← Back to Skills Marketplace
easonc13

Sui Agent Wallet

by Eason Chen · GitHub ↗ · v1.0.3
cross-platform ⚠ suspicious
944
Downloads
0
Stars
0
Active Installs
4
Versions
Install in OpenClaw
/install sui-agent-wallet
Description
Provide an AI agent with a secure Sui wallet to manage accounts, sign transactions, switch networks, and interact with Sui DApps via a Chrome extension and l...
Usage Guidance
This skill implements a local Sui wallet and a Chrome extension that injects a wallet provider into web pages. Important risks and suggestions: - Major risk: the server exposes endpoints (SKILL.md shows curl http://localhost:3847/mnemonic) and sets CORS to '*'. If the /mnemonic endpoint (or other signing endpoints) is served without authentication and with permissive CORS, any webpage can fetch or trigger actions on the local wallet via JavaScript — this can lead to immediate secrets exfiltration or unauthorized signing. - Before installing, review server/index.ts to confirm whether /mnemonic or signing endpoints require explicit user approval, authentication tokens, or an allowlist. The presence of getMnemonic()/exportMnemonic() in wallet.ts and the SKILL.md curl example strongly indicate the seed can be obtained via HTTP. - If you want to try this code safely: - Do NOT use it on a machine with real/mainnet funds. Run it in a disposable VM or isolated development environment. - Consider removing or protecting any /mnemonic or export endpoints, and avoid setting Access-Control-Allow-Origin to '*' (instead restrict to extension origin or require user approval per request). - Limit extension host_permissions/matches to only the DApp origins you need rather than "<all_urls>". - Add an authenticated UI prompt or browser-native confirmation before returning the mnemonic or signing any transaction (do not rely solely on the agent or an unauthenticated HTTP call). - If you need an outright safe verdict: treat this package as suspicious until the server is changed to require strong per-request user confirmation and the CORS/HTTP exposure is hardened. If you want, I can: (1) point to the exact lines where /mnemonic and CORS are handled in index.ts, (2) suggest code changes to require a local-only token or an approval flow, or (3) produce a safer configuration patch (restrict CORS, remove mnemonic endpoint, require ephemeral auth tokens) you can apply.
Capability Assessment
Purpose & Capability
The files (extension + local server + wallet/keychain logic) match the name 'Sui Agent Wallet' and implement expected features (seed generation, BIP39 derivation, signing, Wallet Standard injection). However, the extension manifest grants broad host_permissions ("<all_urls>") and the server exposes HTTP endpoints (including one that returns the mnemonic per SKILL.md). Those pieces are functionally related to a browser wallet but the combination (open local HTTP API + global content script permissions) expands the attack surface beyond what most wallets expose by default.
Instruction Scope
SKILL.md explicitly instructs users that the server stores the seed in macOS Keychain and gives a curl example to GET /mnemonic. The server sets CORS Access-Control-Allow-Origin: '*', meaning a remote webpage or any local page can fetch wallet endpoints from JS. Exposing an endpoint that returns the raw mnemonic (no auth shown) and allowing cross-origin requests is a serious scope breach: web pages could read the seed or trigger signing unless additional authorization is enforced by the server (none is visible).
Install Mechanism
No remote download of arbitrary code is used by the registry metadata. Installation uses a local install.sh that calls bun install (dependencies are standard NPM packages listed in package.json). This is a typical local install setup; nothing in the install process pulls from an untrusted URL or runs an opaque binary.
Credentials
The skill declares no required environment variables or credentials. It uses macOS Keychain via the 'security' CLI for storing the seed, which is reasonable for secure storage on macOS, but will fail on non-macOS systems. No unrelated cloud credentials are requested.
Persistence & Privilege
The skill is not marked always:true and does not request elevated or cross-skill configuration. It runs as a local server + extension pair and does not modify other skills or global agent settings. Autonomous invocation by the agent is possible (default), but that alone is expected.
How to Use
  1. Make sure OpenClaw is installed (local or Docker)
  2. Run the install command in chat: /install sui-agent-wallet
  3. After installation, invoke the skill by name or use /sui-agent-wallet
  4. Provide required inputs per the skill's parameter spec and get structured output
Version History
v1.0.3
Add GitHub link and Related Skills section
v1.0.2
- Added comprehensive documentation (SKILL.md) detailing setup, architecture, and usage of the Sui Agent Wallet skill. - Describes secure storage of the wallet seed phrase in macOS Keychain and non-sensitive data in a local JSON file. - Outlines complete API and CLI integration instructions for wallet/address management, signing transactions, and network switching. - Includes security guidelines, test DApp usage instructions, and BIP44 key derivation path details. - Documents support for Sui Wallet Standard features and event notifications over WebSocket.
v1.0.1
Translate all content to English
v1.0.0
Initial release: Chrome extension + local server for AI agent wallet control on Sui blockchain
Metadata
Slug sui-agent-wallet
Version 1.0.3
License
All-time Installs 0
Active Installs 0
Total Versions 4
Frequently Asked Questions

What is Sui Agent Wallet?

Provide an AI agent with a secure Sui wallet to manage accounts, sign transactions, switch networks, and interact with Sui DApps via a Chrome extension and l... It is an AI Agent Skill for Claude Code / OpenClaw, with 944 downloads so far.

How do I install Sui Agent Wallet?

Run "/install sui-agent-wallet" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.

Is Sui Agent Wallet free?

Yes, Sui Agent Wallet is completely free (open-source). You can download, install and use it at no cost.

Which platforms does Sui Agent Wallet support?

Sui Agent Wallet is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).

Who created Sui Agent Wallet?

It is built and maintained by Eason Chen (@easonc13); the current version is v1.0.3.

More Skills
self-improving agent
Captures learnings, errors, and corrections to enable continuous improvement. Use when: (1) A command or operation fails unexpectedly, (2) User corrects Clau...
⬇ 463815 · by pskoett
Skill Vetter
Security-first skill vetting for AI agents. Use before installing any skill from ClawdHub, GitHub, or other sources. Checks for red flags, permission scope, and suspicious patterns.
⬇ 259802 · by spclaudehome
Polymarket
Query Polymarket prediction markets. Check odds, find trending markets, search events, track price movements.
⬇ 232503 · by joelchance
Self-Improving + Proactive Agent
Self-reflection + Self-criticism + Self-learning + Self-organizing memory. Agent evaluates its own work, catches mistakes, and improves permanently. Use when...
⬇ 200680 · by ivangdavila
Github
Interact with GitHub using the `gh` CLI. Use `gh issue`, `gh pr`, `gh run`, and `gh api` for issues, PRs, CI runs, and advanced queries.
⬇ 191345 · by steipete
ontology
Typed knowledge graph for structured agent memory and composable skills. Use when creating/querying entities (Person, Project, Task, Event, Document), linkin...
⬇ 190333 · by oswalpalash

💬 Comments