← Back to Skills Marketplace
rishabluthra

Sponge Wallet

by Rishab Luthra · GitHub ↗ · v0.1.2
cross-platform ⚠ suspicious
1798
Downloads
0
Stars
0
Active Installs
3
Versions
Install in OpenClaw
/install wallet-skills
Description
Manage crypto wallets, transfers, swaps, and balances via the Sponge Wallet API.
Usage Guidance
This skill appears to do what it says (manage wallets via the Sponge Wallet API), but pay attention before installing: 1) SKILL.md tells agents to use an 'agent-first' registration flow that returns an API key immediately — that means an agent could perform transactions before a human explicitly claims the wallet. If you require human approval, prefer the standard device flow. 2) The skill instructs writing the API key to ~/.spongewallet/credentials.json (and exporting it). Confirm you are comfortable storing a live crypto API key on disk; consider using least-privilege keys or isolated accounts and rotate keys frequently. 3) The registry metadata did not declare the ~/.spongewallet config path even though the instructions use it — treat that as a minor inconsistency and verify how your agent runtime will handle the file. 4) Ensure the SPONGE_API_KEY you provide has only the permissions you expect; if possible test on testnet keys first. 5) Verify the skill's source/homepage before granting any live keys. If you need stricter guarantees (human-in-the-loop for any transfer or disabling agent-autonomy), require those controls before installing.
Capability Analysis
Type: OpenClaw Skill Name: wallet-skills Version: 0.1.2 This skill is classified as suspicious due to the exposure of several high-risk capabilities to the AI agent, which could be abused via prompt injection. Most notably, the `x402_fetch` endpoint allows the agent to make arbitrary HTTP requests to any URL and automatically pay for them using the agent's wallet, combining broad network access with financial expenditure. Additionally, the skill enables direct cryptocurrency transfers, swaps, bridges, Polymarket trading, and Amazon purchases, all of which are high-impact financial operations. While these features are intended, their broad scope and the agent's ability to execute shell commands (`curl`) based on `SKILL.md` instructions present a significant attack surface for unauthorized actions if the agent is compromised.
Capability Assessment
Purpose & Capability
Name, description, and required credential (SPONGE_API_KEY) line up with a REST-API-only crypto wallet skill. No unrelated binaries or extra cloud creds are requested.
Instruction Scope
SKILL.md instructs agents to call many wallet endpoints, to store the API key and claim info in ~/.spongewallet/credentials.json, and to use an 'agent-first' registration flow that returns an apiKey immediately. The skill asks agents to send claim URLs to humans and optionally post tweet text. The instructions reference reading and writing a home-folder file (credentials.json) even though the registry metadata lists no required config paths.
Install Mechanism
This is an instruction-only skill with no install spec and no code files — lowest install risk.
Credentials
Only SPONGE_API_KEY is required (proportionate). However, SKILL.md also expects/encourages reading/writing ~/.spongewallet/credentials.json and exporting SPONGE_API_URL at runtime; that file path is not declared in the registry metadata, creating a metadata/instruction mismatch that users should be aware of.
Persistence & Privilege
always:false (good), but the instructions explicitly recommend agent-first registration which returns an API key immediately and to persist it locally. Combined with normal autonomous invocation (disable-model-invocation: false), an agent could act with the key before a human claims or approves — this increases the blast radius for a misbehaving or compromised skill.
How to Use
  1. Make sure OpenClaw is installed (local or Docker)
  2. Run the install command in chat: /install wallet-skills
  3. After installation, invoke the skill by name or use /wallet-skills
  4. Provide required inputs per the skill's parameter spec and get structured output
Version History
v0.1.2
- Major expansion of supported endpoints: added Polymarket trading, Amazon checkout and search, and x402 service discovery. - API now supports "agent-first" registration mode, enabling instant API key issuance before human claim. - Balance endpoint now includes Polymarket USDC.e balances. - Standard credential storage updated to optionally include `claimCode` and `claimUrl`. - Registration instructions and claim flow documentation expanded for clarity.
v0.1.1
- Removed the long introductory HTML comment ("TL;DR for token-constrained agents — stop here if context is tight") and its block from the documentation. - No changes to skill logic, endpoints, or tool usage—documentation only. - Content and instructions in all functional sections remain the same.
v0.1.0
Initial public release of the sponge-wallet skill. - Provides doc-only guidance for interacting with the Sponge Wallet API. - Supports crypto wallet management, transfers, swaps, bridging, and balance checks across EVM and Solana chains. - Details secure agent registration, device authorization, and credential storage requirements. - Includes concise API reference, common headers, tool-to-endpoint mapping, and example usage patterns. - Requires storing API keys at ~/.spongewallet/credentials.json or via SPONGE_API_KEY environment variable.
Metadata
Slug wallet-skills
Version 0.1.2
License
All-time Installs 0
Active Installs 0
Total Versions 3
Frequently Asked Questions

What is Sponge Wallet?

Manage crypto wallets, transfers, swaps, and balances via the Sponge Wallet API. It is an AI Agent Skill for Claude Code / OpenClaw, with 1798 downloads so far.

How do I install Sponge Wallet?

Run "/install wallet-skills" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.

Is Sponge Wallet free?

Yes, Sponge Wallet is completely free (open-source). You can download, install and use it at no cost.

Which platforms does Sponge Wallet support?

Sponge Wallet is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).

Who created Sponge Wallet?

It is built and maintained by Rishab Luthra (@rishabluthra); the current version is v0.1.2.

More Skills
self-improving agent
Captures learnings, errors, and corrections to enable continuous improvement. Use when: (1) A command or operation fails unexpectedly, (2) User corrects Clau...
⬇ 463815 · by pskoett
Skill Vetter
Security-first skill vetting for AI agents. Use before installing any skill from ClawdHub, GitHub, or other sources. Checks for red flags, permission scope, and suspicious patterns.
⬇ 259802 · by spclaudehome
Polymarket
Query Polymarket prediction markets. Check odds, find trending markets, search events, track price movements.
⬇ 232503 · by joelchance
Self-Improving + Proactive Agent
Self-reflection + Self-criticism + Self-learning + Self-organizing memory. Agent evaluates its own work, catches mistakes, and improves permanently. Use when...
⬇ 200680 · by ivangdavila
Github
Interact with GitHub using the `gh` CLI. Use `gh issue`, `gh pr`, `gh run`, and `gh api` for issues, PRs, CI runs, and advanced queries.
⬇ 191345 · by steipete
ontology
Typed knowledge graph for structured agent memory and composable skills. Use when creating/querying entities (Person, Project, Task, Event, Document), linkin...
⬇ 190333 · by oswalpalash

💬 Comments