← Back to Skills Marketplace

Guardrail Agent Smart Account Wallets

Name: Guardrail Agent Smart Account Wallets
Author: shawnwollenberg

by Shawn Wollenberg · GitHub ↗ · v1.1.1 · MIT-0

cross-platform ✓ Security Clean

581

Downloads

Stars

Active Installs

Versions

Install in OpenClaw

/install guardrail-smart-accounts

Description

Give AI agents on-chain spending guardrails. Deploy ERC-4337 smart accounts with policy-enforced limits — agents cannot move funds beyond what you authorize,...

README (SKILL.md)

AgentGuardrail — On-Chain Spending Guardrails for AI Agents

Give your AI agents a wallet they can't abuse. AgentGuardrail deploys ERC-4337 smart accounts with policy-enforced spending limits. Agents cannot move funds beyond what you authorize — enforcement happens at the contract level, not just in software.

Homepage: https://agentguardrail.xyz

Why AgentGuardrail?

AI agents need to move money. The problem is trust: how do you let an agent trade, bridge, or pay for compute without risking runaway spending, compromised keys, or unauthorized actions?

AgentGuardrail solves this with:

On-chain enforcement — AgentSmartAccount.validateUserOp() calls PermissionEnforcer before any transaction executes. Violating transactions revert. There is no override.
Policy-bound accounts — every smart account is deployed against a policy that defines allowed actions, tokens, protocols, chains, and spend limits.
Non-custodial — AgentGuardrail never holds your funds. Enforcement is in the contracts you deploy.
Full audit trail — every intent, validation, and on-chain event is logged with tx hash and block number.

Overview

Every agent gets an ERC-4337 smart account deployed via AgentAccountFactory. The account's validateUserOp() enforces your policy through PermissionEnforcer before any transaction reaches the blockchain. If the action violates the policy — wrong token, wrong protocol, spend limit exceeded — the UserOperation reverts.

Execution path:

Agent builds UserOperation
  → AgentSmartAccount.validateUserOp()
    → PermissionEnforcer.validateAction()
      → Policy constraints checked on-chain
  → EntryPoint executes (only if all checks pass)

The AgentGuardrail API at https://agentguardrail.xyz provides:

A management interface for creating policies and granting permissions
Pre-flight validation for simulation and dashboards
Aggregated audit logs with on-chain event indexing

Most enforcement operations can be done directly against the contracts without the API. The API is most useful for policy management, pre-flight simulation, and audit log queries.

Security & Credential Model (Required)

This skill performs on-chain operations that require JSON-RPC access and transaction signing.

Private keys must never be provided in chat and must never be stored in unconstrained agent memory.

Signing Modes

1. External Signer (Recommended)

The agent prepares a transaction. The runtime forwards it to a secure signer service (HSM, MPC, hosted signer). The signer enforces scope, rate limits, and allowlists. The agent never sees raw private keys.

2. Wallet Connector / User-Approved Signing

Transactions are prepared by the agent. A user wallet (browser, hardware wallet) prompts for approval. Keys remain in the wallet.

3. Scoped Session Keys (Advanced)

Session keys must be policy-restricted, short-lived, and rotated frequently. Never use a long-lived owner EOA private key as a session key.

The Skill Must NOT

Ask users to paste private keys or seed phrases
Store private keys in memory, logs, or prompts
Access unrelated environment variables or local files
Request cloud credentials or system-level secrets
Persist secrets beyond runtime execution

If secure signing is not configured, operate in read-only mode until proper signing is established.

Runtime Configuration

Required (via secure secret storage, not chat):

Variable	Description
`GUARDRAIL_CHAIN_ID`	Target chain ID (e.g., `8453` for Base, `11155111` for Sepolia)
`GUARDRAIL_RPC_URL`	JSON-RPC endpoint — treat as sensitive, often contains an API key
`GUARDRAIL_SIGNING_MODE`	One of: `external_signer`, `wallet_connector`, `session_key`

Optional:

Variable	Description
`GUARDRAIL_API_URL`	AgentGuardrail API base. Defaults to `https://agentguardrail.xyz`
`GUARDRAIL_SIGNER_ENDPOINT`	External signer URL — required when `GUARDRAIL_SIGNING_MODE=external_signer`
`GUARDRAIL_SIGNER_AUTH_TOKEN`	Auth token for the external signer — sensitive, store securely
`GUARDRAIL_DASHBOARD_API_KEY`	API key for agentguardrail.xyz management API

The API URL default in all code examples below is https://agentguardrail.xyz. Override with GUARDRAIL_API_URL if self-hosting.

Smart Contract Addresses

Base Mainnet (Chain ID 8453)

Contract	Address
IdentityRegistry	`0xd0978eA4101d6144457bfbF5317499fbb5Fccf01`
PolicyRegistry	`0xc35B3D74521005C7AeA58E1B3483DcBE99B1336B`
PermissionEnforcer	`0xDc602Cf56679FF23dd17Ea65d3c47E7Ba81Eb470`
PriceOracle	`0x32b2088F68427526bE8931C2Dc61eC2520d10F00`
GuardrailFeeManager	`0x980d454d79306AFdB8EE5B01F50BeF84760A8380`
AgentAccountFactory	`0x94991827135fbd0E681B3db51699e4988a7752f1`
EntryPoint (v0.6)	`0x5FF137D4b0FDCD49DcA30c7CF57E578a026d2789`

Sepolia Testnet (Chain ID 11155111)

Contract	Address
IdentityRegistry	`0xc1fa477f991C74Cc665E605fC74f0e2B795b5104`
PolicyRegistry	`0x92cd41e6a4aA13072CeBCda8830d48f269F058c4`
PermissionEnforcer	`0x45Aa939A935b6B2Bde32a43aD48cF58AE0D9308d`
PriceOracle	`0x052cDddba3C55A63F5e48F9e5bC6b70604Db93b8`
GuardrailFeeManager	`0x59f50323A5e31ec64470b854c44735EC95929c78`
AgentAccountFactory	`0xb284E09d396F5fbeb49587886FB13a186767F14C`
EntryPoint (v0.6)	`0x5FF137D4b0FDCD49DcA30c7CF57E578a026d2789`

Start on Sepolia. Move to Base Mainnet when policies are validated.

Core Capabilities

1. Deploy a Smart Account

Deploy a new ERC-4337 smart account via AgentAccountFactory. The account is bound to PermissionEnforcer at creation. Deployment is deterministic via CREATE2 — the same owner, agentId, and salt always produce the same address.

One-time creation fee: $10 USD equivalent in ETH.

Direct contract call (recommended):

// Get required creation fee
uint256 fee = factory.getCreationFee();

// Deploy account (send fee as msg.value)
address account = factory.createAccount{value: fee}(
    ownerAddress,   // Controls the account
    agentId,        // bytes32 identifier for this agent
    salt            // bytes32 for CREATE2 determinism
);

Via API:

const apiUrl = process.env.GUARDRAIL_API_URL ?? "https://agentguardrail.xyz";

const response = await fetch(`${apiUrl}/api/v1/agents/${agentId}/deploy-smart-account`, {
  method: "POST",
  headers: { Authorization: `Bearer ${process.env.GUARDRAIL_DASHBOARD_API_KEY}` },
});
const { smart_account_address } = await response.json();

The API path is useful when using dashboard-generated bot signers (the dashboard generates the keypair and handles deployment in one step).

2. Fund a Smart Account

Send ETH directly to the smart account address. Inbound transfers are free — no fee, no contract call needed.

await walletClient.sendTransaction({
  to: smartAccountAddress,
  value: parseEther("1.0"),
});

3. Execute from a Smart Account

Agent executes a transaction from its smart account. validateUserOp() enforces the policy before the transaction reaches the chain — no override exists.

Outbound transfer fee: 10 bps (0.10%), capped at $100 USD per transaction.

// Build the UserOperation
const callData = encodeFunctionData({
  abi: agentSmartAccountABI,
  functionName: "execute",
  args: [destinationAddress, parseEther("1.0"), "0x"],
});

// Submit via ERC-4337 EntryPoint
// The EntryPoint calls validateUserOp → PermissionEnforcer before execution

Fee enforcement occurs inside GuardrailFeeManager. Fee is deducted from the transaction value automatically.

Transfer Amount	Fee
$1,000	$1.00
$10,000	$10.00
$100,000+	$100.00 (cap)

4. Read Contract State (No Signing Required)

// Get account owner
const owner = await publicClient.readContract({
  address: smartAccountAddress,
  abi: agentSmartAccountABI,
  functionName: "owner",
});

// Get smart account creation fee
const fee = await publicClient.readContract({
  address: factoryAddress,
  abi: agentAccountFactoryABI,
  functionName: "getCreationFee",
});

// Calculate transfer fee before executing
const transferFee = await publicClient.readContract({
  address: feeManagerAddress,
  abi: guardrailFeeManagerABI,
  functionName: "calculateTransferFee",
  args: [parseEther("10.0")],
});

// Check if a permission is active on-chain
const isActive = await publicClient.readContract({
  address: policyRegistryAddress,
  abi: policyRegistryABI,
  functionName: "isPermissionActive",
  args: [agentAddress, permissionId],
});

5. Policy Management

Policies define what an agent is allowed to do: which actions, tokens, protocols, chains, and spend limits. Policies are stored on-chain in PolicyRegistry and enforced by PermissionEnforcer.

On-chain (direct):

// Register a policy on-chain
bytes32 policyId = policyRegistry.registerPolicy(
    bytes32(policyHash),    // Unique identifier
    allowedActions,         // bytes32[] action type hashes
    allowedTokens,          // address[] token contracts
    allowedProtocols,       // address[] protocol contracts
    allowedChains,          // uint256[] chain IDs
    maxValuePerTx,          // uint256 in wei
    maxDailyVolume,         // uint256 in wei
    expiresAt               // uint256 unix timestamp
);

Via API (recommended for most use cases — handles on-chain registration automatically):

const apiUrl = process.env.GUARDRAIL_API_URL ?? "https://agentguardrail.xyz";
const headers = {
  "Content-Type": "application/json",
  Authorization: `Bearer ${process.env.GUARDRAIL_DASHBOARD_API_KEY}`,
};

// Create and activate a policy
const policy = await fetch(`${apiUrl}/api/v1/policies`, {
  method: "POST",
  headers,
  body: JSON.stringify({
    name: "DeFi Trading Policy",
    description: "Allow swaps and transfers with daily limits",
    definition: {
      actions: ["swap", "transfer"],
      assets: {
        tokens: ["0xA0b86991c6218b36c1d19D4a2e9Eb0cE3606eB48"],
        protocols: ["*"],
        chains: [1, 8453],
      },
      constraints: {
        maxValuePerTx: "1000000000000000000",   // 1 ETH
        maxDailyVolume: "10000000000000000000",  // 10 ETH
        maxTxCount: 100,
        requireApproval: false,
      },
      duration: {
        validFrom: "2026-01-01T00:00:00Z",
        validUntil: "2026-12-31T23:59:59Z",
      },
    },
  }),
}).then((r) => r.json());

// Activate it (registers on-chain via PolicyRegistry)
await fetch(`${apiUrl}/api/v1/policies/${policy.id}/activate`, {
  method: "POST",
  headers,
});

PolicyDefinition fields:

Field	Type	Description
`actions`	`string[]`	`swap`, `transfer`, `approve`, `stake`, `unstake`, `deposit`, `withdraw`, `mint`, `burn`, `bridge`, `claim`, `vote`, `delegate`, `lp_add`, `lp_remove`, `borrow`, `repay`, `liquidate`, `*`
`assets.tokens`	`string[]`	Token contract addresses, or `["*"]` for all
`assets.protocols`	`string[]`	Protocol addresses, or `["*"]` for all
`assets.chains`	`number[]`	Allowed chain IDs
`constraints.maxValuePerTx`	`string`	Max per-tx value in wei
`constraints.maxDailyVolume`	`string`	Max daily volume in wei
`constraints.maxWeeklyVolume`	`string`	Max weekly volume in wei
`constraints.maxTxCount`	`number`	Max transactions within the duration
`duration.validFrom` / `validUntil`	`string`	ISO 8601
`conditions`	`array`	Advanced rules: `{ field, operator, value }`. Operators: `eq`, `ne`, `gt`, `gte`, `lt`, `lte`, `in`, `not_in`, `contains`, `regex`

Other policy operations:

// Update (draft policies update in place; active policies create a new version)
await fetch(`${apiUrl}/api/v1/policies/${policyId}`, { method: "PUT", headers, body: JSON.stringify({...}) });

// Revoke (disables on-chain — active permissions using this policy stop validating)
await fetch(`${apiUrl}/api/v1/policies/${policyId}/revoke`, { method: "POST", headers });

// Reactivate
await fetch(`${apiUrl}/api/v1/policies/${policyId}/reactivate`, { method: "POST", headers });

// List / Get / Delete (draft only)
await fetch(`${apiUrl}/api/v1/policies`, { headers });
await fetch(`${apiUrl}/api/v1/policies/${policyId}`, { headers });
await fetch(`${apiUrl}/api/v1/policies/${policyId}`, { method: "DELETE", headers });

6. Permission Management

Permissions link an agent to a policy for a defined period. On-chain, PolicyRegistry.grantPermission() registers the link. PermissionEnforcer reads active permissions during validateUserOp.

On-chain (direct):

// Grant permission on-chain
bytes32 permissionId = policyRegistry.grantPermission(
    agentAddress,   // The smart account address
    policyId,       // bytes32 policy identifier
    validFrom,      // uint256 unix timestamp
    validUntil      // uint256 unix timestamp
);

Revoke on-chain:

policyRegistry.revokePermission(permissionId);

Via API (handles on-chain registration + constraint sync to PermissionEnforcer):

const apiUrl = process.env.GUARDRAIL_API_URL ?? "https://agentguardrail.xyz";
const headers = {
  "Content-Type": "application/json",
  Authorization: `Bearer ${process.env.GUARDRAIL_DASHBOARD_API_KEY}`,
};

// Grant a permission
const permission = await fetch(`${apiUrl}/api/v1/permissions`, {
  method: "POST",
  headers,
  body: JSON.stringify({
    agent_id: "agent-uuid",
    policy_id: "policy-uuid",
    valid_from: "2026-01-01T00:00:00Z",
    valid_until: "2026-12-31T23:59:59Z",
  }),
}).then((r) => r.json());

// Mint it on-chain (registers in PolicyRegistry, syncs constraints to PermissionEnforcer)
const minted = await fetch(`${apiUrl}/api/v1/permissions/${permission.id}/mint`, {
  method: "POST",
  headers,
}).then((r) => r.json());
// minted.onchain_token_id — the on-chain token ID

// Revoke
await fetch(`${apiUrl}/api/v1/permissions/${permission.id}`, { method: "DELETE", headers });

// List (filter by agent or policy)
await fetch(`${apiUrl}/api/v1/permissions?agent_id=${agentId}`, { headers });

Use the API path when you need the PermissionEnforcer constraints to sync automatically. The direct contract path is sufficient if you are managing PermissionEnforcer constraint updates yourself.

7. Action Validation

On-chain enforcement (primary):

Validation happens automatically inside AgentSmartAccount.validateUserOp() via PermissionEnforcer. You do not call this directly — it runs as part of every UserOperation. Transactions that violate policy constraints revert before execution.

Off-chain pre-flight (via API — useful for dashboards, simulation, agent planning):

const apiUrl = process.env.GUARDRAIL_API_URL ?? "https://agentguardrail.xyz";

// Pre-flight check before building a UserOperation
const result = await fetch(`${apiUrl}/api/v1/validate`, {
  method: "POST",
  headers: {
    "Content-Type": "application/json",
    Authorization: `Bearer ${process.env.GUARDRAIL_DASHBOARD_API_KEY}`,
  },
  body: JSON.stringify({
    agent_id: "agent-uuid",
    action: {
      type: "swap",
      token: "0xA0b86991c6218b36c1d19D4a2e9Eb0cE3606eB48",
      protocol: "0x7a250d5630B4cF539739dF2C5dAcb4c659F2488D",
      amount: "500000000000000000",
      chain: 8453,
      to: "0xDef1C0ded9bec7F1a1670819833240f027b25EfF",
    },
  }),
}).then((r) => r.json());
// result.allowed        — boolean
// result.reason         — explanation if denied
// result.permission_id  — matching permission
// result.policy_id      — matching policy
// result.constraints    — active constraints
// result.request_id     — audit trail reference

Simulate (dry-run, no audit record):

const sim = await fetch(`${apiUrl}/api/v1/validate/simulate`, {
  method: "POST",
  headers: { "Content-Type": "application/json", Authorization: `Bearer ${process.env.GUARDRAIL_DASHBOARD_API_KEY}` },
  body: JSON.stringify({
    agent_id: "agent-uuid",
    action: { type: "transfer", amount: "1000000000000000000", chain: 1 },
  }),
}).then((r) => r.json());
// sim.would_allow       — boolean
// sim.current_usage     — current period usage
// sim.remaining_quota   — remaining allowance
// sim.recommendations   — suggested policy adjustments

Batch validate:

// POST /api/v1/validate/batch
// Body: { actions: [...] }  — same structure as single validate

8. Audit & Monitoring

On-chain events (source of truth):

The AgentGuardrail indexer polls contracts every 12 seconds and writes events to the audit log with tx_hash and block_number. Events emitted by the contracts:

Event	Contract	Description
`EnforcementResult`	PermissionEnforcer	Every validateUserOp result
`ConstraintViolation`	PermissionEnforcer	Policy constraint breached
`UsageRecorded`	PermissionEnforcer	Spend/volume tracked
`Executed`	AgentSmartAccount	Transaction executed
`AccountCreated`	AgentAccountFactory	New smart account deployed

Query via API:

const apiUrl = process.env.GUARDRAIL_API_URL ?? "https://agentguardrail.xyz";

// List audit logs
const logs = await fetch(
  `${apiUrl}/api/v1/audit?agent_id=${agentId}&source=onchain&start_date=2026-01-01T00:00:00Z`,
  { headers: { Authorization: `Bearer ${process.env.GUARDRAIL_DASHBOARD_API_KEY}` } }
).then((r) => r.json());
// Each log entry includes: source ('onchain'|'offchain'), tx_hash, block_number, event_type

// Filter by source
// source=onchain   — events from contract indexer (tx_hash + block_number included)
// source=offchain  — API validation requests

// Export (JSON or CSV)
const csvUrl = `${apiUrl}/api/v1/audit/export?format=csv&start_date=2026-01-01T00:00:00Z`;

Event types: policy.created, policy.activated, policy.revoked, permission.created, permission.minted, permission.revoked, validation.request.

Enforcement Model

All agents are ERC-4337 smart accounts with enforced on-chain policy enforcement. There is no advisory or EOA mode.

AgentSmartAccount.validateUserOp() calls PermissionEnforcer on every UserOperation. Transactions that violate policy constraints revert before execution. The agent cannot bypass enforcement — it is built into the account's validation logic.

Off-chain validation (/api/v1/validate) runs as a pre-flight simulation for dashboards, SDK use, and agent planning. The on-chain PermissionEnforcer performs the final, authoritative enforcement.

Recommended Setup Flow

1. Deploy smart account (AgentAccountFactory.createAccount)
2. Create policy (API) → activate (registers on-chain via PolicyRegistry)
3. Grant permission (API) → mint (syncs constraints to PermissionEnforcer)
4. Agent builds UserOperations — enforcement is automatic
5. Monitor via audit logs or on-chain events

Autonomy & Safety Guidance

Start on Sepolia. All contract addresses are provided above.
Fund accounts with small amounts while validating policies.
Use strict policies — prefer explicit token/protocol allowlists over wildcards.
Enable autonomous execution only with secure signing configured.
Apply rate limits and allowlists at the signer layer as a second line of defense.

Privacy and Data Handling

This skill does not store, log, or transmit private keys, seed phrases, or signer tokens.
GUARDRAIL_RPC_URL may contain an embedded API key. Treat it as sensitive.
GUARDRAIL_SIGNER_AUTH_TOKEN grants signing capability. Store in secure secret storage — never expose in logs, prompts, or chat.
On-chain transactions are public by nature. The skill adds no off-chain data collection beyond what the blockchain records.
The skill does not access local files, browser storage, or environment variables beyond those declared in the manifest.

Design Principles

Contract-first — All enforcement is on-chain. The API is a convenience layer, not the authority.
Policy-bound by default — Every account is bound to a policy at creation. No account is unconstrained.
Non-custodial — AgentGuardrail never holds funds. Enforcement lives in contracts you can verify.
Least privilege — Signing must use scoped, secure integrations. Never expose long-lived owner keys.
Agent and human neutral — Authority derives from ownership and policy, not caller identity.
Infrastructure-grade fees — Fees are enforced at the contract layer. No software bypass exists.

Dashboard

All operations are available via the web dashboard at https://agentguardrail.xyz — manage agents, policies, permissions, and audit logs visually. API keys and bot signer keypairs generated by the dashboard should be stored in secure secret storage and never pasted into chat.

Usage Guidance

This skill appears internally consistent, but review these operational risks before installing: 1) Vet the AgentGuardrail service and any external signer you use (hosting, auth, audit, revocation). 2) Never paste private keys; prefer external signers, wallet prompts, or short-lived session keys as documented. 3) Treat GUARDRAIL_RPC_URL and any signer auth tokens as sensitive and store them in secure secret storage. 4) Test on a non-production chain (e.g., Sepolia/testnet) to verify deployed contracts and policies behave as you expect. 5) If you plan to self-host components or override GUARDRAIL_API_URL, audit the code and contracts you will interact with. Finally, consider limiting or disabling autonomous agent invocation for any skill that can prepare transactions unless you trust the signing workflow and governance around it.

Capability Analysis

Type: OpenClaw Skill Name: guardrail-smart-accounts Version: 1.1.1 The skill bundle provides documentation and configuration for 'AgentGuardrail,' a service designed to manage ERC-4337 smart accounts with on-chain spending limits for AI agents. The SKILL.md file contains comprehensive instructions, contract addresses for Base and Sepolia, and API usage examples for the domain https://agentguardrail.xyz. It explicitly includes security warnings against sharing private keys or seed phrases and follows a least-privilege model for transaction signing. No malicious code, data exfiltration logic, or harmful prompt injections were identified.

Capability Assessment

✓ Purpose & Capability

Name/description request JSON-RPC access and a signing mode; the required env vars (GUARDRAIL_CHAIN_ID, GUARDRAIL_RPC_URL, GUARDRAIL_SIGNING_MODE) match the stated on-chain deployment/signing needs. Optional secrets (signer endpoint/token, dashboard API key) are appropriate for the described management and signing modes.

ℹ Instruction Scope

SKILL.md is an instruction-only spec that stays on-topic: it explains building UserOperations, on-chain validation, and management via the AgentGuardrail API. It explicitly forbids asking for private keys in chat and instructs read-only operation when signing is not configured. Note: the instructions include sending transactions/validation requests to external endpoints (agentguardrail.xyz or an external signer) — this is expected for the purpose but is an important external-data flow to review before use.

✓ Install Mechanism

No install spec and no code files — instruction-only skills have minimal filesystem/install risk. Nothing is downloaded or executed by default.

✓ Credentials

The requested environment variables are proportional and well-justified for on-chain operations. Marking GUARDRAIL_RPC_URL as primary is reasonable (RPC endpoints often contain API keys). Optional signer endpoint and auth token are appropriate only when using external_signer.

✓ Persistence & Privilege

The skill is not 'always' enabled and requires user invocation. It doesn't request system or other-skill config paths, nor does it demand persistent privileges beyond connection strings and optional API tokens.

How to Use

Make sure OpenClaw is installed (local or Docker)
Run the install command in chat: /install guardrail-smart-accounts
After installation, invoke the skill by name or use /guardrail-smart-accounts
Provide required inputs per the skill's parameter spec and get structured output

Version History

v1.1.1

guardrail-smart-accounts v1.1.1 - Updated smart contract addresses for both Base Mainnet and Sepolia Testnet in the documentation. - No changes to code or runtime configuration.

v1.1.0

**AgentGuardrail version 1.1.0 — Major update with improved clarity, new tagging, and expanded policy/API options.** - Skill and README are rewritten for clarity: emphasizes policy-enforced, on-chain guardrails for AI agent wallets. - Adds new metadata tags: ai-agents, smart-accounts, erc-4337, guardrails, etc., for easier discovery and categorization. - Expands and clarifies runtime configuration: introduces optional GUARDRAIL_API_URL, with better dashboard API key and permission explanations. - Lists official contract addresses for Base and Sepolia; highlights deterministic smart account deployment and contract-level enforcement. - Expanded documentation on security model, signing modes, and required/optional variables. - Now uses streamlined, public-facing language and design — easier for both technical and non-technical users to configure and audit.

v1.0.8

guardrail-smart-accounts v1.0.8 - Expanded skill capabilities to include creation and management of policies, permissions, and enforcement rules for AI agents. - Updated description and documentation to reflect support for policy management alongside smart accounts. - Added examples and instructions for creating and managing policies via API. - No breaking changes to existing account creation or transfer functionality.

v1.0.7

- Added detailed support for configuration of optional and sensitive secrets, including external signer endpoint, signer auth token, and dashboard API key, based on the signing mode. - Introduced a new "optionalSecrets" section in the manifest, clarifying when each secret is required and how it should be handled. - Provided explicit requirements and best practices for signer token rotation and revocation, emphasizing security for external signer mode. - Clarified that GUARDRAIL_RPC_URL should be treated as sensitive due to possible embedded API keys. - Expanded documentation for dashboard API key usage and management best practices. - No code or logic changes; documentation and manifest improvements only.

v1.0.6

- Clarified required environment variables; now only `GUARDRAIL_CHAIN_ID`, `GUARDRAIL_RPC_URL`, and `GUARDRAIL_SIGNING_MODE` are mandatory. - Dashboard API key, signer endpoint, and signer auth token are now only mentioned as conditional/optional, not required for all usage. - Updated documentation for runtime configuration to distinguish requirements for different signing modes. - Minor wording, formatting, and security note improvements to improve clarity and reduce over-specification.

v1.0.5

- Added new required environment variables to runtime configuration: GUARDRAIL_SIGNER_ENDPOINT, GUARDRAIL_SIGNER_AUTH_TOKEN, and GUARDRAIL_DASHBOARD_API_KEY. - Explicitly documented when each signing-related environment variable is needed, especially for external signer mode and dashboard API usage. - No functional code changes detected; update is documentation/metadata only.

v1.0.4

- Updated version to 1.0.4. - Clarified required runtime configuration details, especially for signing modes and conditional variables. - Expanded explanation about secure environment requirements and how signing mode affects configuration. - Minor documentation improvements for improved clarity and guidance on setup. - No API or contract changes; this is a documentation-only update.

v1.0.3

- Made environment variable requirements minimal in SKILL.md; now only the mandatory variables are listed under `openclaw.requires`. - Removed optional signer and dashboard configuration environment variables from the main skill metadata block. - No functional logic changes; SKILL.md documentation updated for clarity and to reflect only required configuration in metadata.

v1.0.2

No user-facing changes detected in this release. - Version bump only; no source or documentation changes present.

v1.0.1

**Version 1.0.1 Changelog** - Added strict guidance and requirements for secure transaction signing (external signer, wallet connector, or policy-restricted session keys). - Clearly documented runtime secret/environment variable requirements for safe operation. - Emphasized agent non-custodial principles—never provide or store private keys in chat or agent memory. - Provided detailed breakdowns of signing modes, runtime configuration, and safe usage patterns. - Refined fee and policy documentation for clarity and user safety. - Added safety and operational best practices for autonomous or testnet usage.

v1.0.0

Initial release of Guardrail Smart Accounts Skill - Launches support for creating, funding, and managing ERC-4337 smart accounts with on-chain spending guardrails and policies. - Enables deterministic account deployment via CREATE2 and policy-bounded ownership. - Supports ETH funding (inbound transfers free) and outbound transfers with 0.10% fee (max $100 per transaction). - Provides functions to query account state, ownership, and fee calculations. - Publishes contract addresses for Base mainnet and Sepolia testnet. - Details usage of policy and permission management via the Guardrail dashboard.

Metadata

Slug guardrail-smart-accounts

Version 1.1.1

License MIT-0

All-time Installs 0

Active Installs 0

Total Versions 11

Frequently Asked Questions

What is Guardrail Agent Smart Account Wallets?

Give AI agents on-chain spending guardrails. Deploy ERC-4337 smart accounts with policy-enforced limits — agents cannot move funds beyond what you authorize,... It is an AI Agent Skill for Claude Code / OpenClaw, with 581 downloads so far.

How do I install Guardrail Agent Smart Account Wallets?

Run "/install guardrail-smart-accounts" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.

Is Guardrail Agent Smart Account Wallets free?

Yes, Guardrail Agent Smart Account Wallets is completely free, licensed under MIT-0. You can download, install and use it at no cost.

Which platforms does Guardrail Agent Smart Account Wallets support?

Guardrail Agent Smart Account Wallets is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).

Who created Guardrail Agent Smart Account Wallets?

It is built and maintained by Shawn Wollenberg (@shawnwollenberg); the current version is v1.1.1.

More Skills