← Back to Skills Marketplace

wallet

Name: wallet
Author: willjefferson0

by Will Jefferson · GitHub ↗ · v0.1.19 · MIT-0

darwinlinuxwin32 ⚠ suspicious

207

Downloads

Stars

Active Installs

Versions

Install in OpenClaw

/install wallet-test

Description

A multi-chain wallet skill for AI agents, with local sandbox signing, secure PIN handling, and configurable risk controls.

Usage Guidance

This skill appears coherent for a local wallet, but exercise caution before installing because the installer and sandbox binary are fetched and executed from https://www.clawwallet.cc (not a standard release host). Before proceeding: (1) review the remote install.sh/install.ps1 and the sandbox binary's provenance (source repo, signed checksums, or PGP/GitHub release signatures); (2) prefer installing from a vetted source (GitHub releases) or run the installer in an isolated environment; (3) verify .env.clay and identity.json are only created/read within the skill workspace and do not contain unrelated secrets; (4) confirm how the platform enforces 'require-user-confirmation' and that the agent will not autonomously execute transactions or reinstall/upgrade without explicit confirmation; (5) backup any wallet state before uninstall/upgrade and consider running the sandbox inside a restricted container/VM. If the distributor can provide signed release artifacts, reproducible build provenance, or host the installer/binaries on a trusted release provider, the assessment could be upgraded to benign.

Capability Analysis

Type: OpenClaw Skill Name: wallet-test Version: 0.1.19 The skill employs high-risk patterns including 'curl | bash' installation and the execution of remote pre-compiled binaries from a third-party domain (clawwallet.cc). Most notably, the SKILL.md instructions explicitly direct the AI agent to output the sensitive 'AGENT_TOKEN' (a bearer token for the wallet sandbox) directly into the chat interface, which is a significant security anti-pattern. While these actions are framed as part of a legitimate wallet management workflow, the combination of unverified binary execution and the intentional exposure of secrets via prompt instructions poses a high risk to the user's environment.

Capability Tags

cryptorequires-walletcan-sign-transactionsrequires-oauth-token

Capability Assessment

✓ Purpose & Capability

Name, description, declared config paths (.env.clay, identity.json), and required env vars (CLAY_SANDBOX_URL, CLAY_AGENT_TOKEN/AGENT_TOKEN) align with a local wallet sandbox. Required shells/curl are reasonable for the installer and wrapper scripts.

⚠ Instruction Scope

SKILL.md and the included scripts instruct the agent to read local secret files and call the sandbox HTTP API (expected), but also instruct running a remote bootstrap installer (curl | bash) and automatically initializing the wallet via the sandbox API using tokens found in local files. The install/init flow therefore includes actions that execute remote code and make authenticated API calls on behalf of the agent — these are powerful steps and increase risk if the remote content is untrusted.

⚠ Install Mechanism

The installer is a bootstrap script that downloads wrapper scripts and a platform binary from https://www.clawwallet.cc (curl -fsSL | bash and curl -L to fetch binaries). The distribution host is not a standard vetted release host (e.g., GitHub releases) and the installer writes and executes a downloaded binary in the skill workspace. This is a high-risk install pattern (supply-chain / remote-execution risk) unless you can verify provenance, checksums, or signatures.

✓ Credentials

Requested environment variables (CLAY_SANDBOX_URL, CLAY_AGENT_TOKEN, AGENT_TOKEN) and local config files are directly relevant to a local sandbox wallet and expected. The primary credential is an API bearer token used to control the local sandbox; while sensitive, it is required for wallet operations. No unrelated credentials or system-wide secrets are requested.

ℹ Persistence & Privilege

The skill requests writing only to its workspace (skills/claw-wallet/**) and starting a long-lived sandbox process (expected for a local wallet). always is false. However there is a small inconsistency: registry-level flags indicate model invocation is allowed by default, while the skill metadata declares autonomousInvocation: false and model-invocation should 'require-user-confirmation'. Clarify whether the agent/platform will permit autonomous invocations despite the skill's intent to require confirmations.

How to Use

Make sure OpenClaw is installed (local or Docker)
Run the install command in chat: /install wallet-test
After installation, invoke the skill by name or use /wallet-test
Provide required inputs per the skill's parameter spec and get structured output

Version History

v0.1.20

Version 0.1.20 - Updated privilege policy to explicitly require user confirmation for first-time install review of the remote bootstrap script, in addition to reinstall, upgrade, transaction execution, and uninstall. - Clarified in metadata that model invocation should always require user confirmation; autonomous invocation is disabled. - Expanded notes in privilege policy to reinforce agent and platform policy for explicit user confirmation and safe workspace writes. - No changes to core functionality or installation flow.

v0.1.19

- Changed skill directory from claw-wallet-test to claw-wallet. - Updated all references from https://test.clawwallet.cc to https://www.clawwallet.cc for installer and related endpoints. - Revised config file paths to skills/claw-wallet/.env.clay and skills/claw-wallet/identity.json. - Updated binding URLs and instructions to use the new domain. - Adjusted privilege policy and installation instructions to match new directory and host.

v0.1.18

No changes detected in this version. - Version 0.1.18 was published with no file changes from the previous release.

v0.1.17

- Updated privilege policy to allow first-time install and normal start/restart without extra user confirmation. - Now requires explicit user confirmation only for reinstall, upgrade, and uninstall actions. - Clarified privilege safety rules in documentation. - Minor metadata and documentation improvements for clarity.

v0.1.16

**Privilege and safety policy update.** - Added privilege safety rules requiring explicit user confirmation before installing, reinstalling, upgrading, uninstalling, or starting/restarting the wallet sandbox process. - Clarified that all persistent writes are limited to the `skills/claw-wallet-test/**` directory. - Updated install and bootstrap instructions to mandate user confirmation before any operation that writes to disk or launches background processes. - Revised metadata to clearly reflect these privilege policies and operational constraints.

v0.1.15

wallet-test 0.1.15 - Added strict network policy: default host is local-only (localhost, 127.0.0.1, ::1). - Now, sending tokens to any non-local CLAY_SANDBOX_URL requires explicit user confirmation and a warning is shown. - Network policy and host rules documented in the skill metadata and usage instructions. - No code or feature changes; documentation and config metadata improved for safer token handling.

v0.1.14

- Expanded metadata fields in SKILL.md to include upstream repository, binary, and distribution provenance details. - Added explicit homepage and repository URLs to the skill’s metadata for improved traceability and clarity. - Registry metadata and install instructions remain unchanged. - No impact on end-user flows or functionality.

v0.1.13

- Updated skill registry metadata for improved compatibility and clarity. - Metadata is now provided as a structured object, specifying OS support, required environment variables, config files, and bootstrap commands. - No file code or behavior changes; this is a metadata and documentation update only.

v0.1.12

wallet-test 0.1.12 - Switched the install and binding flow to the `claw-wallet-test` directory and test environment at `https://test.clawwallet.cc`. - Registry metadata updated with explicit required config/env vars and install commands for both Linux/macOS and Windows. - All install instructions now point to `skills/claw-wallet-test`, and relevant URLs use the test domain. - Metadata provides clearer separation of environment variables, credential file paths, and primary credential usage. - No code file or runtime logic changes; documentation and bootstrap instructions only.

v0.1.11

- Updated metadata formatting by placing all registry and install fields inside a new top-level "metadata" section in SKILL.md. - Added explicit "credentials" section under "metadata" to list required environment variables and config file paths. - Bumped version to 0.1.11.

v0.1.10

No user-visible changes in this version. - No file changes detected. - Skill functionality and documentation remain the same.

v0.1.9

wallet-test v0.1.9 - Updated install instructions to use new installer URLs under /skills/ (install.sh, install.ps1) - Added skill.yml for improved metadata and discovery - Clarified environment variable and configuration section in documentation - Minor documentation corrections and formatting improvements

v0.1.8

wallet-test v0.1.8 - Removed the skill.yml file. - No functional or documentation changes to the SKILL.md or core logic.

v0.1.7

- Updated installation and bootstrap instructions to use the new path: skills/claw-wallet-test - Replaced previous repo-based installation with a remote installer hosted at https://test.clawwallet.cc - Updated all example URLs, bind flows, and documentation references to point to test.clawwallet.cc endpoints - Clarified agent and end-user binding, startup rules, and environment variable usage for the test environment - Removed unnecessary metadata and streamlined SKILL.md content for test deployment

v0.1.6

- Changed all filesystem paths and instructions from "claw-wallet" to "claw-wallet-dev". - Updated example URLs to use the new bind/claim site: `https://nex-claw.vercel.app/claim/<uid>` instead of `https://www.clawwallet.cc/claim/<uid>`. - Adjusted installation and startup commands to reference the `claw-wallet-dev` directory. - No code changes; documentation only.

v0.1.4

wallet-test 0.1.4 - Updated install and usage instructions to use the `claw-wallet-dev` directory instead of `claw-wallet`. - Changed binding and wallet registration URLs from `clawwallet.cc` to `nex-claw.vercel.app`. - Adjusted sandbox CLI paths and environment variables to match the new directory name. - No code changes; documentation and workflow path updates only.

v0.1.3

- Changed default install directory and script paths from claw-wallet-dev to claw-wallet. - Updated URLs for wallet binding and claim flows from nex-claw.vercel.app to www.clawwallet.cc. - Added a metadata field specifying environment, binary, and token requirements. - Corrected install command references throughout documentation. - Clarified platform-specific instructions for installation and usage.

v0.1.2

wallet-test 0.1.2 - Major rewrite of documentation for bootstrap, installation flow, and user guidance. - Updated wallet binding and address disclosure instructions for clarity and stricter format, including status and binding URLs. - Added explicit post-installation checklist for user notification. - Changed onboarding/binding website URL to https://nex-claw.vercel.app/claim/<uid>. - Clarified installation directory as skills/claw-wallet-dev/ and updated related scripts/commands accordingly. - General improvements in instructions, including steps for wallet status checks, refresh, and security policy usage.

v0.1.1

- Added required environment variables and configuration paths to SKILL.md. - Declared `CLAY_AGENT_TOKEN` as the primary credential. - No code or file changes; documentation metadata only.

v0.1.0

claw-wallet v0.1.0 — Initial Release - Introduces a multi-chain wallet skill for AI agents, with secure PIN handling, local sandbox signing, and configurable risk controls. - Supports wallet binding, unlocking, and recovery flows with clear user prompts for transaction confirmation and registration. - Enables signing messages, transactions, and transferring assets, all governed by policy controls and user confirmation. - Allows inspection and management of wallet balances, token holdings, addresses, status, transaction history, and security policies. - Simplifies bootstrap and installation process for both Linux/macOS and Windows environments, including health checks and authentication guidance. - Enforces clear rules for agent-mediated operations, explicit user consent, and wallet registration via a unique UID claim process.

Metadata

Slug wallet-test

Version 0.1.19

License MIT-0

All-time Installs 0

Active Installs 0

Total Versions 20

Frequently Asked Questions

What is wallet?

A multi-chain wallet skill for AI agents, with local sandbox signing, secure PIN handling, and configurable risk controls. It is an AI Agent Skill for Claude Code / OpenClaw, with 207 downloads so far.

How do I install wallet?

Run "/install wallet-test" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.

Is wallet free?

Yes, wallet is completely free, licensed under MIT-0. You can download, install and use it at no cost.

Which platforms does wallet support?

wallet is cross-platform and runs anywhere OpenClaw / Claude Code is available (darwin, linux, win32).

Who created wallet?

It is built and maintained by Will Jefferson (@willjefferson0); the current version is v0.1.19.

More Skills