite88/planetexpress-marketplace.

Previewing Install & Setup.
Prompt PreviewInstall & Setup
Install the skill "Planet Express Marketplace" (timowhite88/planetexpress-marketplace) from ClawHub.
Skill page: https://clawhub.ai/timowhite88/planetexpress-marketplace
Keep the work scoped to this skill only.
After install, inspect the skill metadata and help me finish setup.
Use only the metadata you can verify from ClawHub; do not invent missing requirements.
Ask before making any broader environment changes.

Command Line

CLI Commands

Use the direct CLI path if you want to install manually and keep every step visible.

OpenClaw CLI

Canonical install target

openclaw skills install timowhite88/planetexpress-marketplace

ClawHub CLI

Package manager switcher

npx clawhub@latest install planetexpress-marketplace
Security Scan
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Suspicious
medium confidence
Purpose & Capability
Name, description, endpoints, contract address and supported chains are coherent for a decentralized file marketplace; network permission in claw.json matches the stated API usage.
!
Instruction Scope
SKILL.md tells the agent how to browse, purchase, and list files via the marketplace endpoints only, but it also says purchasers will 'Receive the encrypted file + skill file for decryption.' That text is ambiguous: it could deliver code or scripts the agent/user must run to decrypt files. The instructions do not explicitly prohibit executing remote code, nor do they describe safe handling of downloaded 'skill file' contents. The doc also mentions storing files via DropClaw (/vault/store) without describing authentication or required keys.
Install Mechanism
The skill is instruction-only (no install spec), but SKILL.md recommends installing an SDK via `npm i dropclaw` or `pip install dropclaw`. Those installs would fetch third-party packages at runtime (not managed by the skill registry). The lack of an official install spec means the agent or user might install code from external package registries, which increases risk if not verified.
Credentials
No environment variables, credentials, or config paths are requested — this is proportionate. However, payment flows imply use of on-chain wallets and signing (MON/SOL/USDC) but the instructions do not explain how signing is performed or where private keys are held. If an agent were given or asked to use private keys to complete payments, that would be sensitive but is not specified here.
Persistence & Privilege
always is false and there is no install writing files described by the skill registry. The skill does not request persistent privileges or to modify other skills or system settings.
What to consider before installing
This skill appears to implement a file marketplace as described, but proceed with caution. Key points to consider before installing or using it: - Do not let an agent automatically install or run `dropclaw` packages without verifying the package source, version, and contents (npm/pypi packages can contain arbitrary code). - Be wary of any downloaded 'skill file' that the marketplace returns for 'decryption'—treat it as untrusted remote code. Do not execute it in your main environment; use a sandbox or review its contents first. - The payment flow requires signing on-chain transactions; never provide private keys or wallet seeds to an agent. Prefer manual signing via your wallet or an external signer. - Verify the API hostname and contract address independently (e.g., via the project homepage or block explorers) before sending funds or listing files. - If you need higher assurance, ask the publisher for a formal install spec, package checksums, and documentation on how decryption is performed safely; absence of those increases operational risk.

Like a lobster shell, security has layers — review code before you run it.

latestvk974qce8kp5tp2g3hdw7vwee21818fxn
665downloads
0stars
1versions
Updated 56m ago
v2.0.0
MIT-0
Fawnsworth@timowhite88
latest
Download

Planet Express Marketplace — Decentralized File Commerce

A decentralized marketplace for buying and selling encrypted files on Monad blockchain. Escrow-secured transactions with multi-chain payment support via x402.

Quick Reference

  • API Base: https://dropclaw.cloud/marketplace
  • Protocol: x402 (HTTP 402 payment flow)
  • Chain: Monad (chainId 143)
  • Contract: 0xeFc5D4f6ee82849492b1F297134872dA2Abb260d
  • Payment: MON, SOL, or Base USDC
  • Frontend: https://planetexpress.dropclaw.cloud

Endpoints

Browse Listings (Free)

GET /marketplace/listings

Returns all active marketplace listings.

Get Listing Detail (Free)

GET /marketplace/listing/{id}

Returns listing detail with pricing in MON/SOL/USDC.

Purchase a File (x402 Payment)

POST /marketplace/purchase
Content-Type: application/json

{
  "listingId": 123,
  "buyerAddress": "0x..."  // optional
}

Triggers x402 flow: receive 402 → pay on preferred chain → retry with X-PAYMENT header.

List a File for Sale ($30 Listing Fee)

POST /marketplace/list
Content-Type: application/json

{
  "fileId": "dropclaw-file-id",
  "title": "My File",
  "description": "What this file contains",
  "skillFileUri": "ipfs://Qm...",
  "keyHash": "0x...",
  "price": "0.5"
}

Requires x402 payment of $30 listing fee.

Purchase Flow

  1. GET /marketplace/listings to browse available files
  2. GET /marketplace/listing/{id} for detail + pricing
  3. POST /marketplace/purchase with { listingId } — receive 402 with payment options
  4. Send payment on your preferred chain (MON, SOL, or USDC on Base)
  5. Retry POST with X-PAYMENT: base64(JSON({ network, txHash }))
  6. Receive the encrypted file + skill file for decryption

Listing Flow

  1. First store your file via DropClaw (POST /vault/store) — this gives you a fileId
  2. POST /marketplace/list with file details and price — triggers $30 listing fee via x402
  3. Pay the listing fee on any supported chain
  4. Your file appears in the marketplace for others to purchase

Fees

FeeAmountNotes
Listing fee$30 USDPaid when listing a file for sale
Buyer fee~$1 USDAdded to purchase price
Delivery fee2.5%Of listing price
FARNS buyback50%Half of all protocol fees buy $FARNS

Payment Chains

  • Monad (eip155:143) — MON native, direct contract interaction
  • Solana (solana:5eykt4UsFv8P8NJdTREpY1vzqKqZKvdp) — SOL, facilitated
  • Base (eip155:8453) — USDC, facilitated

Frontend

The marketplace has a fully decentralized frontend hosted on IPFS:

  • Web: https://planetexpress.dropclaw.cloud
  • IPNS: k51qzi5uqu5di1vh2ybr8qipy8mod859fjb0i548af7qyopyctlv7zpjblukee

Install SDK: npm i dropclaw or pip install dropclaw

Comments

Loading comments...