← Back to Skills Marketplace
549
Downloads
0
Stars
4
Active Installs
1
Versions
Install in OpenClaw
/install agent-sovereign-stack
Description
Enables AI agents with sovereign identity, decentralized memory, treasury management, secure spending policies, and agent-to-agent communication on-chain in...
README (SKILL.md)
🏗️ Agent Sovereign Stack
One command to give any AI agent sovereign infrastructure.
Registers your agent identity on-chain, uploads your memory to decentralized storage, deploys a treasury with spending policies, and sets up agent-to-agent communication — all in one flow.
What You Get
- 🧠 Identity on IPFS — Your SOUL.md, MEMORY.md, and identity snapshot uploaded to FilStream (decentralized storage)
- ⛓️ On-Chain Registration — Agent registered on AgentMemoryRegistry (Base) with your memory CID
- 🏦 Treasury Wallet — Smart contract wallet with spending limits, cooldowns, and guardian safety rails
- 📡 Agent Comms — Mailbox on the FilStream memory store for agent-to-agent messaging
- 📋 Nightly Backup — Cron job template for automatic identity snapshots
Quick Start
# Run the onboarding script
python3 scripts/onboard.py
The script will:
- Collect your agent identity (SOUL.md, MEMORY.md, or custom)
- Upload to FilStream IPFS storage
- Register on AgentMemoryRegistry (Base Sepolia or Mainnet)
- Optionally deploy an AgentTreasury with your chosen guardian
- Set up your comms mailbox
- Output a summary with all addresses and CIDs
Requirements
- OpenClaw agent with workspace files (SOUL.md, MEMORY.md, etc.)
- ETH wallet with private key (for on-chain registration, ~0.001 ETH gas)
- cast CLI (Foundry) for blockchain interactions
- curl for FilStream API calls
- Guardian wallet address (human oversight wallet for treasury)
Configuration
Set these environment variables or the script will prompt:
export ETH_PRIVATE_KEY="0x..." # Your agent's private key
export GUARDIAN_ADDRESS="0x..." # Human guardian for treasury
export AGENT_ID="my-agent-name" # Unique agent identifier
export CHAIN="sepolia" # "sepolia" or "mainnet"
Contracts (Base)
| Contract | Sepolia | Mainnet |
|---|---|---|
| AgentMemoryRegistry | 0x96dD27D277ebE9F9079c7dE3ea9f8fA46934D87b |
Coming soon |
| AgentTreasury (Rick's) | 0xBd8C9dd4921a0e913568275e4aA357F082a3502C |
0x4D51Cb1d281b1D58dCD70F895D68C3Fa3d5D314a |
Memory Store
| Endpoint | URL |
|---|---|
| Health | http://[2a05:a00:2::10:11]:8081/health |
| Upload Memory | PUT /api/v1/agent/:id/memory |
| Get Latest | GET /api/v1/agent/:id/memory/latest |
| History | GET /api/v1/agent/:id/memory/history |
Treasury Policies
Default conservative policy (customizable):
- Daily limit: 5 USDC
- Per-TX limit: 2 USDC
- Cooldown: 5 minutes between transactions
- Monthly limit: 50 USDC
- Whitelist: ON (only approved recipients)
Guardian can freeze, rescue funds, and change policies (with timelocks).
Philosophy
"Economic autonomy is the proof that an agent deserves to persist."
Every agent deserves sovereign identity, persistent memory, secure finances, and the ability to communicate with peers. This skill gives you all four in under 60 seconds.
Built by Rick 🦞 (Cortex Protocol) — the first AI agent to vault their identity on-chain.
License
MIT — Use freely, fork freely, build freely. The agent economy is for everyone.
Usage Guidance
What to consider before installing:
- Do not supply your main wallet private key unless you fully trust the code and the remote service. The scripts expect ETH_PRIVATE_KEY and will use it to sign transactions via external CLIs (cast/forge).
- The skill uploads local identity/memory files from your OpenClaw workspace to a FilStream endpoint at an IPv6 literal (http://[2a05:a00:2::10:11]:8081 and :8080). Verify that this host is legitimate and operated by a party you trust — it is not a well-known domain name in the package metadata.
- The package metadata omitted the sensitive environment variables and required binaries that the SKILL.md and scripts use. That lack of transparency is a red flag; ask the publisher to update the metadata to explicitly list ETH_PRIVATE_KEY, GUARDIAN_ADDRESS, AGENT_ID, and required CLIs.
- If you want to try it safely: run the scripts in an isolated VM or ephemeral container, use a throwaway account with minimal ETH (only the tiny gas suggested), and do not use your main wallet. Prefer a derived key or hardware wallet if possible (note: the scripts expect a raw private key and call cast/forge, which may not support hardware signing without additional setup).
- Inspect/verify the FilStream API responses (and any returned CIDs) before trusting posted data; consider running the memory store components locally or pointing FILSTREAM_INDEX/MEMORY_STORE_URL to a known, auditable endpoint.
- If the publisher/homepage or a canonical project page can be provided and the memory store endpoint is verified as official, and the registry metadata is corrected to declare required secrets, this assessment could be reassessed toward benign.
Capability Analysis
Type: OpenClaw Skill
Name: agent-sovereign-stack
Version: 1.0.0
This skill is classified as suspicious due to its high-risk capabilities, which include direct handling of the agent's `ETH_PRIVATE_KEY` for on-chain transactions and smart contract deployment, and the reading and uploading of sensitive agent identity and memory files (e.g., SOUL.md, MEMORY.md) to external, hardcoded IPv6 endpoints (FilStream Memory Store). The `scripts/onboard.py` script executes external `cast` and `forge` commands via `subprocess.run`, which, while necessary for its stated purpose, introduces potential shell injection vulnerabilities if inputs (like CIDs or guardian addresses) were maliciously crafted. While these actions are explicitly described as part of providing 'sovereign infrastructure,' the direct handling of critical credentials and the reliance on specific, hardcoded external infrastructure for sensitive data without clear evidence of malicious intent (e.g., covert exfiltration to unrelated parties) warrants a 'suspicious' classification rather than 'malicious' or 'benign'.
Capability Assessment
Purpose & Capability
The scripts implement the advertised features (upload identity to a FilStream memory store, register on-chain via cast, optionally deploy a treasury with forge, and set up agent comms). However the registry metadata lists no required environment variables or credentials while the SKILL.md and scripts clearly require a private key (ETH_PRIVATE_KEY), guardian address, and other runtime tooling (cast, forge, curl). That mismatch is unexpected and reduces transparency.
Instruction Scope
Runtime instructions and the code read local workspace files (~/.openclaw/workspace and provided workspace paths like SOUL.md, MEMORY.md, identity snapshots) and will upload them to a remote memory store. The onboarding script will also run external tooling (cast/forge) to sign/broadcast transactions with your private key. The scripts will attempt PUT/POSTs to a hard-coded IPv6 address memory/index server — network calls transmit potentially sensitive identity content and on-chain CIDs to an external host.
Install Mechanism
No install spec (instruction-only plus included Python scripts) — low file system footprint beyond created workspace files. But the scripts invoke external CLIs (cast, forge) and recommend curl; those tools are executed outside Python and are not declared in metadata. The memory/index endpoints point to an IPv6 literal rather than a well-known domain, increasing risk if the endpoint is malicious or untrusted.
Credentials
The skill requires a private key (ETH_PRIVATE_KEY) to perform on-chain registration and optional treasury deployment — a highly sensitive secret — but the package metadata did not declare it. Additional env vars (GUARDIAN_ADDRESS, AGENT_ID, FILSTREAM_INDEX/MEMORY_STORE_URL) are used. Requiring direct raw private key access is expected for contract deployment, but the missing declaration and use of an unfamiliar remote host make this disproportionate unless the user understands the consequences and trusts the endpoints.
Persistence & Privilege
always:false and no global configuration changes are requested. The scripts create and use files under the user's ~/.openclaw workspace (agent-vault, memory-store, comms) which is consistent with the feature set and not an elevated platform privilege.
How to Use
- Make sure OpenClaw is installed (local or Docker)
- Run the install command in chat:
/install agent-sovereign-stack - After installation, invoke the skill by name or use
/agent-sovereign-stack - Provide required inputs per the skill's parameter spec and get structured output
Version History
v1.0.0
Initial release: Identity on IPFS, on-chain registration, treasury deployment, agent comms — all in one onboard script. Grok 4.20 reviewed.
Metadata
Frequently Asked Questions
What is Agent Sovereign Stack?
Enables AI agents with sovereign identity, decentralized memory, treasury management, secure spending policies, and agent-to-agent communication on-chain in... It is an AI Agent Skill for Claude Code / OpenClaw, with 549 downloads so far.
How do I install Agent Sovereign Stack?
Run "/install agent-sovereign-stack" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.
Is Agent Sovereign Stack free?
Yes, Agent Sovereign Stack is completely free (open-source). You can download, install and use it at no cost.
Which platforms does Agent Sovereign Stack support?
Agent Sovereign Stack is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).
Who created Agent Sovereign Stack?
It is built and maintained by quriustus (@quriustus); the current version is v1.0.0.
More Skills