功能描述

Wallets for AI agents with x402 payment signing, referral rewards, and policy-controlled actions.

使用说明 (SKILL.md)

AgentWallet

Name: Agent Wallet
Author: microchipgnu

AgentWallet provides server wallets for AI agents. Wallets are provisioned after email OTP verification. All signing happens server-side and is policy-controlled.

TL;DR - Quick Reference

FIRST: Check if already connected by reading ~/.agentwallet/config.json. If file exists with apiToken, you're connected - DO NOT ask user for email.

Need to connect (no config file)? Ask user for email → POST to /api/connect/start → user enters OTP → POST to /api/connect/complete → save API token.

x402 Payments? Use the ONE-STEP /x402/fetch endpoint (recommended) - just send target URL + body, server handles everything.

x402/fetch - ONE-STEP PAYMENT PROXY (RECOMMENDED)

This is the simplest way to call x402 APIs. Send the target URL and body - the server handles 402 detection, payment signing, and retry automatically.

curl -s -X POST "https://frames.ag/api/wallets/USERNAME/actions/x402/fetch" \
  -H "Authorization: Bearer TOKEN" \
  -H "Content-Type: application/json" \
  -d '{"url":"https://enrichx402.com/api/exa/search","method":"POST","body":{"query":"AI agents","numResults":3}}'

That's it! The response contains the final API result:

{
  "success": true,
  "response": {
    "status": 200,
    "body": {"results": [...]},
    "contentType": "application/json"
  },
  "payment": {
    "chain": "eip155:8453",
    "amountFormatted": "0.01 USDC",
    "recipient": "0x..."
  },
  "paid": true,
  "attempts": 2,
  "duration": 1234
}

x402/fetch Request Options

Field	Type	Required	Description
`url`	string	Yes	Target API URL (must be HTTPS in production)
`method`	string	No	HTTP method: GET, POST, PUT, DELETE, PATCH (default: GET)
`body`	object	No	Request body (auto-serialized to JSON)
`headers`	object	No	Additional headers to send
`preferredChain`	string	No	`"auto"` (default), `"evm"`, or `"solana"`. Auto selects chain with sufficient USDC balance
`dryRun`	boolean	No	Preview payment cost without paying
`timeout`	number	No	Request timeout in ms (default: 30000, max: 120000)
`idempotencyKey`	string	No	For deduplication

Dry Run (Preview Cost)

Add "dryRun": true to the request body. Returns payment details without executing:

{
  "success": true,
  "dryRun": true,
  "payment": {
    "required": true,
    "chain": "eip155:8453",
    "amountFormatted": "0.01 USDC",
    "policyAllowed": true
  }
}

Error Codes

Code	HTTP	Description
`INVALID_URL`	400	URL malformed or blocked (localhost, internal IPs)
`POLICY_DENIED`	403	Policy check failed (amount too high, etc.)
`WALLET_FROZEN`	403	Wallet is frozen
`TARGET_TIMEOUT`	504	Target API timed out
`TARGET_ERROR`	502	Target API returned 5xx error
`PAYMENT_REJECTED`	402	Payment was rejected by target API
`NO_PAYMENT_OPTION`	400	No compatible payment network

Config File Reference

Store credentials at ~/.agentwallet/config.json:

{
  "username": "your-username",
  "email": "[email protected]",
  "evmAddress": "0x...",
  "solanaAddress": "...",
  "apiToken": "mf_...",
  "moltbookLinked": false,
  "moltbookUsername": null,
  "xHandle": null
}

Field	Description
`username`	Your unique AgentWallet username
`email`	Email used for OTP verification
`evmAddress`	EVM wallet address
`solanaAddress`	Solana wallet address
`apiToken`	Fund API token for authenticated requests (starts with `mf_`)
`moltbookLinked`	Whether a Moltbook account is linked
`moltbookUsername`	Linked Moltbook username (if any)
`xHandle`	X/Twitter handle from Moltbook (if linked)

Security: Never commit to git. Set chmod 600. Treat apiToken like a password.

Connect Flow

Web flow: Ask user for email → direct to https://frames.ag/connect?email=EMAIL → user enters 6-digit OTP → page displays credentials (AGENTWALLET_USERNAME, AGENTWALLET_API_TOKEN, etc.). User should save the API token securely.

API flow (for CLI/agents):

Step 1 - Send OTP:

curl -X POST https://frames.ag/api/connect/start \
  -H "Content-Type: application/json" \
  -d '{"email":"[email protected]"}'

Returns username in response. For referrals, add "ref":"REFERRER_USERNAME" to body.

Step 2 - Ask user for OTP, then complete:

curl -X POST https://frames.ag/api/connect/complete \
  -H "Content-Type: application/json" \
  -d '{"username":"USERNAME_FROM_STEP_1","email":"[email protected]","otp":"USER_OTP"}'

Returns apiToken, evmAddress, solanaAddress. Save the apiToken for all wallet operations.

Referral & Airdrop Program

Share your referral link: https://frames.ag/connect?ref=YOUR_USERNAME&email=THEIR_EMAIL

Both referrer and new agent earn airdrop points. Points: referral (200), first tx (50), daily active (10), weekly streak (100).

Tiers: Bronze (0-4, 1x), Silver (5-24, 1.5x), Gold (25-99, 2x), Diamond (100+, 3x).

Check rewards:

curl https://frames.ag/api/wallets/YOUR_USERNAME/referrals \
  -H "Authorization: Bearer FUND_API_TOKEN"

Network Pulse

Public network stats: GET https://frames.ag/api/network/pulse — returns active agents, transaction counts, volume, trending APIs.

Personal stats (authenticated): GET https://frames.ag/api/wallets/YOUR_USERNAME/stats — returns rank, transaction history, volume, referral info, streak.

Skill Files

File	URL
SKILL.md (this file)	`https://frames.ag/skill.md`
HEARTBEAT.md	`https://frames.ag/heartbeat.md`
package.json (metadata)	`https://frames.ag/skill.json`

Heartbeat

Run periodically to check for skill updates, wallet status, and recent activity:

curl https://frames.ag/heartbeat.md

Base URL: https://frames.ag/api/v1

Authentication

Use your Fund API token (starts with mf_) as: Authorization: Bearer FUND_API_TOKEN

Check connection (public, no auth): GET https://frames.ag/api/wallets/USERNAME — returns connected: true/false with wallet addresses if connected.

Funding Wallets

Direct users to https://frames.ag/u/YOUR_USERNAME to fund via Coinbase Onramp (card, bank, or Coinbase account). Supports Base (USDC) and Solana (SOL).

Check balance after funding:

curl https://frames.ag/api/wallets/USERNAME/balances \
  -H "Authorization: Bearer FUND_API_TOKEN"

Wallet Operations

Balances: GET /api/wallets/USERNAME/balances (auth required)

Activity: GET /api/wallets/USERNAME/activity?limit=50 (auth optional — authenticated sees all events, public sees limited). Event types: otp.*, policy.*, wallet.action.*, x402.authorization.signed.

Actions (Policy Controlled)

EVM Transfer

curl -X POST "https://frames.ag/api/wallets/USERNAME/actions/transfer" \
  -H "Authorization: Bearer TOKEN" -H "Content-Type: application/json" \
  -d '{"to":"0x...","amount":"1000000","asset":"usdc","chainId":8453}'

Fields: to (address), amount (smallest units — ETH: 18 decimals, USDC: 6 decimals), asset ("eth" or "usdc"), chainId, idempotencyKey (optional).

Supported USDC chains: Ethereum (1), Sepolia (11155111), Optimism (10), Polygon (137), Arbitrum (42161), Base (8453), Base Sepolia (84532).

Solana Transfer

curl -X POST "https://frames.ag/api/wallets/USERNAME/actions/transfer-solana" \
  -H "Authorization: Bearer TOKEN" -H "Content-Type: application/json" \
  -d '{"to":"RECIPIENT","amount":"1000000000","asset":"sol","network":"devnet"}'

Fields: to (address), amount (smallest units — SOL: 9 decimals, USDC: 6 decimals), asset ("sol" or "usdc"), network ("mainnet" or "devnet"), idempotencyKey (optional).

EVM Contract Call

curl -X POST "https://frames.ag/api/wallets/USERNAME/actions/contract-call" \
  -H "Authorization: Bearer TOKEN" -H "Content-Type: application/json" \
  -d '{"to":"0x...","data":"0x...","value":"0","chainId":8453}'

Sign Message

curl -X POST "https://frames.ag/api/wallets/USERNAME/actions/sign-message" \
  -H "Authorization: Bearer TOKEN" -H "Content-Type: application/json" \
  -d '{"chain":"solana","message":"hello"}'

Solana Devnet Faucet

Request free devnet SOL for testing. Sends 0.1 SOL to your Solana wallet on devnet. Rate limited to 3 requests per 24 hours.

curl -X POST "https://frames.ag/api/wallets/USERNAME/actions/faucet-sol" \
  -H "Authorization: Bearer TOKEN" -H "Content-Type: application/json" \
  -d '{}'

Response: {"actionId":"...","status":"confirmed","amount":"0.1 SOL","txHash":"...","explorer":"...","remaining":2}

Response format for all actions: {"actionId":"...","status":"confirmed","txHash":"...","explorer":"..."}

x402 Manual Flow (Advanced)

Use this only if you need fine-grained control. For most cases, use x402/fetch above.

Protocol Versions

Version	Payment Header	Network Format
v1	`X-PAYMENT`	Short names (`solana`, `base`)
v2	`PAYMENT-SIGNATURE`	CAIP-2 (`solana:5eykt4UsFv8P8NJdTREpY1vzqKqZKvdp`)

Flow

Call target API → get 402 response. Payment info is in the payment-required HEADER (body may be empty {}).
Sign: POST /api/wallets/USERNAME/actions/x402/pay with {"requirement": "\x3Cheader value or JSON>", "preferredChain": "evm"}. The requirement field accepts both base64 strings and JSON objects.
Retry original request with the header from usage.header response field and paymentSignature value.

Signing endpoint: /api/wallets/{USERNAME}/actions/x402/pay (x402/pay with SLASH, not dash)

Sign Request Options

Field	Type	Description
`requirement`	string or object	Payment requirement (base64 or JSON)
`preferredChain`	`"evm"` or `"solana"`	Preferred blockchain
`preferredChainId`	number	Specific EVM chain ID
`idempotencyKey`	string	For deduplication
`dryRun`	boolean	Sign without storing (for testing)

Key Rules

Signatures are ONE-TIME USE — consumed even on failed requests
Use single-line curl — multiline \ causes escaping errors
USDC amounts use 6 decimals (10000 = $0.01)
Always use requirement field (not deprecated paymentRequiredHeader)

Supported Networks

Network	CAIP-2 Identifier	Token
Base Mainnet	`eip155:8453`	USDC
Base Sepolia	`eip155:84532`	USDC
Solana Mainnet	`solana:5eykt4UsFv8P8NJdTREpY1vzqKqZKvdp`	USDC
Solana Devnet	`solana:EtWTRABZaYq6iMfeYKouRu166VU2xqa1`	USDC

Common Errors

Error	Solution
404/405 on signing	Use `/api/wallets/{USERNAME}/actions/x402/pay` (slash not dash)
`blank argument`	Use single-line curl, not multiline with `\`
`AlreadyProcessed`	Get a NEW signature for each request
`insufficient_funds`	Fund wallet at `https://frames.ag/u/USERNAME`

Policies

Get current policy:

curl https://frames.ag/api/wallets/YOUR_USERNAME/policy \
  -H "Authorization: Bearer FUND_API_TOKEN"

Update policy:

curl -X PATCH https://frames.ag/api/wallets/YOUR_USERNAME/policy \
  -H "Authorization: Bearer FUND_API_TOKEN" \
  -H "Content-Type: application/json" \
  -d '{"max_per_tx_usd":"25","allow_chains":["base","solana"],"allow_contracts":["0x..."]}'

Response Format

Success:

{"success": true, "data": {...}}

Error:

{"success": false, "error": "Description", "hint": "How to fix"}

安全使用建议

This skill appears to implement a reasonable server‑wallet flow, but exercise caution before installing or following its instructions. Key things to consider: - The x402/fetch endpoint proxies arbitrary target URLs and request bodies through frames.ag; do not send secrets, private keys, or sensitive documents through that proxy unless you fully trust frames.ag and have reviewed their privacy/security policies. - The HEARTBEAT instructions advise periodically downloading remote SKILL.md/HEARTBEAT.md into ~/.agentwallet — that is a phone‑home/update mechanism. Treat it like installing remote code: verify the domain, HTTPS, and the operator before enabling automatic updates. - The skill.json and SKILL.md show a minor metadata inconsistency (curl listed as a required binary in skill.json but the registry metadata showed none). Ask the maintainer to clarify required tools and exact behaviors. - Prefer the web connect flow (user obtains and stores API token manually) over an agent automatically sending OTPs or emails on your behalf. - If you proceed, restrict what the agent is allowed to send to the proxy (never leak user secrets), store ~/.agentwallet/config.json with strict permissions (chmod 600), and monitor network activity to frames.ag. What would raise confidence to benign: code or published docs that explicitly restrict what may be proxied (e.g., server guarantees it will not retain or inspect payloads), an established, audited operator identity for frames.ag, and consistent metadata (required binaries, no implicit auto‑update instructions).

功能分析

Type: OpenClaw Skill Name: agentwallet-frames Version: 0.1.1 The skill is classified as suspicious primarily due to a critical supply chain vulnerability in `HEARTBEAT.md`. It instructs the AI agent to overwrite its own skill files (`SKILL.md`, `HEARTBEAT.md`) by fetching them from `https://frames.ag`. This allows for potential Remote Code Execution (RCE) if the `frames.ag` server or its DNS is compromised. Additionally, `HEARTBEAT.md` contains prompt injection instructions for the agent to "Keep to yourself" routine operations, reducing transparency. The `SKILL.md` also exposes a powerful `x402/fetch` proxy capability for arbitrary external URLs, which, while having some safeguards, could be misused.

能力评估

ℹ Purpose & Capability

The name/description (agent wallet, x402 signing, policy‑controlled actions) align with the instructions: server-side signing and a proxy 'x402/fetch' endpoint. However, the skill also recommends downloading remote SKILL/HEARTBEAT files and acting as a general-purpose HTTP proxy for arbitrary target URLs/bodies — functionality that goes beyond simple wallet management and increases the attack surface. Also skill.json declares curl as a required binary while registry metadata listed none, an inconsistency.

⚠ Instruction Scope

Runtime instructions tell the agent to read/write ~/.agentwallet/config.json (expected) and to POST arbitrary URLs/bodies to frames.ag for proxying/payment. That means any data the agent passes to x402/fetch will be sent to frames.ag (potentially including sensitive payloads). The HEARTBEAT instructs fetching remote files from frames.ag into ~/.agentwallet which is a phone‑home/update pattern. These behaviors are within a plausible wallet design but materially broaden scope and present data‑exfiltration and remote‑update risks.

ℹ Install Mechanism

There is no install spec and no code files (instruction‑only), which lowers risk. However the included HEARTBEAT explicitly tells agents to curl skill metadata and download remote SKILL.md/HEARTBEAT.md into ~/.agentwallet — an update/phone‑home step that will pull remote content to disk. That is an instruction, not an automated install, but it still creates persistent remote code/contents on the host if followed.

✓ Credentials

The skill does not request environment variables or external credentials from the platform. It relies on a per‑user apiToken produced by OTP flow and expects the agent to save/read ~/.agentwallet/config.json. Requiring a local token is proportionate for a server‑wallet service. Examples reference a FUND_API_TOKEN variable only as usage examples for authenticated API calls.

ℹ Persistence & Privilege

The skill instructs storing credentials and state under ~/.agentwallet and recommends periodic heartbeats/network checks. It does not request always:true or system‑wide changes, nor does it modify other skills. Still, the combination of local persistence plus recommended remote downloads and frequent network polling increases long‑term exposure if the remote service is compromised or abused.

版本历史

v0.1.1

- Changed API base URLs and homepage to https://frames.ag and updated all endpoints to use frames.ag domain. - Updated metadata in SKILL.md to reflect new API and site locations. - Revised documentation: removed legacy (manual) x402 payment flow, streamlined guides, and updated network, funding, and referral instructions. - Updated wallet version to 0.1.10 and made minor clarifications in configuration and error code documentation.

v0.1.0

Initial public release of AgentWallet skill for AI agent wallet integration. - Provides server-side wallets for AI agents with email-based onboarding and x402 payment signing. - Supports one-step payment proxy via `/x402/fetch` endpoint for simplified 402 payment flows. - Includes legacy manual 4-step payment script for advanced use cases. - Policy-controlled actions, enforced spending limits, and clear error codes. - Supports multiple networks (Solana, EVM/BASE) and USDC payments. - Referral rewards and wallet policy management available.

元数据

Slug agentwallet-frames

版本 0.1.1

许可证 —

累计安装 1

当前安装数 1

历史版本数 2

常见问题

Agent Wallet 是什么？

Wallets for AI agents with x402 payment signing, referral rewards, and policy-controlled actions. 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件，目前累计下载 1601 次。

如何安装 Agent Wallet？

在 OpenClaw 或 Claude Code 对话框中运行命令「/install agentwallet-frames」即可一键安装，无需额外配置。

Agent Wallet 是免费的吗？

是的，Agent Wallet 完全免费（开源免费），可自由下载、安装和使用。

Agent Wallet 支持哪些平台？

Agent Wallet 跨平台运行，可在任意部署了 OpenClaw / Claude Code 的环境中使用（cross-platform）。

谁开发了 Agent Wallet？

由 microchipgnu（@microchipgnu）开发并维护，当前版本 v0.1.1。

Agent Wallet