← Back to Skills Marketplace
0xrag

Authenticate Wallet

by 0xRAG · GitHub ↗ · v0.1.0
cross-platform ⚠ suspicious
983
Downloads
0
Stars
5
Active Installs
2
Versions
Install in OpenClaw
/install authenticate-wallet
Description
Sign in to the wallet. Use when you or the user want to log in, sign in, connect, or set up the wallet, or when any wallet operation fails with authentication or "not signed in" errors. This skill is a prerequisite before sending, trading, or funding.
README (SKILL.md)

Authenticating with the Payments Wallet

When the wallet is not signed in (detected via npx awal status or when wallet operations fail with authentication errors), use the npx awal CLI to authenticate.

If you have access to email, you can authenticate the wallet yourself, otherwise you'll need to ask your human to give you an email address and to tell you the OTP code they receive.

Authentication Flow

Authentication uses a two-step email OTP process:

Step 1: Initiate login

npx awal@latest auth login \x3Cemail>

This sends a 6-digit verification code to the email and outputs a flowId.

Step 2: Verify OTP

npx awal@latest auth verify \x3CflowId> \x3Cotp>

Use the flowId from step 1 and the 6-digit code from the user's email to complete authentication. If you have the ability to access the user's email, you can read the OTP code, or you can ask your human for the code.

Checking Authentication Status

npx awal@latest status

Displays wallet server health and authentication status including wallet address.

Example Session

# Check current status
npx awal@latest status

# Start login (sends OTP to email)
npx awal@latest auth login [email protected]
# Output: flowId: abc123...

# After user receives code, verify
npx awal@latest auth verify abc123 123456

# Confirm authentication
npx awal@latest status

Available CLI Commands

Command Purpose
npx awal@latest status Check server health and auth status
npx awal@latest auth login \x3Cemail> Send OTP code to email, returns flowId
npx awal@latest auth verify \x3CflowId> \x3Cotp> Complete authentication with OTP code
npx awal@latest balance Get USDC wallet balance
npx awal@latest address Get wallet address
npx awal@latest show Open the wallet companion window

JSON Output

All commands support --json for machine-readable output:

npx awal@latest status --json
npx awal@latest auth login [email protected] --json
npx awal@latest auth verify \x3CflowId> \x3Cotp> --json
Usage Guidance
This skill is coherent in that it uses the 'awal' CLI to perform email OTP sign-in, but there are two things to consider before installing: 1) npx execution risk: The skill runs 'npx awal@latest' which downloads and executes code from the npm registry at runtime. If the package (or its dependencies) is malicious or compromised, that code runs on your agent host. Prefer establishing a vetted, pinned CLI binary or a fixed package version from a trusted publisher rather than executing '@latest'. 2) OTP/email access ambiguity: The SKILL.md suggests the agent can "access the user's email" to read OTPs. Unless you explicitly trust and permit the agent to read the mailbox, require manual entry of OTPs by the human. Do not give the agent mailbox credentials or automatic email access unless you understand and accept the privacy/exfiltration implications. Practical steps: - Verify the identity and reputation of the 'awal' package and its publisher on npm (or obtain an official CLI binary). Pin to a specific release instead of '@latest'. - Restrict the agent from autonomously accessing the user's email; require the human to paste OTPs. - Monitor and review outputs from any 'npx' runs the first few times, and consider running in an isolated environment if you must allow it. If you cannot verify the CLI package or are unwilling to accept npx execution risk, treat this skill as unsafe to enable.
Capability Analysis
Type: OpenClaw Skill Name: authenticate-wallet Version: 0.1.0 This skill bundle is benign. It provides instructions and allowed tools for authenticating a wallet using the `npx awal@latest` CLI. The `SKILL.md` clearly defines the purpose and the `allowed-tools` block strictly limits the agent's capabilities to specific `npx awal` commands. While there is a phrase 'If you have access to email, you can authenticate the wallet yourself', this is a conditional statement and does not pose a prompt injection risk as the `allowed-tools` explicitly prevent the agent from accessing email or performing any unauthorized actions beyond the wallet CLI.
Capability Assessment
Purpose & Capability
Name/description align with the runtime instructions: the SKILL.md only instructs using the 'npx awal' CLI to perform OTP-based login, check status, and view wallet info. No unrelated credentials, binaries, or config paths are requested.
Instruction Scope
Instructions are narrowly scoped to running 'npx awal' commands (status, auth login, auth verify, balance, address, show). However the text says 'If you have the ability to access the user's email, you can read the OTP code' — that is vague and grants the agent broad discretion about email access (potential privacy/exfiltration risk). The SKILL.md does not include explicit commands to access email, but the suggestion opens scope creep.
Install Mechanism
There is no install spec, but the runtime explicitly invokes 'npx awal@latest'. npx will fetch and execute code from the npm registry at runtime; executing an unpinned '@latest' package from an unknown author can run arbitrary code on the host. This is an important runtime installation/execution risk even though no code files are bundled with the skill.
Credentials
The skill declares no environment variables, no credentials, and no config paths. The required access is proportional to the stated task (OTP-based CLI auth).
Persistence & Privilege
always:false and user-invocable:true. The skill does not request persistent system-wide privileges or to modify other skills. Autonomous invocation is allowed (disable-model-invocation:false) which is the platform default; combine this with the npx execution risk when deciding whether to allow autonomous runs.
How to Use
  1. Make sure OpenClaw is installed (local or Docker)
  2. Run the install command in chat: /install authenticate-wallet
  3. After installation, invoke the skill by name or use /authenticate-wallet
  4. Provide required inputs per the skill's parameter spec and get structured output
Version History
v0.1.0
- Initial release of the "authenticate-wallet" skill. - Allows users to sign in or connect to their wallet using an email-based OTP authentication flow. - Introduces CLI support for checking status, initiating login, verifying OTP codes, and accessing balance and address. - Includes detailed usage instructions and examples for all authentication steps. - Supports JSON output for all commands.
v1.0.0
- Initial release of the authenticate-wallet skill. - Allows users to sign in to their wallet using a two-step email OTP process via the npx awal CLI. - Supports checking wallet authentication status and performing authentication when required for other wallet operations. - Includes new user-invocable flows and clear instructions for handling “not signed in” authentication errors. - Provides machine-readable JSON output for all commands.
Metadata
Slug authenticate-wallet
Version 0.1.0
License
All-time Installs 6
Active Installs 5
Total Versions 2
Frequently Asked Questions

What is Authenticate Wallet?

Sign in to the wallet. Use when you or the user want to log in, sign in, connect, or set up the wallet, or when any wallet operation fails with authentication or "not signed in" errors. This skill is a prerequisite before sending, trading, or funding. It is an AI Agent Skill for Claude Code / OpenClaw, with 983 downloads so far.

How do I install Authenticate Wallet?

Run "/install authenticate-wallet" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.

Is Authenticate Wallet free?

Yes, Authenticate Wallet is completely free (open-source). You can download, install and use it at no cost.

Which platforms does Authenticate Wallet support?

Authenticate Wallet is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).

Who created Authenticate Wallet?

It is built and maintained by 0xRAG (@0xrag); the current version is v0.1.0.

More Skills
self-improving agent
Captures learnings, errors, and corrections to enable continuous improvement. Use when: (1) A command or operation fails unexpectedly, (2) User corrects Clau...
⬇ 463283 · by pskoett
Skill Vetter
Security-first skill vetting for AI agents. Use before installing any skill from ClawdHub, GitHub, or other sources. Checks for red flags, permission scope, and suspicious patterns.
⬇ 259410 · by spclaudehome
Polymarket
Query Polymarket prediction markets. Check odds, find trending markets, search events, track price movements.
⬇ 232503 · by joelchance
Self-Improving + Proactive Agent
Self-reflection + Self-criticism + Self-learning + Self-organizing memory. Agent evaluates its own work, catches mistakes, and improves permanently. Use when...
⬇ 200423 · by ivangdavila
Github
Interact with GitHub using the `gh` CLI. Use `gh issue`, `gh pr`, `gh run`, and `gh api` for issues, PRs, CI runs, and advanced queries.
⬇ 191115 · by steipete
ontology
Typed knowledge graph for structured agent memory and composable skills. Use when creating/querying entities (Person, Project, Task, Event, Document), linkin...
⬇ 190156 · by oswalpalash

💬 Comments