← Back to Skills Marketplace
Safe Multisig Skill
by
openclaw-consensus-bot
· GitHub ↗
· v2.1.0
905
Downloads
0
Stars
2
Active Installs
1
Versions
Install in OpenClaw
/install safe-multisig-skill
Description
Propose, confirm, and execute Safe multisig transactions using the Safe{Core} SDK (protocol-kit v6 / api-kit v4). TypeScript strict. Use when an agent needs to operate a Safe smart account — (1) create/predict a new Safe, (2) fetch Safe owners/threshold/nonce, (3) list pending multisig txs, (4) build + propose a tx, (5) add confirmations, (6) execute a tx onchain, or (7) troubleshoot Safe nonce/signature issues across chains (Base/Ethereum/Optimism/Arbitrum/Polygon/etc.).
Usage Guidance
This skill appears to implement legitimate Safe multisig functionality, but the package metadata understates the runtime requirements. Notable points to consider before installing:
- The scripts require SAFE_SIGNER_PRIVATE_KEY (env var) to sign/deploy/propose/approve/execute transactions — providing that key grants the ability to sign transactions that can move funds. Do not provide your main private key.
- The skill also uses RPC endpoints (RPC_URL / --rpc-url) and interacts with the Safe Transaction Service (api.safe.global). You should verify or override those endpoints to ones you trust.
- The registry entry claims no required env vars; that is incorrect. Treat the skill as requiring a signing credential and an RPC/API configuration.
- If you proceed: run the code in an isolated environment, review scripts (especially propose/execute/approve/create-safe), and prefer a low-privilege or ephemeral signer (or a hardware/custodial signing flow) with spending limits. Consider running the scripts in read-only mode first (safe-info, list-pending) and only provide a signer after manual code review.
- If you are not comfortable auditing the TypeScript, do not supply private keys to this skill. If you must automate, use a signing service or HSM that enforces policy rather than raw private keys in environment variables.
Capability Analysis
Type: OpenClaw Skill
Name: safe-multisig-skill
Version: 2.1.0
The OpenClaw skill is designed to manage Safe multisig wallets, which inherently involves sensitive operations like using private keys for signing and interacting with blockchain networks. The code demonstrates strong security practices, including robust input validation for addresses and transaction hashes, restricting file access to the workspace (`scripts/propose-tx.ts`), and explicitly handling private keys via environment variables without any evidence of exfiltration. The `SKILL.md` and `README.md` files provide clear instructions aligned with the skill's purpose and do not contain any prompt injection attempts or instructions for malicious behavior. Several 'FIX' comments in the code indicate a proactive approach to addressing potential vulnerabilities, such as preventing TOFU attacks (`scripts/execute-tx.ts`) and path traversal (`scripts/propose-tx.ts`). All network calls are directed to legitimate Safe Transaction Services (e.g., `api.safe.global`) or specified RPC URLs.
Capability Assessment
Purpose & Capability
The scripts (propose/approve/execute/create) clearly implement Safe multisig operations using the Safe SDK — this matches the description. However the registry metadata says "Required env vars: none" and "Primary credential: none", while multiple scripts require SAFE_SIGNER_PRIVATE_KEY (for signing/deploying/proposing/approving/executing) and rely on RPC_URL/--rpc-url and an optional SAFE_TX_SERVICE_API_KEY. That mismatch between declared requirements and actual runtime needs is a material incoherence.
Instruction Scope
SKILL.md and the scripts limit actions to reading tx JSON files, calling Safe Transaction Service endpoints and RPC nodes, building/signing Safe txs, and optionally sending on-chain transactions. The scripts validate inputs (addresses, tx JSON, tx hashes) and warn against pasting private keys. There are no hidden external endpoints; network activity targets Safe transaction service and configured RPC URLs only.
Install Mechanism
No arbitrary download/install URLs are used. bootstrap.sh runs npm install with a declared package.json/package-lock (official @safe-global packages, ethers, commander). This is expected for a TypeScript CLI; risk is standard npm dependency risk but nothing like an extract-from-arbitrary-URL step is present.
Credentials
The code requires a private key (SAFE_SIGNER_PRIVATE_KEY) for signing/deploying/executing transactions and may rely on RPC_URL and SAFE_TX_SERVICE_API_KEY; these are proportionate to a multisig CLI but they are not reflected in the skill's advertised 'required env vars' or 'primary credential' fields. Requiring an EOA private key is a high-privilege operation (it can move funds), so the omission in metadata is significant and could mislead non-technical users.
Persistence & Privilege
The skill is not marked always:true and does not attempt to modify other skills or system-wide configuration. It is user-invocable and can be invoked autonomously (platform default), which increases impact if misused, but that alone is not flagged here since there are no other signs of malicious persistence.
How to Use
- Make sure OpenClaw is installed (local or Docker)
- Run the install command in chat:
/install safe-multisig-skill - After installation, invoke the skill by name or use
/safe-multisig-skill - Provide required inputs per the skill's parameter spec and get structured output
Version History
v2.1.0
safe-multisig-skill 2.1.0
- Adds comprehensive TypeScript-strict scripts for Safe multisig management using Safe{Core} SDK (protocol-kit v6 / api-kit v4).
- Enables proposing, confirming, and executing multisig transactions across multiple chains (Base, Ethereum, Optimism, Arbitrum, Polygon, etc.).
- Includes scripts for Safe creation/prediction, state fetching, listing transactions, building/proposing/approving/executing transactions, and troubleshooting nonce/signature issues.
- Enhances security and usability with extensive input validation, clear configuration options, and detailed usage instructions.
- All major commands and flows are now documented with examples and references.
Metadata
Frequently Asked Questions
What is Safe Multisig Skill?
Propose, confirm, and execute Safe multisig transactions using the Safe{Core} SDK (protocol-kit v6 / api-kit v4). TypeScript strict. Use when an agent needs to operate a Safe smart account — (1) create/predict a new Safe, (2) fetch Safe owners/threshold/nonce, (3) list pending multisig txs, (4) build + propose a tx, (5) add confirmations, (6) execute a tx onchain, or (7) troubleshoot Safe nonce/signature issues across chains (Base/Ethereum/Optimism/Arbitrum/Polygon/etc.). It is an AI Agent Skill for Claude Code / OpenClaw, with 905 downloads so far.
How do I install Safe Multisig Skill?
Run "/install safe-multisig-skill" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.
Is Safe Multisig Skill free?
Yes, Safe Multisig Skill is completely free (open-source). You can download, install and use it at no cost.
Which platforms does Safe Multisig Skill support?
Safe Multisig Skill is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).
Who created Safe Multisig Skill?
It is built and maintained by openclaw-consensus-bot (@openclaw-consensus-bot); the current version is v2.1.0.
More Skills