← Back to Skills Marketplace
1598
Downloads
1
Stars
0
Active Installs
1
Versions
Install in OpenClaw
/install wallet-pilot
Description
Universal browser wallet automation for AI agents. Supports 10 wallets including MetaMask, Rabby, Phantom, Trust Wallet, OKX, Coinbase, and more. EVM + Solana. Configurable guardrails with spend limits, chain allowlists, and approval thresholds.
Usage Guidance
Treat this skill as high-risk and incomplete. Do not run any npm or setup scripts from unknown sources or import an unreviewed repo into a machine with real funds. Before using: (1) request the full source repository and package.json so you or a reviewer can audit the code and npm dependencies; (2) verify how and where the wallet seed/private keys are stored and insist on human confirmation for any transaction above a tiny test amount; (3) only test on an air-gapped or throwaway VM with a freshly funded agent wallet holding minimal funds; (4) require a review of the 'setup' script and any automation that can call sign/send to ensure it enforces the stated spend limits and allowlist checks; (5) prefer well-known, open-source alternatives or official integrations with provenance. If you cannot obtain auditable source code and a clear explanation of secret handling, do not install or use this skill with real assets.
Capability Analysis
Type: OpenClaw Skill
Name: wallet-pilot
Version: 0.1.0
The skill bundle is designed for universal browser wallet automation, a high-risk domain involving financial transactions. However, the `SKILL.md` documentation extensively details robust security measures and guardrails, including the use of isolated browser profiles, separate wallets, spend limits, protocol allowlists, and full logging. There is no evidence of prompt injection attempts against the AI agent, nor any instructions for malicious execution, data exfiltration, or persistence. The setup steps and available actions are clearly aligned with the stated purpose, and the inherent risks are explicitly acknowledged and mitigated by the documented design.
Capability Assessment
Purpose & Capability
The SKILL.md describes a full TypeScript/Playwright codebase and a plugin architecture (src/, adapters, example files) but the published skill contains only the SKILL.md and no code, package.json, or binaries. It also tells the user to run npm install and npm run setup even though no install spec or code files are provided. That mismatch makes it impossible to verify the implementation and is inconsistent with the claimed capabilities.
Instruction Scope
The runtime instructions direct automated wallet actions (connect, swap, send, sign) and to create and persist a browser profile that contains a new seed-backed wallet. These actions are inherently high-risk. The instructions are also vague about exactly what the 'setup' script does, where secrets (seed phrase, private keys) will be stored, and what human confirmations are required — giving broad discretion that could lead to irreversible fund loss if misused.
Install Mechanism
No formal install spec is included (instruction-only). SKILL.md tells the user to run npm install and npx playwright install chromium, which would pull packages from npm based on a package.json that is not present in the package. That pattern shifts trust to an external, unverified codebase the user must obtain; it is not itself an automated install step in the skill bundle but it creates a practical install risk if the user follows the instructions without first inspecting code.
Credentials
The skill requests no environment variables or external credentials in metadata, which is proportionate. However, the functionality requires filesystem access to browser profiles and will involve private keys/seed phrases stored locally by the browser extension — the SKILL.md does not specify safe handling or encryption of those secrets. No declared env vars is not evidence of safety here because secrets live in the browser profile.
Persistence & Privilege
The skill does not request always:true and does not declare elevated platform privileges. Autonomous model invocation is allowed by default (disable-model-invocation: false), which is normal for skills; combined with the ability to sign/send transactions this increases impact but is not itself an incoherence.
How to Use
- Make sure OpenClaw is installed (local or Docker)
- Run the install command in chat:
/install wallet-pilot - After installation, invoke the skill by name or use
/wallet-pilot - Provide required inputs per the skill's parameter spec and get structured output
Version History
v0.1.0
Initial release of WalletPilot – universal browser wallet automation for AI agents.
- Supports automation across 10 popular browser wallets (MetaMask, Rabby, Phantom, Trust Wallet, OKX, Coinbase, and more)
- Works with EVM and Solana chains
- Configurable permission guardrails: spend limits, chain allowlists, approval thresholds
- Plugin-based adapter architecture makes adding new wallets easy
- Full logging, isolated agent wallet profile, and clear security model for safe usage
- Simple CLI for actions: connect, swap, send, sign, check balance, view history
Metadata
Frequently Asked Questions
What is WalletPilot?
Universal browser wallet automation for AI agents. Supports 10 wallets including MetaMask, Rabby, Phantom, Trust Wallet, OKX, Coinbase, and more. EVM + Solana. Configurable guardrails with spend limits, chain allowlists, and approval thresholds. It is an AI Agent Skill for Claude Code / OpenClaw, with 1598 downloads so far.
How do I install WalletPilot?
Run "/install wallet-pilot" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.
Is WalletPilot free?
Yes, WalletPilot is completely free (open-source). You can download, install and use it at no cost.
Which platforms does WalletPilot support?
WalletPilot is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).
Who created WalletPilot?
It is built and maintained by Francesco (@andreolf); the current version is v0.1.0.
More Skills