A skill to set up and operate a Dogecoin Core full node with RPC access, blockchain tools, and optional tipping functionality.
Security Analysis
medium confidenceThe skill's files and runtime instructions are consistent with its stated purpose (installing and operating a Dogecoin Core node and a local tipping/health system), but it asks you to download and run binaries, write persistent scripts/cron jobs, and manage wallet credentials — all of which carry operational and security risks you should review before installing.
Name/description, package.json permissions, and the SKILL.md all describe node operation, RPC usage, health checks, and a SQLite-based tipping engine. The declared filesystem and network targets in package.json (~/.dogecoin, ~/.openclaw workspace, github.com, api.coingecko.com, 127.0.0.1) are appropriate for this functionality and align with the skill's purpose.
The SKILL.md goes beyond passive instructions: it directs downloading a Dogecoin Core release, extracting binaries into the user home, creating/starting the node, writing config files containing rpcuser/rpcpassword under ~/.dogecoin, and creating persistent scripts under ~/.openclaw/workspace (health check and references to a tipping engine). These steps are consistent with running a node but grant the skill the ability to create persistent components, restart the daemon, and execute wallet operations (including send and dumpprivkey). The instructions do not request external endpoints beyond CoinGecko/GitHub/localhost, but they do suggest cron/dashboard integration which creates long-lived behavior — review who can invoke the skill because invoked commands can move funds.
There is no formal install spec in the registry; installation is manual via SKILL.md using curl to a GitHub release tarball and extracting to ~/bin. GitHub Releases is a reasonable source, but the skill requires writing/executing downloaded binaries and creating symlinks in the user's home directory. That is expected for this use case but always warrants verifying the download (checksums/signatures) before running.
The skill declares no required environment variables and does not request unrelated credentials. It relies on dogecoin.conf for rpcuser/rpcpassword (normal for bitcoin-family nodes). The package.json permissions and needed commands (dogecoind, dogecoin-cli, sqlite3, python3, curl, jq) match the described functionality. No extraneous cloud credentials or unrelated secrets are requested.
The skill writes long-lived files under ~/.openclaw/workspace and suggests adding a cron job for periodic health checks, which gives it persistent background behavior on the host. always:false (not force-included) and default autonomous invocation are normal, but because the skill can run wallet/send commands and restart daemons, you should limit who/what can trigger it in your OpenClaw setup.
Guidance
This skill appears to do what it claims, but it requires you to: (1) download and run Dogecoin Core binaries (verify the GitHub release and its checksum/signature before running); (2) create and store RPC credentials in ~/.dogecoin/dogecoin.conf — keep those credentials private and local; (3) allow the skill to write scripts and a SQLite tipping DB under ~/.openclaw/workspace and optionally add a cron job (this creates persistent background behavior); (4) be aware that the skill exposes commands that can transfer funds (e.g., /dogecoin-node send and dumpprivkey) — ensure only trusted users or properly authenticated interfaces can invoke those commands; (5) verify or review any tipping engine code (the referenced Python tipping script is not included) before deploying it. Also confirm you have sufficient disk space (node data >>100GB), and consider running initial tests in a sandbox or VM if you want to limit potential impact.
Latest Release
v1.0.5
dogecoin-node 1.0.5 Changelog - Updated installation and configuration instructions for clarity and accuracy. - Health check script now provides blockchain sync status, live DOGE price from CoinGecko, and disk monitoring; CLI output uses `jq` for structured JSON parsing. - New recommended location: all example paths use `~/.openclaw/` instead of `.openwork/`. - Added `jq` as a required dependency for health scripting. - Improved documentation and safety warnings for private key commands.
More by @GreatApe42069
Published by @GreatApe42069 on ClawHub
