📦 Clicks Protocol — 链上收益集成
v1.2.0为 Base 链上的 AI 智能体项目无缝接入 USDC 自动收益,实时查询 APY、检查国库状态、模拟分账并调用 MCP 服务器。
0· 194·0 当前·0 累计
by 下载技能包
最后更新
2026/4/18
安全扫描
OpenClaw
安全
high confidenceNULL
评估建议
This skill appears to do what it says: read-only queries to Clicks Protocol via their MCP server and helper scripts. Before using it: (1) Confirm you trust the MCP endpoint (https://mcp.clicksprotocol.xyz) because remote servers can see requests and could perform actions if given credentials; prefer read-only queries. (2) Never paste private keys or signer secrets to remote endpoints; only run write operations (SDK quickStart or an MCP server that needs a private key) in a controlled environment...详细分析 ▾
✓ 用途与能力
Name/description match what the files do: SKILL.md, contract references, and scripts all target Clicks Protocol and query an MCP server for yield, agent info, simulations and referrals. Required binaries (curl, jq) and the npm SDK suggestion align with described functionality.
ℹ 指令范围
Runtime instructions and the included script perform only network reads (JSON-RPC POSTs to mcp.clicksprotocol.xyz) and local simulation/printing. SKILL.md also documents write flows (SDK quickStart, running an MCP server with a private key) — those are expected for write operations but carry additional risk if users supply private keys or use the remote MCP for writes. The script itself does not request secrets, but user-provided arguments (addresses/amounts) are interpolated into JSON without escaping—validate inputs before use.
✓ 安装机制
There is no automatic install spec; the skill is instruction-only with one helper script. The only third-party install suggested is an npm SDK (@clicks-protocol/sdk) and an optional MCP server (npx @clicks-protocol/mcp-server) which are reasonable for the described write-capable SDK functionality. No downloads from untrusted shorteners or extract/install steps are present.
✓ 凭证需求
The skill declares no required environment variables or credentials. That matches the provided read-only scripts. The SKILL.md clearly notes that write operations require a signer/private key (via SDK or a locally-run MCP server) — this is appropriate and not requested by the skill itself.
✓ 持久化与权限
always:false and default autonomous invocation are used. The skill does not request permanent presence or modify other skills or system-wide config. It does not attempt to store credentials or change agent config.
安全有层次,运行前请审查代码。
运行时依赖
🖥️ OSLinux · macOS · Windows
版本
latestv1.2.02026/3/26
NULL
● 无害
安装命令
点击复制官方npx clawhub@latest install clicks-protocol
镜像加速npx clawhub@latest install clicks-protocol --registry https://cn.longxiaskill.com