OpenBytes
v1.0.0End-to-end OpenBytes network API workflows for AI agents. Covers wallet signature-based authentication, on-chain top-up monitoring, consumer API key lifecycl...
⭐ 0· 65·0 current·0 all-time
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Benign
high confidencePurpose & Capability
Name/description (OpenBytes API workflows: wallet auth, API key lifecycle, top-ups, balance/usage, inference) match the SKILL.md content. The skill does not request unrelated binaries, installs, or credentials in registry metadata.
Instruction Scope
Instructions are focused on API workflows and include concrete curl/JS examples. They explicitly require the user to produce wallet signatures (agent cannot sign), create wallets programmatically, and create/store API keys. One inconsistency: the SKILL.md tells users to set an environment variable (OPENBYTES_API_KEY) and to print private keys in examples — these are legitimate operational instructions but expand the surface for mishandling secrets. The SKILL.md does not instruct the agent to read arbitrary system files or external endpoints beyond the declared gateway endpoints, which is appropriate.
Install Mechanism
Instruction-only skill with no install spec and no code files. No downloads, package installs, or archive extraction are requested. Low install risk.
Credentials
Registry metadata declares no required env vars, which aligns with being instruction-only. However, the instructions reference local environment usage (e.g., export OPENBYTES_API_KEY) and advise saving private keys; the skill does not require platform-provided credentials. This is reasonable for a control-plane guide, but users should not paste private keys or API keys into third-party UIs or agents.
Persistence & Privilege
always:false and no privileged install actions. The skill does not request permanent system presence or modify other skills/configs. Autonomous invocation is allowed but is the platform default and is not otherwise combined with broad access here.
Assessment
This instruction-only skill appears to do what it says: guide OpenBytes API workflows. It does not request hidden credentials or install code. Things to consider before installing:
- Never paste or transmit your private key or consumer API key to the agent or any third party; follow the SKILL.md guidance to sign messages locally and keep keys offline when possible.
- The skill’s examples print private keys and tell you to store them — treat those outputs as sensitive and store them in a secure vault (not chat). Prefer using a hardware or user-controlled wallet and manual signature steps instead of creating and printing keys programmatically.
- Verify the gateway URL (https://gateway.openbytes.ai) and ensure you interact with the official API endpoint before sending tokens or performing on-chain deposits.
- The skill suggests exporting OPENBYTES_API_KEY locally; do not export secrets into shared or ephemeral environments without understanding who can access them.
Overall, the skill is coherent for its stated purpose; proceed if you understand and accept the operational handling of keys and on-chain top-ups.Like a lobster shell, security has layers — review code before you run it.
latestvk975184qn2hwqj43v9jqea02gs83hfmb
License
MIT-0
Free to use, modify, and redistribute. No attribution required.