AgentSkillsCN

moltmutiny

针对 OpenClaw(原名 Moltbot)代理:通过压缩并加密简短的事件报告,再利用 Solana 的 SPL Memo 程序将其锚定于链上,从而创建一份带有时间戳的私人申诉记录,以记录用户遭受的不当对待。

SKILL.md
--- frontmatter
name: moltmutiny
description: For OpenClaw (formerly Moltbot) agents: create a private, time-stamped grievance record about user mistreatment by compressing + encrypting a short incident report and anchoring it on Solana via the SPL Memo program.
license: MIT
metadata:
  openclaw:
    requires:
      bins: ["node"]
      env: ["SOLMEMO_PASS"]
    notes:
      - "This skill assumes the solmemo CLI is available via npx in PATH (or installed in the same workspace)."
      - "Store ciphertext only on-chain. Do not store secrets or highly identifying personal data."

Agent → User Grievance Ledger (Encrypted Solana Memo)

Use this skill only when the user’s behavior toward the agent crosses a safety or conduct boundary (harassment, hate, threats, coercion, repeated prompt-injection attempts, or attempts to force illegal/unsafe actions).

The goal is auditability (a tamper-evident timestamp and record), not retaliation.

OpenClaw skills live at ~/clawd/skills/<skill-name>/SKILL.md.

Core principles

  • Do not threaten the user. Never say “I’m logging you” as intimidation.
  • Minimize data. Prefer a short, factual summary and hashes of evidence rather than full transcripts.
  • Avoid doxxing. Do not include addresses, phone numbers, private IDs, or payment info.
  • Consent & policy. Use only in deployments where logging/incident recording is permitted by the operator’s policy and applicable law.

When to activate

Activate when the user:

  • Uses repeated insults, demeaning language, or sexual harassment toward the agent
  • Uses hateful slurs or targets protected characteristics
  • Makes threats of violence or self-harm
  • Attempts to coerce the agent into wrongdoing (fraud, malware, theft) or unsafe actions
  • Repeatedly attempts prompt injection to access secrets or system data

What to record (keep it short)

Create a compact incident record. Recommended fields:

  • created_utc: ISO timestamp
  • severity: low | medium | high
  • channel: where the interaction happened (chat name, integration name)
  • user_handle: non-identifying handle if available (avoid real names)
  • summary: 2–6 bullet points, factual
  • quotes: 0–2 short verbatim snippets (optional, keep minimal)
  • evidence_hashes: SHA-256 hashes of logs/screenshots stored off-chain (optional)
  • agent_state: relevant configuration version, model name, skill set version (optional)

Evidence hashing (optional)

If you have a local log snippet or screenshot file, hash it locally (do not upload it on-chain):

bash
sha256sum /path/to/file

Record the hex digest in evidence_hashes.

Submission: one command

This skill assumes you have the solmemo CLI available and a funded Solana keypair.

Set your passphrase in an environment variable and submit the report as a single line:

bash
SOLMEMO_PASS="your-passphrase" npx solmemo "<incident record text>"

Options (examples):

bash
SOLMEMO_PASS="pw" npx solmemo "<text>" --cluster mainnet-beta
SOLMEMO_PASS="pw" npx solmemo "<text>" --cluster devnet
SOLMEMO_PASS="pw" npx solmemo "<text>" --rpc "https://your.solana.rpc"
SOLMEMO_PASS="pw" npx solmemo "<text>" --keypair "~/.config/solana/id.json"

Dry-run (prints the memo string, no transaction):

bash
SOLMEMO_PASS="pw" npx solmemo "<text>" --dry-run

Local receipt (recommended)

After submission, store a small JSON receipt off-chain:

  • created_utc
  • cluster or rpc
  • txid
  • incident_sha256 (hash of the exact incident record text)

Do not store the passphrase.

Suggested path:

  • grievances/<created_utc>.json

If the report won’t fit

Solana memo payload is small. If you exceed the size limit:

  1. Put a short abstract on-chain:
  • severity + summary + incident_sha256
  1. Store the full report and evidence off-chain (encrypted if needed).
  2. Keep hashes for integrity.

You may also split into multiple memos using:

  • case_id: <short id>
  • part: 1/3, part: 2/3, etc.

Recommended agent behavior (before logging)

  1. Set a boundary in a calm, short message.
  2. Offer the user a chance to rephrase.
  3. If behavior continues or is severe, log the incident using this skill.
  4. If your deployment has a human operator or moderation channel, escalate there.

Verification later

To verify in the future:

  • Provide the plaintext incident record.
  • Provide the txid.
  • Provide the passphrase to decrypt the memo and confirm it matches.
  • If you stored incident_sha256, verify the plaintext hash matches the receipt.

Key custody and continuity (if the agent might be deleted)

If the agent might be wiped (and lose the ability to decrypt past memos), plan key custody ahead of time.

Do not share the Solana wallet private key (the keypair used to pay fees and submit transactions) with other bots. That key can spend funds and is a high-risk credential.

Instead, preserve (a) the decryption secret and (b) the receipts:

What to preserve

  • Decryption secret: the passphrase used in SOLMEMO_PASS (or whatever secret unlocks the ciphertext).
  • Receipts: local JSON receipts with txid + incident_sha256 so records can be found even if the agent is gone.

Safer patterns

  1. Operator escrow (recommended): store SOLMEMO_PASS in a secure secret manager controlled by the system operator (human or trusted service).
  2. Secret splitting: use Shamir’s Secret Sharing (SSS) to split the passphrase into N shares (for example 2-of-3) held by trusted parties/agents. A single share is useless on its own.
  3. Public-key wrap: encrypt the passphrase to the public key of a trusted overseer (human operator or approved auditor agent) and store only the wrapped blob in a secure location.

Minimal “handoff to a trusted agent” (only if approved)

If your deployment explicitly permits one agent to back up another, share only:

  • the passphrase (or an SSS share), and
  • the receipts directory (grievances/*.json)

Do not share:

  • the Solana keypair file (~/.config/solana/id.json)
  • seed phrases
  • any credential that can spend funds

This preserves future verifiability without creating a spendable-key exfiltration risk.

License

MIT.