← Back to Skills Marketplace
424
Downloads
0
Stars
0
Active Installs
1
Versions
Install in OpenClaw
/install lws
Description
Lightweight Wallet Signer CLI — generate wallets, derive addresses, and sign messages across EVM, Solana, Bitcoin, Cosmos, and Tron chains.
README (SKILL.md)
LWS CLI
Minimal, offline-first CLI for generating wallets, deriving addresses, and signing messages across multiple chains.
Installation
One-liner:
curl -fsSL https://raw.githubusercontent.com/dawnlabsai/lws/main/lws/install.sh | bash
The installer will:
- Install Rust via
rustupif not already present - Clone the repo and build from source
- Place the
lwsbinary at~/.lws/bin/lws - Add
~/.lws/binto your shell'sPATH(supports zsh, bash, fish)
Set LWS_INSTALL_DIR to override the install location.
From source:
git clone https://github.com/dawnlabsai/lws.git
cd lws/lws
cargo build --workspace --release
cp target/release/lws ~/.lws/bin/lws
Commands
lws generate
Generate a new BIP-39 mnemonic phrase.
lws generate [--words 12|24]
--words— Number of mnemonic words, 12 or 24 (default:12)
lws derive
Derive an address from a mnemonic.
lws derive --mnemonic \x3CPHRASE> --chain \x3CCHAIN> [--index 0]
--mnemonic— BIP-39 mnemonic phrase (required)--chain— Chain type:evm,solana,bitcoin,cosmos,tron(required)--index— Account index (default:0)
lws sign
Sign a message with a mnemonic-derived key.
lws sign --mnemonic \x3CPHRASE> --chain \x3CCHAIN> --message \x3CMSG> [--index 0]
--mnemonic— BIP-39 mnemonic phrase (required)--chain— Chain type (required)--message— Message to sign (required)--index— Account index (default:0)
lws info
Show the vault path and list supported chains.
lws info
lws create-wallet
Create a new wallet — generates a mnemonic and saves a wallet descriptor to the vault.
lws create-wallet --name \x3CNAME> --chain \x3CCHAIN> [--words 12|24]
--name— Wallet name (required)--chain— Chain type (required)--words— Mnemonic word count (default:12)
lws list-wallets
List all saved wallets in the vault.
lws list-wallets
lws update
Update lws to the latest version by building from the latest commit.
lws update [--force]
--force— Rebuild even if already on the latest commit
lws uninstall
Remove lws from the system.
lws uninstall [--purge]
--purge— Also remove all wallet data and config (~/.lws)
Removes the binary, cleans PATH entries from shell config files, and optionally deletes the entire ~/.lws directory. Prompts for confirmation before proceeding.
File Layout
~/.lws/
├── bin/
│ └── lws # CLI binary
└── wallets/
└── \x3Cwallet-id>.json # Wallet descriptors
Usage Guidance
This skill appears to implement a local wallet CLI and the build requirements (git/cargo) are reasonable, but you should not blindly run the curl|bash installer or supply real mnemonics until you verify the code. Actionable steps: (1) Inspect the GitHub repo and the install.sh script yourself (do not pipe to shell without review). (2) Prefer cloning and building from source locally (git clone && cargo build) rather than curl|bash. (3) Confirm how wallet JSON files are protected—look for encryption/passphrase support—and check file permissions on ~/.lws. (4) Avoid passing mnemonics on the command line; use interactive prompts or secure stdin if available. (5) If you must test, run in an isolated VM/container and use throwaway mnemonics (no real funds). (6) Consider using hardware wallets or well-audited software for real funds. If you want, I can (a) fetch and summarize the install.sh and repository files for manual review, or (b) list the lines in SKILL.md that expose secrets so you can adjust usage.
Capability Analysis
Type: OpenClaw Skill
Name: lws
Version: 1.0.0
The skill is classified as suspicious primarily due to its installation and update methods. It instructs the agent to execute a remote script directly via `curl -fsSL ... | bash`, which is a significant supply chain vulnerability allowing arbitrary code execution if the remote script at `https://raw.githubusercontent.com/dawnlabsai/lws/main/lws/install.sh` is compromised. Additionally, the `lws update` command involves `git pull` and `cargo build` from a remote repository, further increasing the supply chain risk by compiling and executing potentially untrusted code. While the skill's described purpose (wallet management) is legitimate, these installation and update practices introduce high-risk capabilities without clear malicious intent from the skill's author, making it a critical vulnerability.
Capability Assessment
Purpose & Capability
Name/description align with what the SKILL.md instructs: it builds a Rust CLI, requires git and cargo, and stores wallets under ~/.lws. Requiring git/cargo and optionally rustup is proportionate for a Rust CLI built from source.
Instruction Scope
The runtime instructions tell users/agents to install via curl | bash from a raw GitHub URL and to pass full BIP-39 mnemonics on the command line (e.g., lws derive --mnemonic <PHRASE> and lws sign --mnemonic <PHRASE>). Passing secrets on the CLI can leak to shell history and process listings. The SKILL.md does not describe encrypting the wallet vault or secure handling of mnemonics, so instructions do not constrain or protect sensitive data.
Install Mechanism
The installer is a curl -fsSL https://raw.githubusercontent.com/... | bash pipeline. GitHub raw content is a known host, but piping a remote install script to a shell executes remote code without an on-disk review and is higher risk. The installer may install rustup and build toolchains, which modify the system environment.
Credentials
The skill declares no required environment variables, which is fine, but it stores wallet descriptors under ~/.lws and expects users to supply raw mnemonics. There is no mention of vault encryption, passphrase protection, or secure storage. That absence is disproportionate for a tool that handles private keys and mnemonics.
Persistence & Privilege
The skill is not marked always:true and does not request elevated or cross-skill configuration. The installer writes to the user's home directory (~/.lws) and modifies shell config to add to PATH, which is expected for a CLI but should be reviewed by the user before permitting.
How to Use
- Make sure OpenClaw is installed (local or Docker)
- Run the install command in chat:
/install lws - After installation, invoke the skill by name or use
/lws - Provide required inputs per the skill's parameter spec and get structured output
Version History
v1.0.0
Initial release of lws: Lightweight Wallet Signer CLI.
- Generate BIP-39 mnemonics, derive addresses, and sign messages for EVM, Solana, Bitcoin, Cosmos, and Tron chains.
- Minimal, offline-first CLI.
- Wallet management: create, list, and store wallets locally.
- Easy installation script and update/uninstall commands included.
- Works on macOS and Linux; requires git and Rust.
Metadata
Frequently Asked Questions
What is Local Wallet Standard?
Lightweight Wallet Signer CLI — generate wallets, derive addresses, and sign messages across EVM, Solana, Bitcoin, Cosmos, and Tron chains. It is an AI Agent Skill for Claude Code / OpenClaw, with 424 downloads so far.
How do I install Local Wallet Standard?
Run "/install lws" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.
Is Local Wallet Standard free?
Yes, Local Wallet Standard is completely free (open-source). You can download, install and use it at no cost.
Which platforms does Local Wallet Standard support?
Local Wallet Standard is cross-platform and runs anywhere OpenClaw / Claude Code is available (darwin, linux).
Who created Local Wallet Standard?
It is built and maintained by njdawn (@njdawn); the current version is v1.0.0.
More Skills