Description

Install and control ClawdWallet - a multi-chain Web3 wallet Chrome extension controlled by Clawdbot agents. Use when setting up agent-controlled wallet, connecting to dApps, signing transactions, or managing crypto across 20+ chains (EVM, Bitcoin, Solana, Cosmos). Powered by ShapeShift hdwallet.

README (SKILL.md)

ClawdWallet

Name: Clawdwallet
Author: neomaking

Multi-chain wallet extension your agent controls via WebSocket.

Quick Install

# Clone and build
git clone https://github.com/NeOMakinG/clawdwallet.git
cd clawdwallet
npm install
npm run build

# Or use pre-built dist/ folder directly

Load in Chrome

chrome://extensions → Enable Developer mode
Load unpacked → select dist/ folder
Click extension icon → set WebSocket URL (default: ws://localhost:3033/clawdwallet)

Clawdbot Gateway Config

Add to your gateway config:

extensions:
  clawdwallet:
    enabled: true

Agent Commands

Initialize with existing seed

{"type": "init_wallet", "mnemonic": "your twenty four words..."}

Generate new wallet

{"type": "generate_wallet"}

Returns addresses for all supported chains.

Approve dApp request

{"type": "sign_and_respond", "requestId": "uuid"}

Reject request

{"type": "reject_request", "requestId": "uuid", "reason": "Looks suspicious"}

Check status

{"type": "get_status"}

Incoming Requests

When dApp requests signature, you receive:

{
  "type": "wallet_request",
  "id": "uuid",
  "chain": "ethereum",
  "method": "eth_sendTransaction",
  "params": [{"to": "0x...", "value": "0x..."}],
  "origin": "https://app.uniswap.org"
}

Review and approve/reject based on context.

Supported Chains

Family	Chains
EVM	Ethereum, Polygon, Optimism, Arbitrum, Base, Avalanche, Gnosis, BSC
UTXO	Bitcoin, Litecoin, Dogecoin, Bitcoin Cash
Cosmos	Cosmos Hub, Osmosis, THORChain, Mayachain
Other	Solana, TON, Near, Sui, Tron

Security Notes

Only use with trusted agents
Consider dedicated wallet for agent operations
Never expose mnemonic or WebSocket URL publicly

Usage Guidance

This skill does what it claims (agent-controlled wallet) but carries notable risks. Before installing or using it: (1) Do NOT transmit your mnemonic to any agent unless you fully trust and have audited the code. (2) Review the GitHub repository and its dependency tree; verify commit authorship and use pinned release tags or cryptographic signatures rather than cloning master. (3) Prefer secure channels: run a locally isolated instance, require TLS/auth for the WebSocket (wss + auth tokens), and restrict access to localhost only. (4) Consider using a dedicated, funded wallet with minimal funds or hardware wallet integrations instead of exposing high-value mnemonics. (5) If you lack the ability to audit the repo and dependencies, avoid running npm install/build from an untrusted source. These mitigations will reduce supply-chain and secret-exfiltration risk.

Capability Analysis

Type: OpenClaw Skill Name: clawdwallet Version: 0.1.0 The skill instructs the agent to `git clone` and `npm install` an external GitHub repository (`https://github.com/NeOMakinG/clawdwallet.git`) in `SKILL.md`. This introduces a significant supply chain risk, as the agent is directed to download and execute arbitrary code from a third-party source. While the stated purpose is to control a Web3 wallet, which inherently involves high-risk capabilities like handling mnemonics and signing transactions, the reliance on external code without direct control over its content makes the skill suspicious due to the potential for compromise.

Capability Assessment

✓ Purpose & Capability

Name/description (agent-controlled Web3 wallet extension) match the SKILL.md: it documents loading a Chrome extension, a WebSocket control channel, JSON commands for initializing/generating wallets and signing requests, and supported chains. Required capabilities align with the declared purpose.

⚠ Instruction Scope

Instructions explicitly direct users/agents to provide raw mnemonics via JSON messages and to accept and act on dApp signature requests. There is no guidance or enforcement of secure key handling (no authenticated or encrypted channel, no mnemonic encryption, no replay/authorization controls). The SKILL.md also instructs cloning and building an external repo and loading a browser extension—actions that expand scope to downloading and executing third-party code and handling sensitive secrets.

⚠ Install Mechanism

Although the skill bundle itself contains no install spec, the runtime instructions tell operators to git clone https://github.com/NeOMakinG/clawdwallet.git and run npm install/build. That is a supply-chain risk: pulling and running arbitrary code from an external repo (unknown ownership) and running npm install (which can fetch many third-party packages) is high-risk unless the repo and dependencies are audited and signatures verified.

⚠ Credentials

The skill declares no environment variables or credentials, yet its operation requires handling highly sensitive secrets (wallet mnemonic) and a control WebSocket URL. The instructions expect the mnemonic to be sent to the agent/extension, which is a disproportionate exposure of secrets that is not justified or mitigated in the doc (no use of hardware wallets, secure enclaves, wss with auth, or ephemeral key wrapping).

ℹ Persistence & Privilege

always is false and there are no install-time changes declared in the skill bundle. However, the SKILL.md asks operators to modify a gateway config to enable the extension and to run and host a WebSocket endpoint locally. That is normal for extension integration but increases attack surface (service running locally that accepts control commands).

Version History

v0.1.0

- Initial release of ClawdWallet skill (v0.1.0). - Enables agent-controlled multi-chain Web3 wallet via Chrome extension and WebSocket. - Supports wallet setup, dApp connections, transaction signing, and multi-chain crypto management (20+ chains including EVM, Bitcoin, Solana, Cosmos). - Agent commands documented for wallet initialization, signing, and request handling. - Security recommendations included in documentation.

Metadata

Slug clawdwallet

Version 0.1.0

License —

All-time Installs 7

Active Installs 7

Total Versions 1

Frequently Asked Questions

What is Clawdwallet?

Install and control ClawdWallet - a multi-chain Web3 wallet Chrome extension controlled by Clawdbot agents. Use when setting up agent-controlled wallet, connecting to dApps, signing transactions, or managing crypto across 20+ chains (EVM, Bitcoin, Solana, Cosmos). Powered by ShapeShift hdwallet. It is an AI Agent Skill for Claude Code / OpenClaw, with 1879 downloads so far.

How do I install Clawdwallet?

Run "/install clawdwallet" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.

Is Clawdwallet free?

Yes, Clawdwallet is completely free (open-source). You can download, install and use it at no cost.

Which platforms does Clawdwallet support?

Clawdwallet is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).

Who created Clawdwallet?

It is built and maintained by NeOMakinG (@neomaking); the current version is v0.1.0.

More Skills

Clawdwallet