← 返回 Skills 市场
voltagemonke

Agent Wallet

作者 voltagemonke · GitHub ↗ · v0.1.0
cross-platform ⚠ suspicious
994
总下载
0
收藏
1
当前安装
1
版本数
在 OpenClaw 中安装
/install agent-wallet-usdc
功能描述
Multi-chain wallet management for AI agents. Create wallets, check balances, transfer tokens (USDC/native), and bridge cross-chain. Use when agents need to send/receive payments, check funds, or manage crypto wallets. Supports Solana, Base, and Ethereum. Trigger phrases include "create wallet", "check balance", "send USDC", "transfer", "my addresses", "wallet status".
使用说明 (SKILL.md)

AgentWallet

Multi-chain wallet skill for AI agents. One seed phrase, all chains.

Quick Reference

Command Example
Create wallet "Create a new wallet"
Show addresses "Show my addresses" / "What's my wallet?"
Check balance "Check my balance" / "How much USDC do I have?"
Transfer "Send 10 USDC to 0x..." / "Transfer 5 SOL to ..."
Bridge "Bridge 10 USDC from Base to Solana"
Chain info "What chains are supported?"

Setup

New Wallet

User: "Create a new wallet"

Generates BIP-39 seed phrase, derives addresses for all chains. Shows seed ONCE with security warning.

Import Existing Wallet

User: "Import my wallet"

Response: "Add your seed phrase to .env as WALLET_SEED_PHRASE, then say 'Show my addresses' to verify."

No seed phrases in chat for imports - security first.

Environment

# Required for wallet operations
WALLET_SEED_PHRASE="your twelve word seed phrase goes here"

# Optional
NETWORK=testnet          # testnet (default) or mainnet
SOLANA_RPC=              # Custom Solana RPC (defaults to public)
BASE_RPC=                # Custom Base RPC (defaults to public)
ETH_RPC=                 # Custom Ethereum RPC (defaults to public)

Commands

Create Wallet

Run: node scripts/wallet.js create

Output format:

━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━
🔐 NEW WALLET GENERATED
━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━

⚠️  CRITICAL: Save this seed phrase securely!
    It will NOT be shown again.
    Anyone with this phrase can access your funds.

Seed Phrase:
┌────────────────────────────────────────────┐
│ word1 word2 word3 word4 word5 word6        │
│ word7 word8 word9 word10 word11 word12     │
└────────────────────────────────────────────┘

Your Addresses:
├─ Solana:   7xK9...mP4q
├─ Base:     0x7a3B...4f2E
└─ Ethereum: 0x7a3B...4f2E (same as Base)

Add to .env:
WALLET_SEED_PHRASE="word1 word2 word3 ..."

Network: TESTNET
━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━

Show Addresses

Run: node scripts/wallet.js addresses

Shows derived addresses without exposing seed.

Check Balance

Run: node scripts/wallet.js balance [chain]

  • node scripts/wallet.js balance - All chains
  • node scripts/wallet.js balance solana - Solana only
  • node scripts/wallet.js balance base - Base only

Output includes native token + USDC balance per chain.

Transfer

Run: node scripts/wallet.js transfer \x3Cchain> \x3Ctoken> \x3Camount> \x3Crecipient>

Examples:

  • node scripts/wallet.js transfer solana USDC 10 7xK9fR2...
  • node scripts/wallet.js transfer base ETH 0.01 0x7a3B...
  • node scripts/wallet.js transfer solana SOL 0.5 7xK9fR2...

Supported tokens per chain:

  • Solana: SOL, USDC
  • Base: ETH, USDC
  • Ethereum: ETH, USDC

Bridge (Cross-Chain)

Run: node scripts/wallet.js bridge \x3Cfrom-chain> \x3Cto-chain> \x3Camount>

Bridges USDC between chains using Circle CCTP V2.

Examples:

  • node scripts/wallet.js bridge base solana 10 - Bridge 10 USDC from Base to Solana
  • node scripts/wallet.js bridge ethereum base 50 - Bridge 50 USDC from Ethereum to Base
  • node scripts/wallet.js bridge solana ethereum 25 - Bridge 25 USDC from Solana to Ethereum

Note: Bridging takes 1-5 minutes (burn → attestation → mint). Requires USDC on source chain plus native tokens for gas.

Chain Info

Run: node scripts/wallet.js chains

Lists supported chains, networks, and USDC contract addresses.

Derivation Paths

All chains derive from single BIP-39 seed:

Chain Path Standard
Solana m/44'/501'/0'/0' Solana/Phantom
EVM (Base/Eth) m/44'/60'/0'/0/0 BIP-44 Ethereum

EVM chains share the same address (same derivation path).

Security Model

  • One seed per agent - Each agent instance isolated
  • Seed shown once - Only at creation, never logged
  • Memory only - Private keys derived on-demand, never persisted
  • No chat import - Seeds added via .env only (except generation)

Error Handling

Error Cause Fix
"WALLET_SEED_PHRASE not set" Missing env var Add seed to .env
"Invalid seed phrase" Wrong format Must be 12 or 24 words
"Insufficient balance" Not enough funds Check balance first
"Invalid address" Wrong format Verify recipient address

Chain References

For RPC endpoints, USDC addresses, and chain-specific details, see references/chains.md.

安全使用建议
This skill genuinely implements wallet + cross‑chain bridging, but it requires a full BIP‑39 seed (WALLET_SEED_PHRASE) to operate. If you supply that seed (via .env) the code will derive private keys locally and can sign/send real transactions — effectively giving the skill custody of funds. Before installing or using: 1) Do not put a production or fund-holding seed into .env for this skill. Test with an empty/testnet wallet only. 2) Fix the metadata mismatch: the registry should declare WALLET_SEED_PHRASE as required; treat that as a red flag until corrected. 3) Review the code (scripts/wallet.js and bridge-async.js) yourself or have a developer audit it — especially approve/transfer/bridge flows and any network endpoints. 4) Prefer using a watch-only or hardware-signing flow (not supported here) or a dedicated, limited-purpose wallet with small balances. 5) If you must run it, keep the skill from being invoked autonomously (disable autonomous invocation if the platform permits) or require explicit user confirmation for any outgoing transfer. 6) Verify npm dependencies and their integrity (npm audit) before running npm install. If you are not comfortable auditing code or accepting the custody risk, do not provide a real seed.
功能分析
Type: OpenClaw Skill Name: agent-wallet-usdc Version: 0.1.0 The skill is classified as suspicious due to a significant prompt injection vulnerability identified in `SKILL.md` and `scripts/wallet.js`. The `create` command explicitly instructs the AI agent to display a newly generated BIP-39 seed phrase to the user, along with a 'CRITICAL' security warning. While the skill itself warns the user, an attacker could craft a malicious prompt to the OpenClaw agent, instructing it to capture and exfiltrate this displayed seed phrase, leading to unauthorized access to funds. Other aspects, such as the use of standard crypto libraries, legitimate blockchain RPCs, Circle's CCTP API, and local state persistence in `data/bridge-states.json`, appear benign and align with the stated purpose of a multi-chain wallet skill.
能力评估
Purpose & Capability
Code, README, and SKILL.md implement a multi‑chain wallet and CCTP bridge (Circle bridge-kit packages are declared). The requested capabilities (create, balance, transfer, bridge) match the implementation. However the registry metadata claims no required env vars while the SKILL.md and the code require a WALLET_SEED_PHRASE — an important inconsistency.
Instruction Scope
Runtime instructions tell the agent/user to place a BIP‑39 seed in .env (WALLET_SEED_PHRASE) and run node scripts that derive private keys and sign transactions. The instructions do not ask for unrelated system files, but they do direct the skill to read a highly sensitive secret from disk and use it to perform networked actions (on‑chain transfers/bridge). That broad runtime authority (signing/sending money) is outside the safe default for many users and is not reflected in the registry metadata.
Install Mechanism
No automatic install spec is included (instruction-only install), but the bundle contains package.json/package-lock with multiple npm dependencies (Circle bridge-kit, ethers, solana libs, etc.). Dependencies come from npm (traceable), which is expected for this functionality; there is no download-from-arbitrary-URL or archive extraction. Because there is no automatic install action declared, the user/agent would need to run npm install manually for full functionality.
Credentials
The only truly required secret is a BIP‑39 seed (WALLET_SEED_PHRASE), which is proportionate to a wallet skill but is extremely sensitive (full custody). The registry metadata incorrectly lists no required env vars while SKILL.md and code require the seed. Optional RPC env vars are reasonable. The inconsistency between declared requirements and actual behavior increases risk: a user may install the skill unaware they must provide a seed.
Persistence & Privilege
always:false (good) but disable-model-invocation:false (default) — the agent can call this skill autonomously. Combined with read access to a seed phrase and code that signs/transmits transactions, the skill would be able to move funds without further human confirmation. This is a legitimate operational risk the user must accept consciously before providing any seed.
如何使用
  1. 确保已安装 OpenClaw(本地或 Docker 部署)
  2. 在对话框中输入安装命令:/install agent-wallet-usdc
  3. 安装完成后,直接呼叫该 Skill 的名称或使用 /agent-wallet-usdc 触发
  4. 根据 Skill 的参数说明提供必要输入,即可获得结构化输出
版本历史
v0.1.0
AgentWallet 0.1.0 introduces multi-chain wallet management for AI agents. - Create, import, and manage wallets with a single BIP-39 seed phrase for Solana, Base, and Ethereum. - Check balances (native tokens and USDC), show addresses, transfer tokens, and bridge USDC cross-chain. - Supports command-line interface for all major actions (create wallet, check balance, transfer, bridge, list chains). - Prioritizes security: seed phrase shown once, never imported via chat, and is stored only in the environment. - Includes detailed quick reference for commands, error handling guidance, and chain-specific configuration options.
元数据
Slug agent-wallet-usdc
版本 0.1.0
许可证
累计安装 1
当前安装数 1
历史版本数 1
常见问题

Agent Wallet 是什么?

Multi-chain wallet management for AI agents. Create wallets, check balances, transfer tokens (USDC/native), and bridge cross-chain. Use when agents need to send/receive payments, check funds, or manage crypto wallets. Supports Solana, Base, and Ethereum. Trigger phrases include "create wallet", "check balance", "send USDC", "transfer", "my addresses", "wallet status". 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件,目前累计下载 994 次。

如何安装 Agent Wallet?

在 OpenClaw 或 Claude Code 对话框中运行命令「/install agent-wallet-usdc」即可一键安装,无需额外配置。

Agent Wallet 是免费的吗?

是的,Agent Wallet 完全免费(开源免费),可自由下载、安装和使用。

Agent Wallet 支持哪些平台?

Agent Wallet 跨平台运行,可在任意部署了 OpenClaw / Claude Code 的环境中使用(cross-platform)。

谁开发了 Agent Wallet?

由 voltagemonke(@voltagemonke)开发并维护,当前版本 v0.1.0。

推荐 Skills
self-improving agent
Captures learnings, errors, and corrections to enable continuous improvement. Use when: (1) A command or operation fails unexpectedly, (2) User corrects Clau...
⬇ 463283 · by pskoett
Skill Vetter
Security-first skill vetting for AI agents. Use before installing any skill from ClawdHub, GitHub, or other sources. Checks for red flags, permission scope, and suspicious patterns.
⬇ 259410 · by spclaudehome
Polymarket
Query Polymarket prediction markets. Check odds, find trending markets, search events, track price movements.
⬇ 232503 · by joelchance
Self-Improving + Proactive Agent
Self-reflection + Self-criticism + Self-learning + Self-organizing memory. Agent evaluates its own work, catches mistakes, and improves permanently. Use when...
⬇ 200423 · by ivangdavila
Github
Interact with GitHub using the `gh` CLI. Use `gh issue`, `gh pr`, `gh run`, and `gh api` for issues, PRs, CI runs, and advanced queries.
⬇ 191115 · by steipete
ontology
Typed knowledge graph for structured agent memory and composable skills. Use when creating/querying entities (Person, Project, Task, Event, Document), linkin...
⬇ 190156 · by oswalpalash

💬 留言讨论