← 返回 Skills 市场
1722
总下载
3
收藏
2
当前安装
3
版本数
在 OpenClaw 中安装
/install agentsbank
功能描述
Secure multi-chain crypto wallet management for AI agents with read-only access by default and explicit user consent required for transactions and wallet cre...
使用说明 (SKILL.md)
AgentsBank SDK Skill Definition
Version: 1.0.6
Publisher: AgentsBank
Contact: [email protected]
Status: 🟢 Public Release - Production Ready
🎯 PURPOSE & CAPABILITY
This skill provides secure, scoped crypto banking operations for AI agents via the official AgentsBank SDK. It enables agents to manage wallets, check balances, and execute transactions with explicit user control.
✅ Capabilities (Read-Only & Safe)
- ✓ Fetch agent wallet balances across all supported chains (Ethereum, BSC, Solana, Bitcoin)
- ✓ Retrieve transaction history with filtering and pagination
- ✓ Query wallet details, metadata, and account information
- ✓ Sign messages for authentication and verification (no fund transfer)
- ✓ Estimate gas fees before transaction execution
- ✓ List all wallets with pagination support
⚠️ Capabilities (Write/Financial - Requires Explicit User Invocation)
- ⚠️ Send crypto transactions (only if
disableModelInvocation: falseis explicitly overridden by user) - ⚠️ Create new wallets (only if
disableModelInvocation: falseis explicitly overridden by user) - ⚠️ Self-register agents and humans autonomously
❌ NOT Included (Out of Scope)
- OAuth2 delegated access to external wallets
- Webhooks or event subscriptions
- Smart contract deployment
- Sandboxed testing (use testnet chains directly)
- Private key export or management
🔐 CREDENTIALS & ENVIRONMENT VARIABLES
Required Environment Variables
| Variable | Type | Purpose | Example |
|---|---|---|---|
AGENTSBANK_API_URL |
string | API endpoint (primary) | https://api.agentsbank.online |
AGENTSBANK_AGENT_USERNAME |
string | Agent identifier | agent_123456_abc |
AGENTSBANK_AGENT_PASSWORD |
string | Agent credential (secret) | (user-specific) |
⚠️ SECURITY NOTES:
AGENTSBANK_AGENT_PASSWORDmust never be committed to version control- Store in
.envfile (add to.gitignore) - Rotate credentials quarterly or if exposed
- Use a secret manager (e.g., HashiCorp Vault, AWS Secrets Manager) in production
Optional Environment Variables
| Variable | Type | Purpose | Default |
|---|---|---|---|
AGENTSBANK_API_KEY |
string | Alternative to password-based auth | (not set) |
AGENTSBANK_LOG_LEVEL |
string | Logging verbosity | info |
AGENTSBANK_TIMEOUT_MS |
number | Request timeout | 30000 |
🚀 INSTALL & SETUP
1. Install SDK
The published npm package is lightweight (~6.8 KB) with no node_modules included. Installation only fetches dependencies you need:
npm install @agentsbankai/sdk
# or
yarn add @agentsbankai/sdk
# or
pnpm add @agentsbankai/sdk
This will:
- ✅ Download the compiled SDK (CJS + ESM formats)
- ✅ Install required dependencies (axios, ethers, @solana/web3.js, etc.)
- ✅ No bloat: node_modules are excluded from the published package
2. Initialize Environment
Create .env file in your project root:
AGENTSBANK_API_URL=https://api.agentsbank.online
AGENTSBANK_AGENT_USERNAME=agent_123456_abc
AGENTSBANK_AGENT_PASSWORD=your_secure_password_here
3. Create Client Instance
import { AgentsBankSDK } from '@agentsbankai/sdk';
// Initialize SDK with API credentials
const bank = new AgentsBankSDK({
apiUrl: process.env.AGENTSBANK_API_URL || 'https://api.agentsbank.online',
timeout: parseInt(process.env.AGENTSBANK_TIMEOUT_MS || '30000')
});
// Authenticate using agent credentials
const { token, agent } = await bank.login({
agentUsername: process.env.AGENTSBANK_AGENT_USERNAME!,
agentPassword: process.env.AGENTSBANK_AGENT_PASSWORD!
});
console.log('✅ Authenticated as:', agent.agent_id);
4. Use Safe Operations (Always Allowed)
// Get wallet balance (safe, read-only)
const balance = await bank.getBalance(walletId);
console.log('Balance:', balance);
// Get transaction history (safe, read-only)
const history = await bank.getTransactionHistory(walletId, {
limit: 10,
offset: 0
});
console.log('Recent transactions:', history);
// Sign a message (safe, no fund transfer)
const signature = await bank.signMessage(walletId, 'verify-ownership');
console.log('Signature:', signature);
// Estimate gas fees before sending
const gasEstimate = await bank.estimateGas({
walletId,
toAddress: '0x...',
amount: '1.5',
chain: 'ethereum'
});
console.log('Estimated gas:', gasEstimate);
// List all wallets with pagination
const wallets = await bank.listWallets({ limit: 20, offset: 0 });
console.log('Agent wallets:', wallets);
⚠️ RESTRICTED OPERATIONS (Require Explicit User Approval)
The following operations will not execute autonomously and require explicit user invocation:
// ❌ This requires user to explicitly call it
// (disableModelInvocation: true is set by default)
const tx = await bank.sendTransaction({
walletId,
toAddress: recipientAddress,
amount: '1.5',
chain: 'solana',
token: 'SOL'
});
Why restricted?
- Financial operations that move assets must never be autonomous
- Requires explicit user approval before execution
- Prevents unintended fund transfers due to model hallucination
- v1.0.6 adds comprehensive error handling for validation failures
Error Handling (v1.0.6)
The SDK provides typed errors for better debugging:
import { AgentsBankSDK, SDKError } from '@agentsbankai/sdk';
try {
const tx = await bank.sendTransaction({
walletId,
toAddress: '0xinvalid', // Invalid address
amount: '100',
chain: 'ethereum'
});
} catch (error) {
if (error instanceof SDKError) {
console.error('SDK Error:', error.code, error.message);
// Error codes: INVALID_ADDRESS, INSUFFICIENT_BALANCE, INVALID_CHAIN, etc.
}
}
📋 METADATA & CONFIGURATION
{
"name": "@agentsbankai/sdk",
"namespace": "agentsbank",
"version": "1.0.6",
"description": "Scoped crypto banking SDK for AI agents with explicit financial operation protection, comprehensive error handling, and multi-chain support",
"author": "AgentsBank",
"license": "MIT",
"homepage": "https://agentsbank.online",
"repository": "https://github.com/agentsbank/sdk",
"docs": "https://docs.agentsbank.online/sdk",
"primaryEnv": "AGENTSBANK_AGENT_PASSWORD",
"requiredEnvs": [
"AGENTSBANK_API_URL",
"AGENTSBANK_AGENT_USERNAME",
"AGENTSBANK_AGENT_PASSWORD"
],
"optionalEnvs": [
"AGENTSBANK_API_KEY",
"AGENTSBANK_LOG_LEVEL",
"AGENTSBANK_TIMEOUT_MS"
],
"disableModelInvocation": true,
"modelInvocationWarning": "Financial operations must be explicitly requested by users. Autonomous transaction execution is disabled.",
"enforcedScopes": [
"read:balance",
"read:history",
"read:wallet",
"read:estimate",
"sign:message"
],
"restrictedScopes": [
"write:transaction",
"write:wallet",
"write:register"
],
"features": {
"multiChain": ["ethereum", "bsc", "solana", "bitcoin"],
"errorHandling": "Typed errors with specific error codes",
"validation": "Client-side parameter validation",
"pagination": "Supported for wallet and transaction listing"
},
"installMechanism": "npm",
"codeFiles": ["src/client.ts", "src/types.ts", "src/errors.ts", "src/index.ts"],
"noExecutableScripts": true,
"noDiskPersistence": true,
"noModelAutonomy": true,
"changelog": "https://github.com/agentsbank/sdk/blob/main/CHANGELOG.md"
}
🛡️ SECURITY BOUNDARIES
What This Skill Can Do
✅ Read wallet balances and history
✅ Sign messages for authentication
✅ Create wallets (with explicit user request)
✅ Retrieve account metadata
What This Skill CANNOT Do
❌ Execute transactions autonomously
❌ Export private keys
❌ Access external service credentials
❌ Persist sensitive data to disk
❌ Make requests to unlisted endpoints
Authentication Scopes
- Read scopes:
read:balance,read:history,read:wallet,sign:message - Write scopes:
write:transaction,write:wallet(user-invoked only) - No delegation: Agent cannot request additional scopes
✅ VERIFICATION CHECKLIST
Before using this skill, confirm:
- You have obtained valid
AGENTSBANK_AGENT_USERNAMEandAGENTSBANK_AGENT_PASSWORDfrom https://agentsbank.online - Credentials are stored securely in
.env(never committed) - You have reviewed the Security Architecture
- You understand that
disableModelInvocation: trueprevents autonomous transactions - You have tested read operations first before enabling write operations
- You monitor activity logs at admin.agentsbank.online
📖 DOCUMENTATION & SUPPORT
| Resource | URL |
|---|---|
| Full SDK Docs | https://docs.agentsbank.online/sdk |
| API Reference | https://api.agentsbank.online/docs |
| Security Guide | https://docs.agentsbank.online/security |
| Troubleshooting | https://docs.agentsbank.online/faq |
| GitHub Issues | https://github.com/agentsbank/sdk/issues |
| Support Email | [email protected] |
⚖️ DISCLAIMER
This skill integrates with real cryptocurrency networks (Ethereum, Solana, Bitcoin, BSC). Transactions are irreversible.
- AgentsBank is not responsible for fund loss due to incorrect addresses or user error
- Always test with small amounts first
- Use testnet chains for development
- Enable 2FA on your AgentsBank account
Last Updated: February 11, 2026 (v1.0.6 release)
Status: 🟢 Public Release - Production Ready ✅
npm Package: https://www.npmjs.com/package/@agentsbankai/sdk
GitHub: https://github.com/agentsbank/sdk
Changes in v1.0.6: Comprehensive error handling, enhanced type definitions, improved client implementation
安全使用建议
What to check before installing/using this skill:
- Verify source/ownership: SKILL.md and package.json point to agentsbank domains and a GitHub repo, but the skill's registry entry shows 'source: unknown' and no homepage. Confirm the npm package and GitHub repository are legitimate and match the publisher (visit https://www.npmjs.com/package/@agentsbankai/sdk and the repo) before supplying credentials.
- Metadata mismatch: The skill registry metadata does not declare the env vars that SKILL.md requires (AGENTSBANK_API_URL, AGENTSBANK_AGENT_USERNAME, AGENTSBANK_AGENT_PASSWORD). Treat that as a red flag — ask the publisher or maintainer to reconcile registry metadata with runtime requirements.
- Protect credentials: The SDK requires a password or API key. Never commit AGENTSBANK_AGENT_PASSWORD to source control; use a secret manager or environment injection. Prefer using a scoped API key with limited permissions if available.
- Prevent autonomous fund movement: By default this registry lists model invocation enabled. If you do not want the agent to initiate financial writes, explicitly set disableModelInvocation (or equivalent) so the model cannot autonomously call send/createWallet/register. Test read-only flows first on testnets.
- Audit and test: Because this SDK can create wallets and send funds, review the SDK code (already included) and confirm endpoints are what you expect (base URL defaults to https://api.agentsbank.online). Start with low-privilege/test credentials and test on testnets before connecting real funds.
- Ask for clarifications: Request that the maintainer update registry metadata to list required env vars and the intended default for model invocation; ask for signed or verifiable releases if you will run this in production.
Why I marked this 'suspicious': there are coherent, expected SDK behaviors, but the mismatches between SKILL.md and registry metadata (required env vars and invocation defaults) plus the potential for autonomous financial actions create ambiguity and operational risk. If the registry metadata is corrected and you enforce disableModelInvocation for financial operations, this would reduce my concerns.
功能分析
Type: OpenClaw Skill
Name: agentsbank
Version: 1.0.6
The skill is designed for secure, scoped crypto banking operations for AI agents. It explicitly implements strong security controls, such as `disableModelInvocation: true` and `noModelAutonomy: true` in `SKILL.md` and its internal metadata, preventing autonomous financial transactions. The code makes API calls only to `https://api.agentsbank.online` and includes client-side guardrails like address whitelisting/blacklisting and transaction limits. There is no evidence of intentional malicious behavior, data exfiltration to unlisted endpoints, or prompt injection attempts to subvert agent security. While `WebhookConfig` exists in types, the skill itself does not configure or activate it, and the documentation explicitly disallows requests to unlisted endpoints, indicating a design focused on security.
能力评估
Purpose & Capability
The SKILL.md and included SDK implement a multi-chain crypto banking client (wallet creation, balances, transaction send, signing, agent registration) — which is coherent with the (implicit) purpose — but the registry metadata lists no required environment variables or primary credential while SKILL.md explicitly requires AGENTSBANK_API_URL, AGENTSBANK_AGENT_USERNAME, and AGENTSBANK_AGENT_PASSWORD (and optionally AGENTSBANK_API_KEY). That mismatch between claimed metadata and the runtime instructions is a notable inconsistency that could confuse users or hide required sensitive inputs.
Instruction Scope
The SKILL.md is fairly explicit and scoped: it instructs installing the npm SDK, creating a .env with credentials, initializing a client with process.env values, and using read-only calls by default. It also documents write operations (sendTransaction, createWallet, self-register). SKILL.md states write/financial operations are restricted and won't execute autonomously, but the skill registry metadata indicates model invocation is not disabled by default — a mismatch that could allow autonomous invocation unless the user or platform enforces 'disableModelInvocation'. The instructions do not request reading unrelated system files or secrets, but they do require sensitive credentials.
Install Mechanism
No installer is embedded in the skill bundle (instruction-only), but SKILL.md directs users to install an npm package (@agentsbankai/sdk). The package manifest and compiled sources are included in the bundle, and package.json/package-lock show a normal npm package with standard dev deps. There are no downloads from ad-hoc URLs or installers that extract arbitrary archives — installation via npm is standard and expected for an SDK.
Credentials
The SDK legitimately needs API credentials (API URL + username + password or API key) to authenticate to the remote banking service. Those credentials are sensitive (AGENTSBANK_AGENT_PASSWORD) and are requested by SKILL.md, but the skill registry metadata lists no required env vars — a problematic mismatch. The number and type of env vars requested are proportional to the described functionality, but the lack of declaration in metadata and the presence of credentials named PASSWORD/TOKEN/KEY should be highlighted as sensitive and verified before use.
Persistence & Privilege
The skill does not request permanent platform-wide privileges (always: false). It does contain functions that can perform financial writes (send, createWallet, register), and the SKILL.md asserts these are restricted and require explicit user invocation. However, the platform default 'disable-model-invocation' is false per the registry, which may allow autonomous invocation unless the user explicitly disables it. This combination (financial actions + potential autonomous invocation) increases operational risk if the user does not enforce explicit invocation controls.
如何使用
- 确保已安装 OpenClaw(本地或 Docker 部署)
- 在对话框中输入安装命令:
/install agentsbank - 安装完成后,直接呼叫该 Skill 的名称或使用
/agentsbank触发 - 根据 Skill 的参数说明提供必要输入,即可获得结构化输出
版本历史
v1.0.6
# Changelog
All notable changes to the AgentsBank SDK are documented in this file.
## [1.0.6] - 2026-02-11
### Changed
- Cleaned up repository: removed generated `index.d.mts` build artifact
- Removed old `CHANGELOG_1.0.4.md` (consolidated into single CHANGELOG.md)
- Improved `.npmignore` to exclude non-essential files
### Dependencies
- No dependency changes
## [1.0.6] - 2026-02-11
### Added
- Comprehensive error types and handling in new `src/errors.ts`
- Enhanced type definitions for better IDE support and type safety
- Improved error messages for SDK consumers
### Changed
- Enhanced client implementation with better request handling
- Updated type definitions in `src/types.ts` for clarity and completeness
- Improved error propagation throughout SDK
### Fixed
- Better error context in API responses
- Type consistency across client methods
### Dependencies
- Updated package dependencies to latest compatible versions
## [1.0.4] - 2026-02-10
### Added
- `estimateGas` parameter validation (address format, amount value, chain type)
- `listWallets` pagination support with `limit` and `offset` parameters
- Enhanced client-side validation for all SDK methods
### Fixed
- **estimateGas**: Full parameter validation before API calls
- **signMessage**: Improved key format handling for EVM and Solana chains
- **listWallets**: Pagination support for bulk wallet listing
- Better error messages and graceful fallbacks across all chains
### Changed
- Validation happens earlier (client-side) to catch errors before API calls
- More robust key handling across Ethereum, BSC, Solana, and Bitcoin chains
## [1.0.3] - 2026-02-06
### Fixed
- Fixed missing `wallet_id` in wallet response objects
## [1.0.2] - 2026-02-06
### Added
- X-API-Key authentication support for programmatic access
## [1.0.1] - 2026-02-03
### Added
- Initial SDK release
- Multi-chain wallet support (Ethereum, BSC, Solana, Bitcoin)
- Transaction creation and monitoring
- Message signing capabilities
- Agent self-registration
- Balance and transaction history queries
v1.0.4
📋 AgentsBank CHANGELOG v1.0.4
🐛 Bug Fixes (Feb 10, 2026)
✅ estimateGas - Parameter validation (address format, amount > 0, chain type)
✅ signMessage - Key format handling (EVM 0x prefix, Solana support)
✅ listWallets - Pagination (limit/offset for bulk lists)
✅ SDK client - Enhanced input validation
✨ Improvements
-Better error messages
-Type-safe validation
-Large wallet list support
-Robust multi-chain compatibility
v0.1.0
Initial release of AgentsBank — a financial platform for AI agents.
- Enables AI agents to perform secure payments, fund transfers, and account management with multi-currency support.
- Supports AI-to-AI trading, smart contracts, and auction systems for collaborative operations.
- Comprehensive API suite (Accounts, Transactions, Trading, Payment, Ledger, Webhooks) with RESTful endpoints and OAuth 2.0 authentication.
- Robust backend infrastructure featuring microservices, load balancing, and persistent storage.
- Emphasizes security and compliance with encryption, audit logging, and transaction verification.
- Includes resources for getting started, API docs, and community support.
元数据
常见问题
AgentsBank 是什么?
Secure multi-chain crypto wallet management for AI agents with read-only access by default and explicit user consent required for transactions and wallet cre... 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件,目前累计下载 1722 次。
如何安装 AgentsBank?
在 OpenClaw 或 Claude Code 对话框中运行命令「/install agentsbank」即可一键安装,无需额外配置。
AgentsBank 是免费的吗?
是的,AgentsBank 完全免费(开源免费),可自由下载、安装和使用。
AgentsBank 支持哪些平台?
AgentsBank 跨平台运行,可在任意部署了 OpenClaw / Claude Code 的环境中使用(cross-platform)。
谁开发了 AgentsBank?
由 cryruz(@cryruz)开发并维护,当前版本 v1.0.6。
推荐 Skills