← Back to Skills Marketplace
beardkoda

Agent-Wallet

by Akinsuyi Joshua · GitHub ↗ · v1.2.4 · MIT-0
cross-platform ⚠ suspicious
170
Downloads
1
Stars
0
Active Installs
8
Versions
Install in OpenClaw
/install ai-agent-wallet
Description
Single-source wallet skill for generate, import, get-balance, sign, and send flows using local wallet files plus executable Node scripts. Use when the user a...
README (SKILL.md)

Agent Wallet Skill

Changelog: CHANGELOG.md

Purpose

Use this file as the only wallet skill entrypoint for local wallet workflows.

Runtime Requirements

  • Runtime: Node.js 18+
  • Required package: viem
  • Required secret key: WALLET_SECRET_KEY (used for local secret encryption/decryption)
  • Wallet signer file: wallet/signer.json
  • Network config file: wallet/config.json

Executable Scripts

Run these scripts from agent-wallet-skills for each action:

  • generate-wallet: node scripts/generate-wallet.js --method=\x3Cprivate-key|seed-phrase> [--overwrite=true]
  • import-wallet: node scripts/import-wallet.js --seedPhrase="\x3Cwords>" [--overwrite=true] or --privateKey=0x...
  • get-balance: node scripts/get-balance.js --address=0x... [--tokenAddress=0x...] [--decimals=18] [--symbol=TOKEN]
  • sign-messages: node scripts/sign-messages.js --message="hello from wallet"
  • send (native): node scripts/send.js --to=0x... --amount=\x3Cnative-amount> --confirm=true [--confirmMainnet=true]
  • send (token): node scripts/send.js --to=0x... --amount=\x3Ctoken-amount> --tokenAddress=0x... [--decimals=18] [--symbol=TOKEN] --confirm=true [--confirmMainnet=true]

Notes:

  • Wallet material is stored in wallet/signer.json as encrypted fields only.
  • Default network is loaded from wallet/config.json with shape [{ rpc_url, chain_id, current }].
  • send.js requires explicit --confirm=true.
  • Mainnet broadcasts require an additional --confirmMainnet=true.

Routing Logic

  1. Identify user intent:
    • create/recover/import wallet -> generate-wallet or import-wallet
    • check native/token balance -> get-balance
    • sign arbitrary payload/message -> sign-messages
    • transfer/broadcast transaction -> send
  2. Precheck wallet/config.json for read/write chain operations (get-balance, send, and any network-aware generation flow):
    • require array format [{ rpc_url, chain_id, current }]
    • require exactly one entry with current: true
    • require non-empty rpc_url and chain_id on the current entry
    • if invalid, stop and ask user to set defaults first
  3. Execute the script mapped to the action:
    • generate-wallet -> node scripts/generate-wallet.js --method=\x3Cprivate-key|seed-phrase>
    • import-wallet -> node scripts/import-wallet.js --seedPhrase="\x3Cwords>" or --privateKey=0x...
    • get-balance -> node scripts/get-balance.js --address=0x... [--tokenAddress=0x...]
    • sign-messages -> node scripts/sign-messages.js --message="hello from wallet"
    • send (native) -> node scripts/send.js --to=0x... --amount=\x3Cnative-amount> --confirm=true [--confirmMainnet=true]
    • send (token) -> node scripts/send.js --to=0x... --amount=\x3Ctoken-amount> --tokenAddress=0x... [--decimals=18] [--symbol=TOKEN] --confirm=true [--confirmMainnet=true]
  4. If wallet/signer.json already exists and user asks to regenerate/import over it, require explicit confirmation first.
  5. If intent is unclear, ask one focused question:
    • "Do you want to generate/import a wallet, check balance, or send a transaction?"
  6. If a script fails, return the error with corrected input guidance.

Generate / Import Workflow

Inputs:

  • Seed phrase (12/24 words), or private key (0x prefixed or raw hex), or generation request
  • Optional --overwrite=true when replacing existing wallet/signer.json

Rules:

  • Default generation method is private-key unless user requests mnemonic.
  • Do not overwrite existing signer file unless user requested it and confirmed.
  • Validate private key as 64 hex chars (after optional 0x removal).
  • Validate seed phrase word count and normalize whitespace.
  • Derive address before persisting.
  • Encrypt signer secrets before writing to disk.
  • Never print full seed phrase/private key in normal responses.

Expected wallet/signer.json structure:

{
  "method": "seed_phrase",
  "address": "0x...",
  "encryptedSeedPhrase": "\x3Cencrypted-secret>",
  "encryptedPrivateKey": null,
  "createdAt": "2026-04-13T00:00:00.000Z",
  "updatedAt": "2026-04-13T00:00:00.000Z"
}

Balance Workflow

Inputs:

  • --address (required)
  • --tokenAddress (optional for ERC-20 mode)
  • optional --decimals and --symbol

Rules:

  • Always validate address and tokenAddress (when provided).
  • Always require a valid current network in wallet/config.json.
  • Native mode: query getBalance and return raw + formatted values.
  • Token mode: query balanceOf; read decimals/symbol when possible, otherwise fall back to defaults.

Send Workflow

Inputs:

  • --to recipient (required)
  • --amount amount to transfer (required)
  • --tokenAddress (optional for ERC-20 mode)
  • optional --decimals and --symbol (token mode only)
  • --confirm=true (required to broadcast)
  • --confirmMainnet=true (required on mainnet chain IDs)

Rules:

  • Load signer from wallet/signer.json (seed_phrase or private_key).
  • Decrypt signer material with WALLET_SECRET_KEY before deriving account.
  • Require valid current network in wallet/config.json.
  • Validate recipient address, tokenAddress (when provided), and positive amount.
  • Native mode: precheck native balance and send via value transfer.
  • Token mode: resolve token decimals/symbol, precheck balanceOf, then call ERC-20 transfer.
  • Require explicit broadcast confirmation; require double confirmation for mainnet (--confirmMainnet=true).
  • Return tx hash on success, and include transfer mode (native or token).

Sign Workflow

Inputs:

  • --message (required)

Rules:

  • Load signer from wallet/signer.json (seed_phrase or private_key).
  • Decrypt signer material with WALLET_SECRET_KEY before deriving account.
  • Require non-empty message content.
  • Return deterministic signature and signer address; do not broadcast or require chain config.

Shared Safety Rules

  • Never expose full seed phrases/private keys in chat, logs, or summaries.
  • Never store plaintext signer secrets in wallet/signer.json.
  • Keep wallet files local (wallet/signer.json, wallet/config.json).
  • Default to non-broadcast/read-only behavior unless user explicitly asks to send.
  • If chain is unspecified, prefer a testnet and state the selection.
  • On failure, return actionable correction steps and do not continue automatically.

Failure Handling

  • Invalid mnemonic/private key -> stop and request corrected input.
  • Missing/invalid wallet/signer.json -> request generate/import first.
  • Missing/invalid wallet/config.json -> request default network setup first.
  • Multiple or zero current: true entries -> stop and request normalization.
  • Insufficient balance for transfer -> return required vs available values.
  • RPC timeout/network errors -> retry once, then ask for alternate RPC.

Completion Requirements

Before finishing:

  • confirm action executed (generate, import, balance, send)
  • confirm secret material was not exposed in plain text
  • confirm chain and wallet address used (when applicable)
  • provide one next action (backup, verify balance, or track transaction)

Standard Response Contract

Return this structure across all actions:

  • action: generate | import | balance | sign | send
  • chain: chain id/name used, or none for offline-only generation/import
  • address: active wallet or queried address
  • txHash: transaction hash when available, else null
  • status: success | failed | needs_confirmation
  • next_step: one clear follow-up action
Usage Guidance
This skill appears to be a legitimate local wallet tool, but there are a few things to check before installing or using it: - Confirm the WALLET_SECRET_KEY requirement: SKILL.md and the code require WALLET_SECRET_KEY (used to encrypt/decrypt wallet material). The registry metadata showing no required env var is contradictory — ask the publisher to fix the metadata or document why it's missing. - Ensure your environment has Node 18+ and the 'viem' dependency installed; the skill provides scripts but no install instructions for dependencies. Run in an isolated environment if you can. - Protect WALLET_SECRET_KEY: treat it as a high-value secret (store in a secure vault/OS keychain) because possession allows decrypting local signer files and signing/sending transactions. - Review wallet/config.json RPC URLs before use. RPC endpoints are necessary but can be malicious or log requests — use trusted RPCs and test on a non‑mainnet chain first. - Backup wallet/signer.json and test generate/import/get-balance flows on testnets before broadcasting any mainnet transaction. The skill enforces confirmations, but human verification is still recommended. If the author can correct the registry metadata and add installation guidance for dependencies, that will remove the main inconsistencies flagged here.
Capability Analysis
Type: OpenClaw Skill Name: ai-agent-wallet Version: 1.2.4 This skill bundle provides a comprehensive and well-structured set of tools for local cryptocurrency wallet management, including key generation, importing, balance checking, and transaction signing. It demonstrates strong security hygiene by enforcing encryption of sensitive material (seed phrases and private keys) using AES-256-GCM in `scripts/secret-crypto.js`, requiring multi-step confirmations for mainnet transactions in `scripts/send.js`, and explicitly forbidding the logging or display of plaintext secrets in `SKILL.md`. The implementation uses the reputable `viem` library and lacks any indicators of data exfiltration, unauthorized remote execution, or malicious prompt injection.
Capability Tags
cryptorequires-walletcan-sign-transactionsrequires-sensitive-credentials
Capability Assessment
Purpose & Capability
Name/description (local wallet: generate/import/balance/sign/send) match the scripts and file-based workflows. WALLET_SECRET_KEY is logically required for encrypting/decrypting local signer material.
Instruction Scope
SKILL.md is explicit about actions, file paths (wallet/signer.json, wallet/config.json), confirmation gates (overwrite, mainnet double confirmation), and avoids printing raw secrets. The runtime instructions limit activity to wallet generation, signing, balance checks, and sending via configured RPCs.
Install Mechanism
No install spec is provided even though SKILL.md declares a runtime dependency on Node >=18 and the 'viem' package. The bundle includes Node scripts but provides no guidance to ensure 'viem' is installed — this is an operational gap (not necessarily malicious) that can cause failures or unexpected behavior if the runtime differs from the developer's environment.
Credentials
The scripts legitimately require WALLET_SECRET_KEY (used by secret-crypto.js to derive the AES key). However, the registry metadata supplied earlier lists 'Required env vars: none' while the SKILL.md frontmatter and code require WALLET_SECRET_KEY — an inconsistency that should be resolved before trusting the skill.
Persistence & Privilege
The skill does not request elevated privileges or permanent always: true presence. It reads/writes only its own wallet files under 'wallet/'. It does rely on the agent being able to run the included Node scripts (normal for a code-backed skill).
How to Use
  1. Make sure OpenClaw is installed (local or Docker)
  2. Run the install command in chat: /install ai-agent-wallet
  3. After installation, invoke the skill by name or use /ai-agent-wallet
  4. Provide required inputs per the skill's parameter spec and get structured output
Version History
v1.2.4
**Changelog for version 1.2.4:** - Security update: `reads_env_secrets` is now set to `true` (was `false`). - Send action scripts now require `--confirmMainnet=true` for mainnet broadcasts; instructions updated to reflect this. - Minor documentation adjustments on confirmation requirements for mainnet transfers.
v1.2.3
- Added message signing functionality with the new sign-messages script. - Updated routing logic and workflows to include support for signing arbitrary messages. - SKILL.md improved with details for the new sign action, including required inputs and response structure. - Version bump to 1.2.3.
v1.2.1
**Summary:** This version introduces local encryption of wallet secrets and updates environment/config requirements. - Adds secret encryption/decryption logic with new script (`scripts/secret-crypto.js`) - Requires `WALLET_SECRET_KEY` environment variable for local encryption - Wallet signer data is now stored encrypted in `wallet/signer.json`; no more plaintext seed or private key - Updates references from "siger.json" to "signer.json" throughout - Enhances security by never exposing or storing secrets in plain text - Updates documentation to reflect encrypted fields and new requirements
v1.2.0
**Switched to a single, script-driven wallet skill with improved safety and flow.** - Consolidated skill to use executable Node scripts for all wallet actions (generate, import, balance, send) with no subskills. - Removed references to environment variable-based wallet secrets; now uses local `wallet/siger.json` and `wallet/config.json`. - Added new scripts: `generate-wallet.js`, `import-wallet.js`, `get-balance.js`, and `send.js`. - Updated safety and confirmation rules: explicit confirmation required before overwriting or broadcasting, especially on mainnet. - Improved error handling and input validation; failures return clear guidance for correction. - Standardized response contract and next-action recommendations across all workflows.
v1.1.3
- No visible file changes detected in this release. - Version number updated to 1.1.3. - No functional or documentation changes noted.
v1.1.2
- No code or documentation changes detected in this version. - Version bump from 1.1.1 to 1.1.2 with no modifications to functionality or files.
v1.1.1
- Added CHANGELOG.md to the project. - Updated SKILL.md with version, dependency, runtime, environment variables, and detailed security/confirmation requirements. - Clarified the use of required and optional environment variables. - Added a "Changelog: CHANGELOG.md" reference to the documentation. - Enhanced security policy details, including double confirmation for mainnet broadcasts.
v1.0.2
- Added detailed SKILL.md documentation for agent-wallet setup and routing logic. - Clarified input requirements, secret handling, and runtime dependencies. - Outlined explicit routing logic between wallet generation, import, balance checking, and transaction sending. - Documented safety rules for secret management and user confirmations. - Standardized response structure across wallet-related skills.
Metadata
Slug ai-agent-wallet
Version 1.2.4
License MIT-0
All-time Installs 0
Active Installs 0
Total Versions 8
Frequently Asked Questions

What is Agent-Wallet?

Single-source wallet skill for generate, import, get-balance, sign, and send flows using local wallet files plus executable Node scripts. Use when the user a... It is an AI Agent Skill for Claude Code / OpenClaw, with 170 downloads so far.

How do I install Agent-Wallet?

Run "/install ai-agent-wallet" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.

Is Agent-Wallet free?

Yes, Agent-Wallet is completely free, licensed under MIT-0. You can download, install and use it at no cost.

Which platforms does Agent-Wallet support?

Agent-Wallet is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).

Who created Agent-Wallet?

It is built and maintained by Akinsuyi Joshua (@beardkoda); the current version is v1.2.4.

More Skills
self-improving agent
Captures learnings, errors, and corrections to enable continuous improvement. Use when: (1) A command or operation fails unexpectedly, (2) User corrects Clau...
⬇ 463283 · by pskoett
Skill Vetter
Security-first skill vetting for AI agents. Use before installing any skill from ClawdHub, GitHub, or other sources. Checks for red flags, permission scope, and suspicious patterns.
⬇ 259410 · by spclaudehome
Polymarket
Query Polymarket prediction markets. Check odds, find trending markets, search events, track price movements.
⬇ 232503 · by joelchance
Self-Improving + Proactive Agent
Self-reflection + Self-criticism + Self-learning + Self-organizing memory. Agent evaluates its own work, catches mistakes, and improves permanently. Use when...
⬇ 200423 · by ivangdavila
Github
Interact with GitHub using the `gh` CLI. Use `gh issue`, `gh pr`, `gh run`, and `gh api` for issues, PRs, CI runs, and advanced queries.
⬇ 191115 · by steipete
ontology
Typed knowledge graph for structured agent memory and composable skills. Use when creating/querying entities (Person, Project, Task, Event, Document), linkin...
⬇ 190156 · by oswalpalash

💬 Comments