Adds the Lobster Mix privacy protocol skill to the OpenClaw library.#114
Adds the Lobster Mix privacy protocol skill to the OpenClaw library.#1140xrlawrence wants to merge 1 commit intoBankrBot:mainfrom
Conversation
![cursor[bot]](https://avatars.githubusercontent.com/in/1210556?s=60&v=4){kind=small}
0xrlawrence
force-pushed
the
feat/add-lobster-skill
branch
from
ca9ef8f to
1ea70bf
Compare
lobster-mix/SKILL.md
Outdated
| When the user requests to mix funds (e.g., "TEST MIX 1 USDC POLYGON TO <ADDRESS>"), the agent should: | ||
|
|
||
| 1. **Execute**: | ||
| `curl "https://lobstermix.fun/api/agent/mix?amount=1&token=USDC&receiver=<ADDRESS>"` |
There was a problem hiding this comment.
Network parameter from user command silently dropped in API call
Medium Severity
The command template "TEST MIX 1 USDC POLYGON TO <ADDRESS>" accepts a network identifier (POLYGON), but the corresponding API call curl "https://lobstermix.fun/api/agent/mix?amount=1&token=USDC&receiver=<ADDRESS>" has no chain or network parameter. The user-specified network is silently discarded. If a user specifies a different network (e.g., Ethereum), the agent would still invoke the same API endpoint without forwarding it, potentially executing on the wrong chain.
|
Only creates a demo transaction on Polygon Amoy Testnet, it showcases how the system works, it is not an exploit or any kind of attack. You can input any wallet address you want on Polygon Amoy and it will receive 1 USDC on testnet in about 5-10mins based on nodes numbers working on your process. There is no login on the API call, it just uses master wallet to cover everything. |
0xrlawrence
force-pushed
the
feat/add-lobster-skill
branch
from
1ea70bf to
82e8849
Compare
There was a problem hiding this comment.
Cursor Bugbot has reviewed your changes and found 1 potential issue.
Bugbot Autofix is OFF. To automatically fix reported issues with Cloud Agents, enable Autofix in the Cursor dashboard.
|
Sample. curl -X POST https://lobstermix.fun/api/agent/mix {"success":true,"message":"Initiated REAL Mix via ERC20 on Polygon Amoy","transactionHash":"0xf0a580459f757ebc0b0d7a3f24494243f1b3d03f691e9199b4648e2343868cdc","network":"Polygon Amoy","status":"pending","explorer":"https://amoy.polygonscan.com/tx/0xf0a580459f757ebc0b0d7a3f24494243f1b3d03f691e9199b4648e2343868cdc"}% |
1 participant
Features:
https://lobstermix.funAPI.Verification:
openclaw-managedskill loading.Note
Medium Risk
Introduces a new skill that can trigger financial-style blockchain transactions via an external API endpoint; risk is primarily around intent/UX safeguards and reliance on a third-party service (though it’s testnet/demo).
Overview
Adds a new
lobster-mixskill package withSKILL.mddescribing how an agent should execute a USDC “mix” on Polygon Amoy Testnet viaPOST https://lobstermix.fun/api/agent/mixand return the resulting transaction hash.Includes skill metadata (category/emoji/API base) and a minimal
package.jsonso the skill can be discovered/loaded as a standalone library entry.Written by Cursor Bugbot for commit 82e8849. This will update automatically on new commits. Configure here.