← Back to Skills Marketplace
738
Downloads
4
Stars
2
Active Installs
9
Versions
Install in OpenClaw
/install monolith
Description
Secure crypto wallet for AI agents. Hardware-isolated keys (Apple Secure Enclave), ERC-4337 smart wallet, on-chain spending caps, default-deny policy engine.
Usage Guidance
This skill appears to do what it says: it builds transaction intents and communicates with a local macOS daemon that performs signing and enforces policy. Before installing: 1) Treat the MonolithDaemon.pkg as a privileged install (requires admin) — verify the release via checksums/signatures and the GitHub project lineage. 2) Inspect or vet the daemon binary/source (the JS here talks only to the daemon; the daemon actually holds keys and does signing). 3) Limit exposure: use small balances and strict per-tx/daily caps and an allowlist before giving the agent autonomous invocation rights. 4) Note the registry vs SKILL.md inconsistency: manifest says instruction-only but the skill includes code and install entries — confirm you understand the full install flow. 5) If you will allow autonomous agent actions, prefer an interactive approval path (do not run headless) and keep tight policy settings. If you want, provide the daemon binary hash or a link to a signed release and I can point out what additional checks to perform.
Capability Analysis
Type: OpenClaw Skill
Name: monolith
Version: 0.1.10
The skill implements a robust security model where the 'untrusted' skill only builds transaction intents, and a separate, trusted, local macOS daemon enforces policy and handles signing with human approval (Touch ID). The code in `lib/intent-builder.js` and `scripts/*.js` adheres to this by communicating with the daemon via a Unix socket (`lib/daemon-client.js`) and making read-only network calls to legitimate public RPCs and the Uniswap API. Crucially, `lib/runtime-bootstrap.js` explicitly avoids automatic execution of system commands for installation or persistence, instead providing manual instructions. There is no evidence of data exfiltration, unauthorized execution, persistence mechanisms, or prompt injection attempts against the agent.
Capability Assessment
Purpose & Capability
Name/description describe a macOS-local crypto wallet that delegates signing to a local daemon; the skill requires the MonolithDaemon binary and its scripts call a local Unix socket and public blockchain APIs — these requirements match the stated purpose. The included code (intent building, RPC/quoter calls, daemon client) is coherent with a wallet skill.
Instruction Scope
SKILL.md and scripts stay within wallet-related functionality: building {target, calldata, value} intents, querying balances, Uniswap quoting, ENS resolution, and calling local daemon endpoints (/sign, /policy, /capabilities). The runtime-bootstrap checks for binary, launch agents, and companion app paths but does not execute privileged commands automatically. Note: the skill will call localhost Unix socket endpoints that ultimately can trigger on-chain signing via the local daemon — this is expected but is a sensitive capability.
Install Mechanism
Install entries in SKILL.md point to GitHub release assets (.pkg and .app.zip) on a well-known host (github.com) which is reasonable; the macOS .pkg requires admin privileges to install. There is a minor inconsistency: registry metadata listed 'No install spec — instruction-only' while SKILL.md contains install download entries and source includes code files. Verify you intend to install the .pkg before proceeding.
Credentials
The skill does not request credentials or secrets and declares no required env vars. It optionally reads override env vars (MONOLITH_SOCKET, MONOLITH_DAEMON_BIN, MONOLITH_DAEMON_PLIST, MONOLITH_COMPANION_APP) for configuration which are reasonable and not excessive for a local daemon client.
Persistence & Privilege
always:false and user-invocable:true — the skill is not force-included. The more important privilege is that the agent (when allowed to invoke skills) can call POST /sign on a local signing daemon — a powerful capability. This is coherent with a wallet skill but means you must trust the daemon binary and the skill's intent-building behavior; ensure policy limits and allowlists are set tightly.
How to Use
- Make sure OpenClaw is installed (local or Docker)
- Run the install command in chat:
/install monolith - After installation, invoke the skill by name or use
/monolith - Provide required inputs per the skill's parameter spec and get structured output
Version History
v0.1.10
- Updated documentation formatting in SKILL.md for improved readability.
- No functional changes to the skill's logic or commands.
- Updated package files (package.json, package-lock.json) with this version bump.
v0.1.9
No changes in this release. Version 0.1.9 was published without any file modifications.
v0.1.8
- Swap command now uses Uniswap Routing API, with on-chain fallback for reliability.
- Updated SKILL.md with details about swap routing and fallback behavior.
- Bumped required MonolithDaemon version to v0.1.5 in installation instructions.
- Added new test for swap routing logic.
- Removed obsolete _meta.json file.
- Various internal code and dependency updates.
v0.1.7
- Added a new _meta.json file to the project.
- No changes to commands, setup instructions, or skill capabilities.
- No modifications to the main documentation or functionality.
v0.1.6
- Updated install instructions and requirements to reference MonolithDaemon and MonolithCompanion version v0.1.3.
- Added explicit macOS-only (darwin) support to metadata and install instructions.
- Clarified first-installation and setup process, including requirement for an active logged-in macOS GUI session for approval flows.
- Improved setup section with step-by-step instructions and notes for new OpenClaw bot/operators.
v0.1.4
Installer fix rollout: daemon download now points to MonolithDaemon-v0.1.2.pkg with postinstall UID bug fixed (CONSOLE_UID).
v0.1.3
Update skill summary/description to the new Secure Enclave + ERC-4337 positioning text.
v0.1.2
Security hardening: setup no longer auto-executes launchctl/open. Added explicit homepage/source frontmatter and compatibility metadata keys for registry parsing.
v0.1.1
Initial Monolith release with notarized macOS daemon and companion install links.
Metadata
Frequently Asked Questions
What is Monolith — Crypto Wallet?
Secure crypto wallet for AI agents. Hardware-isolated keys (Apple Secure Enclave), ERC-4337 smart wallet, on-chain spending caps, default-deny policy engine. It is an AI Agent Skill for Claude Code / OpenClaw, with 738 downloads so far.
How do I install Monolith — Crypto Wallet?
Run "/install monolith" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.
Is Monolith — Crypto Wallet free?
Yes, Monolith — Crypto Wallet is completely free (open-source). You can download, install and use it at no cost.
Which platforms does Monolith — Crypto Wallet support?
Monolith — Crypto Wallet is cross-platform and runs anywhere OpenClaw / Claude Code is available (darwin).
Who created Monolith — Crypto Wallet?
It is built and maintained by slavique (@slaviquee); the current version is v0.1.10.
More Skills