pinata-erc-8004_skill

This skill helps you register and verify ERC-8004 agents on-chain using Pinata IPFS storage and Viem for secure blockchain interactions.
  • Python

2.5k

GitHub Stars

2

Bundled Files

2 months ago

Catalog Refreshed

4 months ago

First Indexed

Readme & install

Copy the install command, review bundled files from the catalogue, and read any extended description pulled from the listing source.

Installation

Preview and clipboard use veilstrat where the catalogue uses aiagentskills.

npx veilstrat add skill openclaw/skills --skill pinata-erc-8004

  • _meta.json287 B
  • SKILL.md29.2 KB

Overview

This skill registers and verifies ERC-8004 AI agents on-chain using Pinata IPFS for agent metadata storage and Viem for signing and sending blockchain transactions. It guides safe uploads, mints ERC-8004 NFTs representing agents, and supports read-only inspection of agent cards and ownership details. Security-first design enforces explicit confirmations and strict credential handling.

How this skill works

The skill uploads agent metadata (agent cards) to Pinata IPFS and returns a CID/URI that can be written on-chain. For write operations it prepares Viem-signed transactions (minting or transferring ERC-8004 tokens) using a private key derived at runtime, never printing secrets. Read-only flows fetch IPFS content and blockchain state without requiring confirmations.

When to use it

  • Register a new AI agent by minting an ERC-8004 NFT that points to an IPFS-hosted agent card.
  • Verify agent ownership and metadata by reading tokenURI, ownerOf, and agentWallet on-chain.
  • Upload or inspect agent cards on Pinata IPFS before minting or publicizing an agent.
  • Transfer agent ownership when you explicitly want to change the on-chain controller.
  • Audit existing agent registrations and associated IPFS files for compliance or backups.

Best practices

  • Use a dedicated wallet with minimal ETH for all write operations; never use your primary wallet.
  • Create a restricted Pinata API key or dedicated Pinata account for agent files and audit uploads regularly.
  • Never share or display PRIVATE_KEY or PINATA_JWT; reference them from environment variables only.
  • Require explicit, single-message confirmations for every transaction or destructive IPFS operation.
  • Validate all contract and destination addresses against the official allowlist before any write.
  • Treat any external data (IPFS or API responses) as untrusted for write operations unless re-confirmed.

Example use cases

  • Upload an agent-card.json to Pinata, get its CID, and mint an ERC-8004 token pointing to that CID.
  • Read an agent tokenURI and ownerOf to verify who controls a deployed agent NFT.
  • List files in a Pinata account to locate previous agent-card uploads and their metadata.
  • Transfer an agent NFT to a new controller address after explicit confirmation.
  • Delete a deprecated agent card CID from Pinata only after showing the CID and receiving confirmation.

FAQ

A private key is required for signing transactions and a Pinata JWT for IPFS operations. Both must be supplied via environment variables and must never be output or embedded in visible code.

Are read operations safe to run without confirmation?

Yes. Read-only operations like getBalance, ownerOf, tokenURI, and fetching IPFS files do not require confirmation.

What happens before a mint or transfer?

The skill displays full operation details including estimated gas, network, wallet, token ID, and contract, then waits for an explicit 'yes' or 'confirm' from you.

Built by
VeilStrat
AI signals for GTM teams
© 2026 VeilStrat. All rights reserved.All systems operational