← Back to Skills Marketplace
1855
Downloads
5
Stars
0
Active Installs
12
Versions
Install in OpenClaw
/install mdk-agent-wallet
Description
Self-custodial Bitcoin Lightning wallet for AI agents. Use when the agent needs to send or receive bitcoin payments, check its balance, generate invoices, or...
Usage Guidance
Before installing or invoking this skill: (1) Treat the mnemonic as a high-value secret — back it up securely and restrict permissions on ~/.mdk-wallet/. (2) Prefer pinned package invocations (e.g. npx @moneydevkit/agent-wallet@<version>) and review the npm package and GitHub source yourself to ensure there is no unexpected network exfiltration. (3) Be mindful that `init --show` may reveal the seed on stdout; avoid running it in contexts where an agent or other process can forward command output. (4) Run the wallet in an isolated environment (dedicated VM/container) if you plan to hold real funds. (5) If you do not fully trust the package or the agent's autonomy, do not enable automatic or unattended use of wallet commands — require explicit human approval before any command that exports the mnemonic, creates invoices, or sends payments. (6) If you need stronger guarantees, consider hardware-backed wallets or well-audited implementations rather than running unpinned npm packages fetched at runtime.
Capability Analysis
Type: OpenClaw Skill
Name: mdk-agent-wallet
Version: 0.3.3
This skill is classified as suspicious due to its inherent high-risk capabilities, specifically the generation and storage of a BIP39 mnemonic (private key for a cryptocurrency wallet) on disk at `~/.mdk-wallet/config.json`, and its reliance on executing an external npm package (`@moneydevkit/agent-wallet`) via `npx`. While the `SKILL.md` is highly transparent about these risks, explicitly warning about the mnemonic and providing source code links, these capabilities introduce significant vulnerabilities, including supply chain risk and the potential for unauthorized fund access or exfiltration if the underlying package is compromised or the agent is later prompted maliciously. There is no evidence of intentional malice within the provided files, but the critical nature of the data handled warrants a 'suspicious' classification.
Capability Assessment
Purpose & Capability
The declared requirements (node, npx) and the runtime instructions (npx @moneydevkit/agent-wallet) match the stated purpose of running an npm-based wallet CLI/daemon. No unrelated credentials or binaries are requested.
Instruction Scope
The SKILL.md instructs the agent to run npx commands that generate and store a BIP39 mnemonic at ~/.mdk-wallet/config.json and to start a localhost daemon. It also documents an `init --show` mode that appears to return the mnemonic (the file also says the mnemonic is 'redacted' in one place and shown in another) — this ambiguity increases the risk that the agent or other actors might print or transmit the seed. The instructions give the agent the ability to create, persist, and display the private key material and to make outbound network connections; those steps are within a wallet's expected scope but are high-risk operations for secrets.
Install Mechanism
There is no bundled install; the skill relies on npx to run an npm package on-demand. Running code via npx pulls packages from the public registry at runtime and can execute arbitrary code. The SKILL.md recommends pinning a version, but the quick-start commands use unpinned npx invocations by default, which increases supply-chain risk if the npm package or its dependencies were compromised.
Credentials
The skill does not request environment variables or external credentials, which is proportionate. However it creates persistent local secrets (BIP39 mnemonic in ~/.mdk-wallet/config.json) and runs a local HTTP daemon; those files are effectively credentials controlling funds. The skill's own instructions can cause the mnemonic to be shown on stdout, which is a sensitive capability that should be carefully controlled.
Persistence & Privilege
The skill persists sensitive wallet state and a seed phrase to ~/.mdk-wallet/ and runs a background daemon on localhost:3456. This persistence is expected for a self-custodial wallet but it is high-privilege (the mnemonic controls real funds). The skill does not request always: true, nor does it modify other skills, but its persistent secret storage combined with autonomous invocation capability could increase blast radius if misused.
How to Use
- Make sure OpenClaw is installed (local or Docker)
- Run the install command in chat:
/install mdk-agent-wallet - After installation, invoke the skill by name or use
/mdk-agent-wallet - Provide required inputs per the skill's parameter spec and get structured output
Version History
v0.3.3
Fix repository URL to moneydevkit/mdk-checkout, revert to 0.2.6 content
v0.3.2
Fix: pin npm commands to correct published version 0.11.0-beta.1 (0.12.0 is not on npm yet)
v0.3.1
Security hardening: added explicit security guardrails section documenting localhost-only binding, file permissions, no-exfil guarantees, and mnemonic isolation. Pinned all npx commands to @0.12.0 to reduce supply chain risk.
v0.3.0
Add webhook notifications for payment received events. Configure a URL to get instant POST notifications when payments arrive — includes OpenClaw integration docs for delivering payment alerts to any chat channel.
v0.2.6
Revert to v0.2.2 content
v0.2.5
Remove init --show from docs entirely (don't teach agents dangerous commands), add autonomous:false and configPaths to metadata, remove rm -rf, tighten safety rules
v0.2.4
Re-publish: security fixes from 0.2.3
v0.2.3
Security fixes: mark init --show as human-only (exposes mnemonic), add Agent Safety Rules section, fix contradictory docs about mnemonic redaction, replace rm -rf with trash
v0.2.2
Added receive-bolt12 command (reusable BOLT12 offers), added restart command, synced with latest docs.
v0.2.1
Removed internal implementation details (JIT channels, LSPS4, LSP/VSS/Esplora/RGS), removed signet references, removed agent integration example. Cleaner, more focused docs.
v0.2.0
Added security/transparency section, homepage, repository, install spec, explicit documentation of secrets, network, and persistence behavior per ClawHub trust review feedback.
v0.1.0
Initial release of agent-wallet – a self-custodial Bitcoin Lightning wallet for AI agents.
- Enables agents to send/receive Bitcoin payments, check balance, generate invoices, and manage wallet.
- Supports bolt11, bolt12, LNURL, and lightning addresses.
- Zero-config setup: one command initializes the wallet and generates a BIP39 mnemonic.
- All commands output JSON; includes commands for balance, receiving, sending, payment history, and daemon management.
- Mnemonic and wallet config stored locally; no API keys, signup, or third-party custody required.
Metadata
Frequently Asked Questions
What is agent-wallet?
Self-custodial Bitcoin Lightning wallet for AI agents. Use when the agent needs to send or receive bitcoin payments, check its balance, generate invoices, or... It is an AI Agent Skill for Claude Code / OpenClaw, with 1855 downloads so far.
How do I install agent-wallet?
Run "/install mdk-agent-wallet" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.
Is agent-wallet free?
Yes, agent-wallet is completely free (open-source). You can download, install and use it at no cost.
Which platforms does agent-wallet support?
agent-wallet is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).
Who created agent-wallet?
It is built and maintained by Satbot (@satbot-mdk); the current version is v0.3.3.
More Skills