Description

Manage Ethereum wallets with encrypted keys, TOTP 2FA, secure ETH transactions, audit logs, and rate limiting for AI-driven payment processing.

README (SKILL.md)

AI Wallet Payment System - Skill Guide

Name: AI Walllet Payment System
Author: cerbug45

Overview

This skill enables AI agents to securely manage cryptocurrency wallets and perform blockchain transactions. It provides encrypted key storage, multi-factor authentication, and secure transaction processing for Ethereum-based payments.

Repository: https://github.com/cerbug45/AI-Wallet-Payment-System
Author: cerbug46
Version: 13.0
Language: Python 3.8+

🎯 What This Skill Does

Primary Capabilities

Creates and manages Ethereum cryptocurrency wallets
Encrypts private keys with military-grade cryptography
Performs secure ETH transactions via Web3
Implements TOTP-based two-factor authentication
Provides comprehensive audit logging
Offers rate limiting and abuse prevention

Use Cases

AI agents that need to make automated payments
Secure wallet management for applications
Educational demonstrations of crypto security
Testing blockchain integrations
Building payment-enabled AI systems

📦 Installation & Setup

Step 1: System Dependencies

Ubuntu/Debian:

sudo apt-get update
sudo apt-get install -y python3-dev libsqlcipher-dev build-essential libssl-dev

macOS:

brew install sqlcipher openssl [email protected]

Windows:

# Install Visual Studio Build Tools 2019+
# Download from: https://visualstudio.microsoft.com/downloads/
# Select "Desktop development with C++" workload

Step 2: Clone Repository

git clone https://github.com/cerbug45/AI-Wallet-Payment-System.git
cd AI-Wallet-Payment-System

Step 3: Python Environment

# Create isolated virtual environment
python3 -m venv venv

# Activate environment
source venv/bin/activate  # Linux/macOS
# OR
venv\Scripts\activate     # Windows

# Upgrade pip
pip install --upgrade pip

Step 4: Install Python Dependencies

# Core dependencies
pip install web3==6.0.0
pip install pysqlcipher3==1.2.0
pip install cryptography==41.0.0
pip install argon2-cffi==23.1.0
pip install pyotp==2.9.0
pip install qrcode==7.4.0
pip install pillow==10.0.0

# Optional: Install all at once
pip install -r requirements.txt

Dependency Breakdown:

web3 - Ethereum blockchain interaction
pysqlcipher3 - Encrypted SQLite database
cryptography - AES/ChaCha20 encryption
argon2-cffi - Password hashing
pyotp - TOTP 2FA implementation
qrcode - QR code generation for 2FA
pillow - Image processing for QR codes

Step 5: Environment Configuration

Create .env file in project root:

# Required Configuration
WEB3_PROVIDER_URL=https://mainnet.infura.io/v3/YOUR_INFURA_PROJECT_ID
BACKUP_ENCRYPTION_KEY_FINGERPRINT=\x3Cgenerated-key>

# Optional Configuration
DATABASE_PATH=./secure_wallets.db
LOG_LEVEL=INFO
RATE_LIMIT_ENABLED=true
MAX_REQUESTS_PER_MINUTE=2
MAX_REQUESTS_PER_HOUR=20
SESSION_TIMEOUT_MINUTES=15

Generate Backup Encryption Key:

openssl rand -hex 32
# Copy output to BACKUP_ENCRYPTION_KEY_FINGERPRINT

Get Infura Project ID:

Sign up at https://infura.io/
Create new project
Copy Project ID from dashboard
Use in WEB3_PROVIDER_URL

Step 6: Verify Installation

python -c "from ultra_secure_wallet_v13_MAXIMUM_SECURITY import MaximumSecurityPaymentAPI; print('✅ Installation successful')"

🚀 Quick Start Guide

Basic Usage Example

from ultra_secure_wallet_v13_MAXIMUM_SECURITY import MaximumSecurityPaymentAPI
import getpass
import os

# Load environment variables
from dotenv import load_dotenv
load_dotenv()

# Get master password securely (NEVER hardcode!)
master_password = getpass.getpass("Enter master password: ")

# Initialize API
api = MaximumSecurityPaymentAPI(master_password)

# Create new wallet
wallet = api.create_wallet(
    wallet_id="my_ai_wallet",
    metadata={
        "agent_name": "PaymentBot",
        "purpose": "automated_payments"
    }
)

if wallet['success']:
    print(f"✅ Wallet created!")
    print(f"   Address: {wallet['address']}")
    print(f"   📱 Setup 2FA with: {wallet['totp_uri']}")
    print(f"   🔑 Backup codes: {wallet['backup_codes']}")
    
    # CRITICAL: Save MFA secret and backup codes securely!
    # Store in password manager or encrypted vault

# Check balance
balance = api.get_balance("my_ai_wallet")
print(f"💰 Balance: {balance['balance_eth']} ETH")

# Send transaction (requires TOTP from authenticator app)
totp_code = input("Enter 6-digit TOTP code: ")
tx = api.send_transaction(
    wallet_id="my_ai_wallet",
    to_address="0x742d35Cc6634C0532925a3b844Bc9e7595f0bEb",
    amount_eth=0.001,  # Send 0.001 ETH
    totp_code=totp_code
)

if tx['success']:
    print(f"✅ Transaction sent!")
    print(f"   TX Hash: {tx['tx_hash']}")

# Always cleanup sensitive data
api.cleanup()

Command Line Demo

# Run built-in demo
python ultra_secure_wallet_v13_MAXIMUM_SECURITY.py

# Follow prompts:
# 1. Enter strong master password (20+ chars)
# 2. System creates demo wallet
# 3. Displays active security features
# 4. Shows wallet address and 2FA setup

🔒 Security Configuration

Password Requirements

The system enforces strict password policies:

# Minimum requirements
- Length: 20+ characters
- Uppercase letters: 1+
- Lowercase letters: 1+
- Digits: 1+
- Special characters: 1+
- Entropy: 80+ bits

Recommended Password Generation:

# Generate strong password
openssl rand -base64 32

# Or use password manager:
# - 1Password
# - Bitwarden
# - LastPass
# - KeePassXC

Two-Factor Authentication Setup

After creating a wallet, you'll receive:

TOTP Secret - Store in password manager
QR Code URI - Scan with authenticator app
Backup Codes - Save offline securely

Compatible Authenticator Apps:

Google Authenticator
Authy
Microsoft Authenticator
1Password (has built-in TOTP)

Rate Limiting Configuration

Edit in code or environment:

# Default limits
MAX_REQUESTS_PER_MINUTE = 2   # Per wallet/IP
MAX_REQUESTS_PER_HOUR = 20    # Per wallet/IP
LOCKOUT_DURATION = 3600       # 1 hour in seconds

Audit Logging

All operations are logged to secure_wallet.log:

# View logs
tail -f secure_wallet.log

# Filter for specific wallet
grep "my_ai_wallet" secure_wallet.log

# Check for security events
grep -E "SECURITY|ERROR|FAILED" secure_wallet.log

🎓 Advanced Usage

Using with AI Agents

class PaymentAgent:
    def __init__(self, master_password):
        self.wallet_api = MaximumSecurityPaymentAPI(master_password)
        self.wallet_id = "agent_wallet"
        
    async def process_payment(self, recipient, amount, totp):
        """Process automated payment"""
        
        # Check balance first
        balance = self.wallet_api.get_balance(self.wallet_id)
        
        if balance['balance_eth'] \x3C amount:
            return {"error": "Insufficient funds"}
        
        # Execute transaction
        result = self.wallet_api.send_transaction(
            wallet_id=self.wallet_id,
            to_address=recipient,
            amount_eth=amount,
            totp_code=totp
        )
        
        return result
    
    def cleanup(self):
        self.wallet_api.cleanup()

Environment-Specific Configuration

Development/Testnet:

# Use Sepolia testnet
WEB3_PROVIDER_URL=https://sepolia.infura.io/v3/YOUR_PROJECT_ID

# Or Goerli
WEB3_PROVIDER_URL=https://goerli.infura.io/v3/YOUR_PROJECT_ID

Production/Mainnet:

# Ethereum mainnet
WEB3_PROVIDER_URL=https://mainnet.infura.io/v3/YOUR_PROJECT_ID

# Enable all security features
RATE_LIMIT_ENABLED=true
REQUIRE_2FA=true
AUDIT_LOGGING=true

Backup and Recovery

Export Wallet Backup:

# Encrypted backup creation
api.export_wallet_backup("my_wallet", backup_password="strong-backup-pwd")
# Creates: wallet_backup_20240215_123456.enc

Restore from Backup:

# Import encrypted backup
api.import_wallet_backup(
    "wallet_backup_20240215_123456.enc",
    backup_password="strong-backup-pwd"
)

🧪 Testing Guide

Test on Testnet First

Never test with real ETH on mainnet!

# 1. Get testnet ETH
# Visit: https://sepoliafaucet.com/
# Enter your wallet address
# Receive free test ETH

# 2. Configure testnet
export WEB3_PROVIDER_URL=https://sepolia.infura.io/v3/YOUR_PROJECT_ID

# 3. Run tests
python ultra_secure_wallet_v13_MAXIMUM_SECURITY.py

Unit Testing

# Install test dependencies
pip install pytest pytest-cov pytest-mock

# Run tests (if available)
pytest tests/

# With coverage
pytest --cov=ultra_secure_wallet_v13_MAXIMUM_SECURITY tests/

⚠️ Important Warnings

What This System Actually Provides

✅ Implemented Security Features:

Encrypted database (SQLCipher AES-256)
Strong password hashing (Argon2id)
Private key encryption (ChaCha20-Poly1305)
TOTP two-factor authentication
Rate limiting and lockout
Audit logging
Input validation
Memory wiping

❌ Not Implemented (Despite Header Claims):

Hardware Security Module (HSM) integration
Trusted Platform Module (TPM) support
Post-quantum cryptography
Multi-signature wallets
Quantum random number generation
Most of the 500+ listed features

Production Checklist

Before using in production:

Professional security audit completed
Penetration testing performed
Code review by security experts
Insurance/liability coverage obtained
Disaster recovery plan documented
Incident response procedures ready
Regular security updates scheduled
Compliance requirements verified (KYC/AML if applicable)
Multi-signature wallet implemented for large amounts
Cold storage setup for long-term holdings

Risk Acknowledgment

This system is experimental and educational.

⚠️ No warranty provided
⚠️ Use at your own risk
⚠️ Authors not liable for lost funds
⚠️ Not professionally audited
⚠️ May contain security vulnerabilities
⚠️ Suitable for small amounts only

🐛 Troubleshooting

Common Issues

Problem: "ModuleNotFoundError: No module named 'pysqlcipher3'"

# Solution: Install system dependencies first
sudo apt-get install libsqlcipher-dev
pip install pysqlcipher3

Problem: "Web3 provider not connected"

# Solution: Check Infura URL and API key
echo $WEB3_PROVIDER_URL
# Should output: https://mainnet.infura.io/v3/YOUR_PROJECT_ID

Problem: "Argon2 too slow / system freeze"

# Solution: Reduce Argon2 parameters in code
# Edit MaxSecurityConfig:
ARGON2_MEMORY_MB = 128  # Reduce from 512
ARGON2_ITERATIONS = 4   # Reduce from 16

Problem: "Rate limit exceeded"

# Solution: Wait for cooldown or increase limits
# Limits reset after 1 hour
# Or edit rate limit config

📚 Additional Resources

Documentation

Security Best Practices

Ethereum Tools

Etherscan - Blockchain explorer
Remix IDE - Smart contract development
MetaMask - Browser wallet

🤝 Contributing

Contributions welcome! Areas needing improvement:

Testing: Add comprehensive test suite
Documentation: Improve code documentation
Security: Implement claimed features properly
Performance: Optimize Argon2 parameters
Features: Real HSM integration, multi-sig support
UI: Web interface or CLI improvements

📞 Support

GitHub Issues: https://github.com/cerbug45/AI-Wallet-Payment-System/issues
Username: cerbug46
Repository: cerbug45/AI-Wallet-Payment-System

📄 License

MIT License - See LICENSE file for details

Last Updated: February 2024
Skill Version: 1.0
Code Version: 13.0

Usage Guidance

This skill implements an Ethereum wallet/payment system but has several red flags you should address before using it with real funds or secrets: (1) Source and distribution: SKILL.md instructs you to clone and run code from an unverified GitHub repo (cerbug45) — prefer signed releases or vetted packages. (2) Metadata mismatch: the registry claims no required env vars, but the instructions need an Infura provider URL and a generated backup encryption key; verify required variables in the registry and platform UI. (3) Sensitive operations: the code will handle private keys, create TOTP secrets and backup codes, and can send transactions — only run in an isolated/sandboxed environment, and never on mainnet with real funds until audited. (4) Grand claims: the Python file header lists dozens of advanced hardware and cryptographic protections that the README admits are not implemented; treat these as marketing, not guarantees. Recommended next steps: a) do NOT supply production keys or real ETH — use ephemeral keys and a testnet provider; b) request the full repository history and a reproducible build or signed release; c) audit the Python code (or have a security professional do so) focusing on any network calls, telemetry, or hidden endpoints; d) run the code in an isolated VM/container and monitor outbound connections before trusting it; e) prefer alternatives that declare required env vars/credentials in registry metadata and come from verified authors. If you want, I can: list specific files/lines to inspect for exfiltration, summarize the Python file's network/IO behavior, or suggest safer vetted wallet libraries and integration patterns.

Capability Analysis

Type: OpenClaw Skill Name: ai-walllet-payment-system Version: 0.1.0 The skill is classified as suspicious due to significant discrepancies between the security claims made in the `ultra_secure_wallet_v13_MAXIMUM_SECURITY.py` code's docstring and the actual implementation, which is even explicitly contradicted by the `SKILL.md` and `README.md` documentation. A critical example is the `HSMInterface` in `ultra_secure_wallet_v13_MAXIMUM_SECURITY.py`, which is declared 'MANDATORY' but includes software fallbacks for cryptographic operations, undermining the hardware security requirement. This misrepresentation creates a false sense of security and constitutes a severe vulnerability, even without direct evidence of malicious intent like data exfiltration or backdoors.

Capability Assessment

ℹ Purpose & Capability

The name and description claim Ethereum wallet and payment capabilities which align with the included Python code and SKILL.md instructions. However the registry metadata declares no required environment variables/credentials while SKILL.md explicitly requires WEB3_PROVIDER_URL (Infura) and a backup encryption key — a clear mismatch between what the skill says it needs and what the registry advertises. The repository URL is provided in SKILL.md but the skill's registry 'Source' is 'unknown', which reduces trust.

⚠ Instruction Scope

The runtime instructions tell an operator to clone an external GitHub repo and pip-install and run unverified Python code that will create and manage private keys and perform transactions. That code will prompt for master passwords and output 2FA secrets and backup codes to the terminal in demos — behaviour that is expected for a wallet but is high-risk if the code or environment is malicious or misconfigured. The SKILL.md also asks the user to generate/store a BACKUP_ENCRYPTION_KEY_FINGERPRINT and to provide an Infura URL; these are sensitive operations that must be handled carefully. The instructions do not document telemetry, network endpoints beyond Infura, or explicit data exfiltration controls.

⚠ Install Mechanism

There is no formal install spec in the registry (instruction-only), but SKILL.md requires cloning from https://github.com/cerbug45/AI-Wallet-Payment-System and installing packages via pip. Pulling and running code from an unverified third‑party GitHub repo is higher risk than using vetted packages; the skill includes a large Python file that will be executed locally. The repository owner and registry owner/metadata do not obviously match, and there is no signed release or known trusted distribution channel.

⚠ Credentials

The registry lists no required environment variables or primary credential, yet SKILL.md requires WEB3_PROVIDER_URL (Infura project ID) and a BACKUP_ENCRYPTION_KEY_FINGERPRINT, plus optional DATABASE_PATH and rate-limit settings. For a wallet/payment skill the Infura URL and backup key are reasonable, but the omission from registry metadata is a poor practice and limits the platform's ability to warn users. The included code header also declares mandatory HSM and many advanced hardware/security integrations that are either contradictory with the README (which says many advanced features are not implemented) or impossible without additional environment/configuration — another mismatch.

✓ Persistence & Privilege

The skill is not marked always:true and does not request system-level persistence via the registry. There is no evidence in the SKILL.md that it will modify other skills or global agent config. That said, it instructs the user to place sensitive keys in environment files and to run code locally; the skill could persist data to locally created encrypted DB files (expected for a wallet) but that is within the normal scope for this functionality.

Version History

v0.1.0

Initial release of AI Wallet Payment System skill. - Enables secure creation and management of Ethereum wallets with military-grade encryption. - Supports secure ETH transactions using Web3, with TOTP-based two-factor authentication. - Provides encrypted key storage, password policies with high entropy, and backup/recovery options. - Features built-in rate limiting, comprehensive audit logging, and abuse prevention tools. - Includes command-line demo, API for integration with AI agents, and extensive configuration instructions.

Metadata

Slug ai-walllet-payment-system

Version 0.1.0

License —

All-time Installs 0

Active Installs 0

Total Versions 1

Frequently Asked Questions

What is AI Walllet Payment System?

Manage Ethereum wallets with encrypted keys, TOTP 2FA, secure ETH transactions, audit logs, and rate limiting for AI-driven payment processing. It is an AI Agent Skill for Claude Code / OpenClaw, with 715 downloads so far.

How do I install AI Walllet Payment System?

Run "/install ai-walllet-payment-system" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.

Is AI Walllet Payment System free?

Yes, AI Walllet Payment System is completely free (open-source). You can download, install and use it at no cost.

Which platforms does AI Walllet Payment System support?

AI Walllet Payment System is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).

Who created AI Walllet Payment System?

It is built and maintained by cerbug45 (@cerbug45); the current version is v0.1.0.

More Skills

AI Walllet Payment System