← Back to Skills Marketplace

Xaman Wallet Integration

Name: Xaman Wallet Integration
Author: harleyscodes

by HarleysCodes · GitHub ↗ · v1.0.0

cross-platform ⚠ suspicious

561

Downloads

Stars

Active Installs

Versions

Install in OpenClaw

/install xaman-wallet-integration

Description

Integrate Xaman wallet SDK to authenticate users, connect wallets, request XRP payments, and manage sessions on the XRP Ledger.

Usage Guidance

This SKILL.md otherwise looks like a normal browser-side Xumm/Xaman wallet integration, but there are three points to check before installing: (1) Metadata mismatch — the skill metadata declares no env vars but the instructions require NEXT_PUBLIC_XAMAN_API_KEY; ask the publisher to correct metadata so you know what secrets/config are needed. (2) Trust the CDN — the runtime instructs you to load code from https://xumm.app; verify that domain and the SDK file are legitimate and consider pinning a known-good release or hosting the SDK yourself if you need higher supply-chain assurance. (3) Session storage and API key exposure — NEXT_PUBLIC_ indicates the key will be public in client builds and the SDK persists JWTs in localStorage by default (accessible to other scripts and vulnerable to XSS). If you need stronger security, use server-side flows, avoid storing long-lived tokens in localStorage, or configure the SDK to use more secure storage. If you cannot validate the skill author/source (homepage/source are missing), request provenance before installing.

Capability Analysis

Type: OpenClaw Skill Name: xaman-wallet-integration Version: 1.0.0 The skill bundle provides instructions and code snippets for integrating the Xaman wallet (formerly Xumm) for XRP Ledger authentication and transactions. It instructs loading an SDK from the official `https://xumm.app` CDN, which is a legitimate source for the stated purpose. All content in `SKILL.md` is purely instructional and descriptive, focusing on the wallet integration process. There are no signs of prompt injection attempts against the AI agent, no malicious code, no data exfiltration, nor any unauthorized actions or external communications beyond the legitimate Xaman service.

Capability Assessment

⚠ Purpose & Capability

The SKILL.md describes exactly the expected behavior for a Xumm/Xaman PKCE wallet integration (loading the SDK from the Xumm CDN, authorizing, reading session state). However, the registry metadata claims no required environment variables while the runtime instructions explicitly require NEXT_PUBLIC_XAMAN_API_KEY. That metadata/instruction mismatch is incoherent and should be corrected.

⚠ Instruction Scope

The instructions tell the agent (developer) to load a remote SDK from https://xumm.app/assets/cdn/xumm-oauth2-pkce.min.js and to persist sessions (JWTs) in localStorage by default. Loading third-party JS at runtime and storing tokens in localStorage are expected for a browser wallet integration but are security-sensitive actions; the SKILL.md does not provide guidance about securing the API key, mitigating XSS, or alternatives to localStorage.

ℹ Install Mechanism

This is instruction-only (no install spec, no files). That lowers static install risk, but the instruction requires including a remote CDN script (xumm.app). Runtime inclusion of remote code is normal for a web SDK but relies on trusting that domain and its supply chain.

⚠ Credentials

The SKILL.md requires NEXT_PUBLIC_XAMAN_API_KEY (client-facing variable) but the skill metadata lists no required env vars. Requiring a NEXT_PUBLIC_ prefixed key is consistent with client-side use (public), but the metadata omission is misleading. Also, defaulting to rememberJwt:true means tokens are persisted to localStorage (accessible to other scripts), which raises proportionality/privacy concerns.

✓ Persistence & Privilege

always is false and there is no install script or filesystem/config-path access requested. The skill does not ask for persistent platform-level privileges or to modify other skills. The main persistence concern is the SDK's use of browser localStorage for sessions (mentioned in the instructions).

How to Use

Make sure OpenClaw is installed (local or Docker)
Run the install command in chat: /install xaman-wallet-integration
After installation, invoke the skill by name or use /xaman-wallet-integration
Provide required inputs per the skill's parameter spec and get structured output

Version History

v1.0.0

- Initial release of the Xaman Wallet integration skill. - Enables authentication and transaction requests for the XRP Ledger using the XummPkce SDK. - Provides guidance for connecting user wallets, signing in, and requesting payments or signatures. - Includes SDK loading instructions and essential method descriptions for quick integration. - Details environment setup and troubleshooting tips.

Metadata

Slug xaman-wallet-integration

Version 1.0.0

License —

All-time Installs 0

Active Installs 0

Total Versions 1

Frequently Asked Questions

What is Xaman Wallet Integration?

Integrate Xaman wallet SDK to authenticate users, connect wallets, request XRP payments, and manage sessions on the XRP Ledger. It is an AI Agent Skill for Claude Code / OpenClaw, with 561 downloads so far.

How do I install Xaman Wallet Integration?

Run "/install xaman-wallet-integration" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.

Is Xaman Wallet Integration free?

Yes, Xaman Wallet Integration is completely free (open-source). You can download, install and use it at no cost.

Which platforms does Xaman Wallet Integration support?

Xaman Wallet Integration is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).

Who created Xaman Wallet Integration?

It is built and maintained by HarleysCodes (@harleyscodes); the current version is v1.0.0.

More Skills