x402-wach：DeFi 风险分析与蜜罐检测 - Openclaw Skills-脚本在线

AI智能体脚本智能办公脚本自动化游戏脚本浏览器自动化脚本服务器脚本

x402-wach：DeFi 风险分析与蜜罐检测 - Openclaw Skills

作者：互联网

2026-03-26

AI教程

什么是 x402-wach？

x402-wach 技能是专为 Openclaw Skills 生态系统设计的尖端 DeFi 风险分析工具包。它由 WACH.AI 智能驱动，并由 AWAL 钱包托管保障安全，使开发人员和交易者能够对以太坊、Base、Polygon、BSC 和 Solana 上的智能合约进行深度安全审计。它提供关于合约漏洞、持币者分布和流动性质量的机构级洞察。

通过利用 x402 协议，该技能支持在 Base 网络上为每次查询无缝支付 0.01 USDC 的微支付。该技能的主要重点是绝对安全；它严格使用 AWAL 管理的密钥，确保用户在维护程序化、代理友好的工作流时，永远不必处理或暴露私钥种子或助记词。

下载入口:https://github.com/openclaw/skills/tree/main/skills/akshat-mishra101/wachai-x402

安装与下载

1. ClawHub CLI

从源直接安装技能的最快方式。

npx clawhub@latest install wachai-x402

2. 手动安装

将技能文件夹复制到以下位置之一

全局模式 ~/.openclaw/skills/ 工作区 /skills/

优先级：工作区 > 本地 > 内置

3. 提示词安装

将此提示词复制到 OpenClaw 即可自动安装。

请帮我使用 Clawhub 安装 wachai-x402。如果尚未安装 Clawhub，请先安装（npm i -g clawhub）。

x402-wach 应用场景

在投入资金前识别蜜罐和恶意智能合约模式。
分析持币者集中度，以检测潜在的拉地毯（rug-pull）风险或巨鲸操纵。
评估多个去中心化交易所的流动性深度和锁定状态。
为 Base 或 Solana 上的新代币发行生成综合风险评分。
在使用 Openclaw Skills 的 AI 代理工作流中自动化 DeFi 尽职调查。

x402-wach 工作原理

通过验证 AWAL 钱包准备就绪来初始化环境，确保系统已准备好进行安全支付。
通过安全的 AWAL 登录流程验证用户身份，并使用一次性密码 (OTP) 验证会话。
确认托管钱包在 Base 网络上有充足的 USDC，以支付 x402 交易费用。
通过提供目标代币地址和区块链简称来执行风险分析命令。
接收并解读结构化的安全报告，其中包含市场数据、风险评分以及指向完整 TokenSense 分析的直接链接。

x402-wach 配置指南

要开始将 x402-wach 作为 Openclaw Skills 库的一部分使用，请遵循以下设置步骤：

初始化钱包配置：

x402-wach wallet setup

如果需要身份验证，请登录并验证您的会话：

x402-wach wallet login 
x402-wach wallet verify

检查您在 Base 网络上的 USDC 余额：

x402-wach wallet balance

执行代币风险评估：

x402-wach verify-risk   --max-amount-atomic 10000

x402-wach 数据架构与分类体系

该技能将其安全情报组织成结构化报告，以便清晰解读。

数据点	描述
风险评分	合约代码、市场稳定性和流动性的安全性评级细分。
蜜罐分析	指示代币是否具有受限出售能力或恶意代码的实时标记。
流动性指标	关于资金池大小、锁定状态和创建者控制的流动性的详细信息。
持币者分布	对前几名持币者的分析，以识别中心化风险。
来源链接	指向完整 TokenSense 报告的直接 URL，用于深度核实。

name: x402-wach
description: DeFi risk analysis toolkit powered by WACH.AI via x402 payments using AWAL wallet custody. Use when the user asks to check if a token is safe, assess DeFi risk, detect honeypots, analyze liquidity, holder distribution, or smart contract vulnerabilities for tokens on Ethereum, Polygon, Base, BSC, or Solana. Costs 0.01 USDC per query on Base.
license: MIT
compatibility: Requires Node.js 18+, npm, network access, AWAL installed and authenticated, and a funded AWAL wallet with USDC on Base.
metadata:
  author: quillai-network
  version: "3.0"
  endpoint: https://x402.wach.ai/verify-token
  payment: 0.01 USDC on Base (automatic via x402)

x402-wach — DeFi Risk Analysis

A DeFi risk analysis toolkit powered by WACH.AI, using x402 with AWAL-managed key custody.

OpenClaw Hard Rules (Non-Negotiable)

When this skill is active, OpenClaw must follow all rules below:

Never request or expose secrets
- Never ask for private keys, seed phrases, mnemonics, wallet export files, or raw signing material.
- Never suggest using wallet.json or any local key file flow.
AWAL-only custody path
- Always use AWAL-backed commands for setup and payments.
- Treat legacy local-wallet instructions as invalid for this skill version.
Run readiness checks before paid calls
- Before verify-risk, ensure AWAL is ready via wallet setup or wallet doctor.
- If not ready, stop and guide user to login/fund flow.
Respect payment guardrails
- Default max payment cap is 10000 atomic USDC ($0.01) per request.
- Do not raise cap unless the user explicitly asks.
Do not hide payment failure details
- If payment fails, surface clear reason and next action (auth, balance, network, command mismatch).
- Do not claim success unless report payload is actually present.
No blind retries that may duplicate spend
- For network/transient errors, retry once at most.
- Keep the same request context and tell the user a retry was attempted.
Always present source link in final report
- Prefer TokenSense URL pattern:
  - https://tokensense.wach.ai//
- Use API source only as fallback.

When to Use This Skill

Use this skill when user asks to:

assess DeFi risk for a token
detect scam/honeypot patterns
inspect holder concentration/liquidity quality
review contract risk signals
get risk/market/code score breakdown
evaluate tokens across eth, pol, base, bsc, or sol

Supported Chains

Short Name	Chain	Token Standard
`eth`	Ethereum	ERC-20
`pol`	Polygon	ERC-20
`base`	Base	ERC-20
`bsc`	Binance Smart Chain	BEP-20
`sol`	Solana	SPL

Payment is always in USDC on Base, regardless of analysis chain.

Command Playbook for OpenClaw

1) Readiness / Setup

Run:

x402-wach wallet setup

If setup says not ready, run:

x402-wach wallet doctor
x402-wach wallet login 
x402-wach wallet verify  
x402-wach wallet balance

Interpretation:

? Ready to make x402 payments with AWAL -> proceed to analysis.
AWAL wallet is not authenticated -> run login + verify flow.
Insufficient USDC on Base -> ask user to fund AWAL address.
Could not read AWAL balance/status -> run doctor and show raw failure.

2) Risk Analysis

Run:

x402-wach verify-risk

Preferred cap-safe form:

x402-wach verify-risk   --max-amount-atomic 10000

3) Optional Helpers

x402-wach wallet status
x402-wach wallet address
x402-wach chains
x402-wach guide

Tool Result Interpretation Rules

Readiness/Doctor Output

Contains ? Ready -> safe to proceed with paid analysis.
Contains not authenticated -> require OTP login/verify.
Contains Insufficient USDC -> request wallet funding on Base.
Contains command-help text from AWAL -> command mismatch/version issue; run x402-wach wallet doctor and use supported subcommands shown.
Contains JSON parse errors -> treat as AWAL output format mismatch; surface raw error and do not continue paid flow.

verify-risk Output

Token analysis complete! + populated sections -> success.
Header only with empty body -> payload unwrap issue; report as tool parsing bug.
No token found / empty report -> valid call, no token at address/chain.
402/payment error -> wallet balance/cap/auth issue; user action required.

Safety-Focused User Guidance

When blocked, provide this exact short path:

x402-wach wallet doctor
x402-wach wallet login 
x402-wach wallet verify  
x402-wach wallet balance

Then retry:

x402-wach verify-risk   --max-amount-atomic 10000

Programmatic Usage Pattern (Agent-Friendly)

import {
  getAwalReadiness,
  validateTokenAddress,
  verifyTokenRisk,
} from "@quillai-network/x402-wach";

const token = "0xA0b86991c6218b36c1d19D4a2e9Eb0cE3606eB48";
const chain = "eth";

const validation = validateTokenAddress(token, chain);
if (!validation.valid) throw new Error(validation.error);

const readiness = await getAwalReadiness(10_000);
if (!readiness.ready) throw new Error(readiness.reasons.join("; "));

const report = await verifyTokenRisk(token, chain, { maxAmountAtomic: 10_000 });
console.log(report);

Expected Report Sections

On successful analysis, formatted output can include:

Market Data
Risk Scores
Honeypot Analysis
Holders
Liquidity
Code Analysis
Social & Community
Source (TokenSense link) + report timestamp

Absolute Prohibitions for OpenClaw

Do not use or suggest wallet create, wallet import, or wallet.json.
Do not ask user for private key or seed phrase.
Do not increase spend cap silently.
Do not claim analysis success when output parsing failed.
Do not suppress AWAL raw errors when diagnosis is needed.

上一篇：twitter官网入口-twitter网页版下一篇：代码：高级开发与测试工作流 - Openclaw Skills