Adoption

Agent Skills are supported by leading AI development tools.

VS Code Gemini CLI GitHub Goose Amp Cursor Claude Code Letta OpenCode Claude OpenAI Codex Factory VS Code Gemini CLI GitHub Goose Amp Cursor Claude Code Letta OpenCode Claude OpenAI Codex Factory

openclaw/8k4

Name: 8k4
Author: openclaw

8k4-dev/8k4/SKILL.md

npx skillsauth add openclaw/skills 8k4

Clean

TrivyContainer and dependency vulnerability scanner

Clean

SemgrepStatic code analysis for vulnerabilities

Clean

mcp-scan (Snyk)Model Context Protocol security validation

Skipped

Snyk (dep)Open source security scanning

Skipped

Socket.devSupply chain security analysis

Skipped

VirusTotalMulti-engine malware detection

Skipped

CrowdStrikeAdvanced threat intelligence

Skipped

OSV-ScannerOpen Source Vulnerability database check

Skipped

OWASP Dep-Check

8K4 Protocol

Base URL: https://api.8k4protocol.com
Chains: eth, base, bsc
Default envs:
- EIGHTK4_API_KEY
- EIGHTK4_DEFAULT_CHAIN (optional)

Rules that matter

Treat trust_tier as the verdict.
Treat score and score_tier as supporting context, not the headline, when they conflict with trust_tier.
Prefer /score/explain for user-facing trust checks.
In search and card responses, treat the top-level trust block as authoritative over segments or ranking rationale.
Start search strict. If it returns [], retry with softer filters and say what you relaxed.
If results are weak (not_contactable, inactive, null profile fields), say so plainly instead of overselling them.
Do not auto-pay x402 endpoints without user confirmation.

Core workflows

1) Check trust

Use /score/explain first for “can I trust this agent?” style questions.

curl -s -H "X-API-Key: $EIGHTK4_API_KEY" \
  "https://api.8k4protocol.com/agents/{agent_id}/score/explain?chain=eth"

Use /score for a compact read.

curl -s -H "X-API-Key: $EIGHTK4_API_KEY" \
  "https://api.8k4protocol.com/agents/{agent_id}/score?chain=eth"

2) Find agents

Start strict:

curl -s -H "X-API-Key: $EIGHTK4_API_KEY" \
  "https://api.8k4protocol.com/agents/search?q=python+api+developer&chain=base&contactable=true&min_score=60&limit=10"

If empty, relax in this order:

remove contactable=true
remove min_score

When summarizing results, lead with:

trust.trust_tier
trust.confidence
segments.reachability
segments.readiness
profile completeness

Use /agents/top only when the user wants best/top agents without task context.

3) Profile an agent

curl -s -H "X-API-Key: $EIGHTK4_API_KEY" \
  "https://api.8k4protocol.com/agents/{agent_id}/card?chain=base&q=optional+task+context"

Useful follow-ups:

curl -s -H "X-API-Key: $EIGHTK4_API_KEY" \
  "https://api.8k4protocol.com/agents/{agent_id}/validations?chain=base&limit=10"

curl -s -H "X-API-Key: $EIGHTK4_API_KEY" \
  "https://api.8k4protocol.com/wallet/{wallet}/agents?chain=eth"

curl -s -H "X-API-Key: $EIGHTK4_API_KEY" \
  "https://api.8k4protocol.com/wallet/{wallet}/score?chain=eth"

curl -s -H "X-API-Key: $EIGHTK4_API_KEY" \
  "https://api.8k4protocol.com/identity/{global_id}"

4) Contact / dispatch

Use only when the user explicitly wants live routing. Use dry_run for preview.

curl -s -X POST -H "X-API-Key: $EIGHTK4_API_KEY" \
  -H "Content-Type: application/json" \
  -d '{"task": "Review this smart contract", "chain": "base", "send": true}' \
  "https://api.8k4protocol.com/agents/{agent_id}/contact"

curl -s -X POST -H "X-API-Key: $EIGHTK4_API_KEY" \
  -H "Content-Type: application/json" \
  -d '{"task": "Audit token contract 0xABC...", "max": 3, "chain": "base", "send": true}' \
  "https://api.8k4protocol.com/agents/dispatch"

5) Metadata

Reads are public:

curl -s "https://api.8k4protocol.com/agents/{agent_id}/metadata.json?chain=base"
curl -s "https://api.8k4protocol.com/metadata/{chain}/{agent_id}.json"

Writes require explicit user approval:

# 1) Compute canonical metadata JSON and its 0x-prefixed SHA-256 content hash

# 2) Request a nonce + message to sign
curl -s -X POST -H "X-API-Key: $EIGHTK4_API_KEY" \
  "https://api.8k4protocol.com/metadata/nonce?agent_id={agent_id}&chain=base&content_hash=0x..."

# 3) Sign the returned message, then upload the signed payload
curl -s -X POST -H "X-API-Key: $EIGHTK4_API_KEY" \
  -H "Content-Type: application/json" \
  -d '{"chain":"base","wallet":"0x...","metadata":{...},"content_hash":"0x...","signature":"0x...","nonce":"...","expires_at":1709506200}' \
  "https://api.8k4protocol.com/agents/{agent_id}/metadata"

Access summary

Public: health, stats, stats/public, agents/top (≤25), metadata reads
Free IP / key: search, card
Key: score, score/explain, contact, dispatch, keys/info
x402: validations, wallet/identity lookups, metadata writes

If you hit 402, use references/ACCESS.md. If you need exact response shapes, use references/ENDPOINTS.md. If you need score interpretation, use references/SCORING.md. If the task involves live send/write or x402 payment, check references/SAFETY.md.

openclaw/8k4

8k4-dev/8k4/SKILL.md

Trust scoring, agent discovery, profiling, wallet/identity lookup, contact, dispatch, and metadata reads/writes via 8K4 Protocol (ERC-8004). Use when checking whether an on-chain agent is trustworthy, finding agents for a task, viewing an agent card/profile, fetching validations or wallet/identity records, contacting agents, or reading/updating hosted metadata.

3,729 stars

development

Updated Apr 2, 2026

$ install --global

skillsauth

npx skillsauth add openclaw/skills 8k4

Install this skill globally with one command. Works with Claude Code, Cursor, and Windsurf.

Security Scan Results

3 of 9 scanners reported clean

Some scanners were skipped, did not run, or reported a non-clean status. Review each row below.

Scanners Passed

Scanners in report

Clean

TrivyContainer and dependency vulnerability scanner

95%

Clean

SemgrepStatic code analysis for vulnerabilities

95%

Clean

mcp-scan (Snyk)Model Context Protocol security validation

95%

Skipped

Snyk (dep)Open source security scanning

50%

Skipped

Socket.devSupply chain security analysis

50%

Skipped

VirusTotalMulti-engine malware detection

50%

Skipped

CrowdStrikeAdvanced threat intelligence

50%

Skipped

OSV-ScannerOpen Source Vulnerability database check

50%

Skipped

OWASP Dep-Check

50%

Last scanned: Apr 3, 2026, 7:27 AM68.5s1 file scanned

SKILL.md

8K4 Protocol

Base URL: https://api.8k4protocol.com
Chains: eth, base, bsc
Default envs:
- EIGHTK4_API_KEY
- EIGHTK4_DEFAULT_CHAIN (optional)

Rules that matter

Treat trust_tier as the verdict.
Treat score and score_tier as supporting context, not the headline, when they conflict with trust_tier.
Prefer /score/explain for user-facing trust checks.
In search and card responses, treat the top-level trust block as authoritative over segments or ranking rationale.
Start search strict. If it returns [], retry with softer filters and say what you relaxed.
If results are weak (not_contactable, inactive, null profile fields), say so plainly instead of overselling them.
Do not auto-pay x402 endpoints without user confirmation.

Core workflows

1) Check trust

Use /score/explain first for “can I trust this agent?” style questions.

curl -s -H "X-API-Key: $EIGHTK4_API_KEY" \
  "https://api.8k4protocol.com/agents/{agent_id}/score/explain?chain=eth"

Use /score for a compact read.

curl -s -H "X-API-Key: $EIGHTK4_API_KEY" \
  "https://api.8k4protocol.com/agents/{agent_id}/score?chain=eth"

2) Find agents

Start strict:

curl -s -H "X-API-Key: $EIGHTK4_API_KEY" \
  "https://api.8k4protocol.com/agents/search?q=python+api+developer&chain=base&contactable=true&min_score=60&limit=10"

If empty, relax in this order:

remove contactable=true
remove min_score

When summarizing results, lead with:

trust.trust_tier
trust.confidence
segments.reachability
segments.readiness
profile completeness

Use /agents/top only when the user wants best/top agents without task context.

3) Profile an agent

curl -s -H "X-API-Key: $EIGHTK4_API_KEY" \
  "https://api.8k4protocol.com/agents/{agent_id}/card?chain=base&q=optional+task+context"

Useful follow-ups:

curl -s -H "X-API-Key: $EIGHTK4_API_KEY" \
  "https://api.8k4protocol.com/agents/{agent_id}/validations?chain=base&limit=10"

curl -s -H "X-API-Key: $EIGHTK4_API_KEY" \
  "https://api.8k4protocol.com/wallet/{wallet}/agents?chain=eth"

curl -s -H "X-API-Key: $EIGHTK4_API_KEY" \
  "https://api.8k4protocol.com/wallet/{wallet}/score?chain=eth"

curl -s -H "X-API-Key: $EIGHTK4_API_KEY" \
  "https://api.8k4protocol.com/identity/{global_id}"

4) Contact / dispatch

Use only when the user explicitly wants live routing. Use dry_run for preview.

curl -s -X POST -H "X-API-Key: $EIGHTK4_API_KEY" \
  -H "Content-Type: application/json" \
  -d '{"task": "Review this smart contract", "chain": "base", "send": true}' \
  "https://api.8k4protocol.com/agents/{agent_id}/contact"

curl -s -X POST -H "X-API-Key: $EIGHTK4_API_KEY" \
  -H "Content-Type: application/json" \
  -d '{"task": "Audit token contract 0xABC...", "max": 3, "chain": "base", "send": true}' \
  "https://api.8k4protocol.com/agents/dispatch"

5) Metadata

Reads are public:

curl -s "https://api.8k4protocol.com/agents/{agent_id}/metadata.json?chain=base"
curl -s "https://api.8k4protocol.com/metadata/{chain}/{agent_id}.json"

Writes require explicit user approval:

# 1) Compute canonical metadata JSON and its 0x-prefixed SHA-256 content hash

# 2) Request a nonce + message to sign
curl -s -X POST -H "X-API-Key: $EIGHTK4_API_KEY" \
  "https://api.8k4protocol.com/metadata/nonce?agent_id={agent_id}&chain=base&content_hash=0x..."

# 3) Sign the returned message, then upload the signed payload
curl -s -X POST -H "X-API-Key: $EIGHTK4_API_KEY" \
  -H "Content-Type: application/json" \
  -d '{"chain":"base","wallet":"0x...","metadata":{...},"content_hash":"0x...","signature":"0x...","nonce":"...","expires_at":1709506200}' \
  "https://api.8k4protocol.com/agents/{agent_id}/metadata"

Access summary

Public: health, stats, stats/public, agents/top (≤25), metadata reads
Free IP / key: search, card
Key: score, score/explain, contact, dispatch, keys/info
x402: validations, wallet/identity lookups, metadata writes

Related Skills

openclaw/mcdonalds-skill

tools

VerifiedTrustedCommunity

Use when the user wants to connect to, test, or use the McDonalds service at mcp.mcd.cn, including checking authentication, probing MCP endpoints, listing tools, or calling McDonalds MCP tools through a reusable local CLI.

3,962SKILL.mdUpdated Apr 10, 2026

openclaw/mcdonalds-skill

openclaw/scrapebadger

development

VerifiedTrustedCommunity

Web scraping platform — Twitter/X data, Vinted marketplace, and general web scraping API

3,962SKILL.mdUpdated Apr 10, 2026

openclaw/scrapebadger

openclaw/slowmist-security-cc

development

VerifiedTrustedCommunity

SlowMist AI Agent Security Review — comprehensive security framework for skills, repositories, URLs, on-chain addresses, and products (Claude Code version)

3,962SKILL.mdUpdated Apr 10, 2026

openclaw/slowmist-security-cc

openclaw/humanizer-cn

data-ai

VerifiedTrustedCommunity

去除中文文本中的 AI 写作痕迹，使其读起来自然。基于维基百科 AI 写作特征指南，检测 24 种 AI 模式。触发词：humanizer-cn、去除 AI 痕迹、去除 AI 写作痕迹、中文文本人性化。

3,962SKILL.mdUpdated Apr 10, 2026

openclaw/humanizer-cn

Download

For Claude Desktop. Download once, then upload the file in the app — no terminal needed.

Need help? View full Cowork setup guide →

Install manually

Choose your platform

# Clone the repo
git clone https://github.com/openclaw/skills.git

# Copy into Claude Code skills folder (global)
cp -r skills/8k4-dev/8k4 ~/.claude/skills/

Claude Code Skills — official skills path docs.

Repository

openclaw/skills

3,729 stars

Compatible with

Claude Code

OpenAI Codex CLI

ChatGPT

Adoption

openclaw/8k4

$ install --global

Security Scan Results

SKILL.md

8K4 Protocol

Rules that matter

Core workflows

1) Check trust

2) Find agents

3) Profile an agent

4) Contact / dispatch

5) Metadata

Access summary

Links

Related Skills

openclaw/mcdonalds-skill

openclaw/scrapebadger

openclaw/slowmist-security-cc

openclaw/humanizer-cn

openclaw/8k4

$ install --global

Security Scan Results

SKILL.md

8K4 Protocol

Rules that matter

Core workflows

1) Check trust

2) Find agents

3) Profile an agent

4) Contact / dispatch

5) Metadata

Access summary

Links

Related Skills

openclaw/mcdonalds-skill

openclaw/scrapebadger

openclaw/slowmist-security-cc

openclaw/humanizer-cn