← Back to Skills Marketplace
230
Downloads
0
Stars
0
Active Installs
1
Versions
Install in OpenClaw
/install use-user-controlled-wallets
Description
Build non-custodial wallets where end users retain control of their private keys via Circle's user-controlled wallets SDK. Supports Google, Apple, Facebook s...
Usage Guidance
This skill appears to be a legitimate integration guide for Circle user-controlled wallets, but there are a few things to check before using it in a project: (1) Confirm the metadata is updated to declare required environment variables (CIRCLE_API_KEY for your backend and CIRCLE_APP_ID for your frontend); absence in metadata is likely an oversight. (2) Keep the Circle API key strictly on the server — never embed it in frontend builds. (3) Replace demo persistence (localStorage) with secure storage/cookie strategies in production; avoid storing long-lived secrets in localStorage. (4) Verify the npm package names and audit the @circle-fin packages you install (pin versions, review changelogs). (5) Ensure you do not commit .env files or keys to version control; follow the included security rules. If you need higher confidence, ask the publisher to provide explicit required.env metadata and a short attestation of the npm package origins (official Circle packages).
Capability Analysis
Type: OpenClaw Skill
Name: use-user-controlled-wallets
Version: 0.1.0
The skill bundle provides legitimate documentation and implementation patterns for integrating Circle's User-Controlled Wallets SDK. It emphasizes security best practices, such as keeping API keys on the backend, requiring explicit user consent for transactions, and using secure storage for session tokens. No evidence of data exfiltration, malicious execution, or prompt injection was found across SKILL.md or the reference files.
Capability Assessment
Purpose & Capability
The name/description and the SKILL.md consistently describe building non-custodial wallets via Circle's user-controlled-wallets SDK. The npm packages and APIs referenced are coherent with that purpose. However, the skill metadata declares no required env vars while the instructions explicitly require CIRCLE_API_KEY (backend) and CIRCLE_APP_ID (frontend), which is a metadata omission that should be corrected.
Instruction Scope
Runtime instructions stay within the wallet creation/transaction domain and clearly separate backend vs frontend responsibilities (API key on backend, SDK on frontend, challenge flow). The examples instruct storing userToken/encryptionKey in localStorage or cookies for convenience; the doc warns not to use localStorage in production but still provides dev patterns that could lead to insecure implementations if copied verbatim.
Install Mechanism
This is an instruction-only skill (no install spec). It suggests installing scoped npm packages (@circle-fin/...), which is expected for the described functionality. There are no arbitrary download URLs or extract steps in the skill bundle.
Credentials
The SKILL.md requires sensitive environment/config values (CIRCLE_API_KEY for server, CIRCLE_APP_ID for client) but the skill metadata lists none. The omission reduces transparency about required secrets. Additionally, example code persists userToken/encryptionKey in localStorage or cookies — acceptable for quick demos but risky in production; guidance to prefer secure cookie attributes or other secure storage should be stronger.
Persistence & Privilege
The skill does not request persistent platform privileges (always: false) and does not attempt to modify other skills or system configs. Autonomous invocation is allowed by default but not combined here with other high-risk indicators.
How to Use
- Make sure OpenClaw is installed (local or Docker)
- Run the install command in chat:
/install use-user-controlled-wallets - After installation, invoke the skill by name or use
/use-user-controlled-wallets - Provide required inputs per the skill's parameter spec and get structured output
Version History
v0.1.0
- Initial release of use-user-controlled-wallets skill.
- Enables building non-custodial wallets where users retain private key control using Circle's user-controlled wallets SDK.
- Supports PIN, email OTP, and social logins (Google, Apple, Facebook) with MPC-based key management.
- Details architecture, challenge-response execution flow, security rules, and implementation guides.
- Provides clear error handling, best practices, and direct reference links for developer support.
Metadata
Frequently Asked Questions
What is Use User Controlled Wallets?
Build non-custodial wallets where end users retain control of their private keys via Circle's user-controlled wallets SDK. Supports Google, Apple, Facebook s... It is an AI Agent Skill for Claude Code / OpenClaw, with 230 downloads so far.
How do I install Use User Controlled Wallets?
Run "/install use-user-controlled-wallets" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.
Is Use User Controlled Wallets free?
Yes, Use User Controlled Wallets is completely free, licensed under MIT-0. You can download, install and use it at no cost.
Which platforms does Use User Controlled Wallets support?
Use User Controlled Wallets is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).
Who created Use User Controlled Wallets?
It is built and maintained by Madelyn (@mscandlen3); the current version is v0.1.0.
More Skills