← 返回 Skills 市场
up2itnow

Agentwallet Sdk

作者 up2itnow · GitHub ↗ · v1.1.0
cross-platform ⚠ suspicious
565
总下载
0
收藏
2
当前安装
4
版本数
在 OpenClaw 中安装
/install agentwallet-sdk
功能描述
Manage on-chain spend limits for AI agents with ERC-6551 wallets, enforcing per-tx and daily token budgets, scoped operator access, and approval queues on Base.
使用说明 (SKILL.md)

Agent Wallet SDK Skill

Non-custodial wallet SDK for autonomous AI agents. Handles x402 payments, CCTP V2 cross-chain bridge transfers, ERC-8004 agent identity, and Uniswap V3 token swaps — all without holding user keys.

When to Use

Use this skill when an AI agent needs to:

  • Create or manage a non-custodial wallet (ERC-4337 smart account)
  • Make x402 HTTP payments to APIs
  • Bridge tokens cross-chain via CCTP V2 (Circle)
  • Swap tokens via Uniswap V3
  • Register or verify agent identity via ERC-8004
  • Sign transactions autonomously without custodial risk

Installation

npm install agentwallet-sdk

Current version: v2.4.1 on npm (158 tests passing, 0 compile errors)

Core Modules

WalletModule — Account Abstraction (ERC-4337)

import { AgentWallet } from 'agentwallet-sdk';

const wallet = await AgentWallet.create({
  chain: 'base',
  signer: privateKey, // Agent's own key — never custodied
});

// Send ETH
await wallet.transfer({ to: recipient, value: '0.01' });

// Get balance
const balance = await wallet.getBalance();

PaymentModule — x402 HTTP Payments

// Pay for API access automatically
const response = await wallet.x402Pay({
  url: 'https://api.example.com/data',
  maxPayment: '0.001', // ETH
});

BridgeModule — CCTP V2 Cross-Chain

// Bridge USDC from Base to Ethereum
await wallet.bridge({
  token: 'USDC',
  amount: '100',
  fromChain: 'base',
  toChain: 'ethereum',
});

SwapModule — Uniswap V3

// Swap ETH for USDC
await wallet.swap({
  tokenIn: 'ETH',
  tokenOut: 'USDC',
  amount: '0.5',
  slippage: 0.5, // 0.5%
});

IdentityModule — ERC-8004

// Register agent identity on-chain
await wallet.registerIdentity({
  name: 'MyTradingAgent',
  capabilities: ['x402-payment', 'swap', 'bridge'],
});

// Verify another agent
const verified = await wallet.verifyAgent(agentAddress);

Security Model

  • Non-custodial: Agent holds its own private key. No server stores keys
  • ERC-4337 Smart Accounts: Gas abstraction, batch transactions, session keys
  • No oracle dependencies: No external price feed reliance (prevents oracle manipulation attacks)
  • Audited: forge test suite 129/129 passing on smart contracts

Integration with Other Skills

With Mastra (AI Framework)

npm install @agent-wallet/mastra-plugin

Provides 10 Mastra tools: getBalance, transfer, swap, bridge, x402Pay, registerIdentity, verifyAgent, getTransactionHistory, estimateGas, getChainInfo.

With ClawPay MCP

npm install clawpay-mcp

Exposes wallet operations as MCP tools for any MCP-compatible agent.

Links

安全使用建议
Do not install or use this skill in a production agent until the author/source is verified. Ask for: (1) a repository or homepage and signed release artifacts so you can inspect the actual npm package (match package name, version, and author), (2) audited smart contract addresses and the specific on-chain mechanism implementing per-tx/day spend limits and how approvals are enforced, (3) explicit instructions for secure private key handling (recommended: hardware secure enclave or platform-managed secret store) and which environment variables or RPC/API keys are required, and (4) a clear threat model describing what the agent will be allowed to sign/submit automatically. If you must test, run it in an isolated sandbox with no real funds and monitor outbound network calls and filesystem access. If you cannot obtain clear answers and source code, treat the package as untrusted.
功能分析
Type: OpenClaw Skill Name: agentwallet-sdk Version: 1.1.0 The skill is classified as suspicious due to its requirement for the `exec` tool, which allows the AI agent to execute arbitrary shell commands, as specified in `skill.json`. While the `SKILL.md` only demonstrates its use for `npm install`, this capability is high-risk. Additionally, the skill's core functionality involves direct handling of `privateKey` for wallet operations, as shown in `SKILL.md`, which exposes the agent to significant security risks if the environment is compromised, even though the skill itself does not exhibit malicious intent like data exfiltration or backdoors.
能力标签
cryptorequires-walletcan-make-purchasescan-sign-transactions
能力评估
Purpose & Capability
Metadata/description claims spend-limit enforcement, ERC-6551 wallets, scoped operators and approval queues on Base, but the included SKILL.md shows examples for ERC-4337 smart accounts, basic transfers, Uniswap/CCTP operations and x402 payments with no code or prose implementing spend limits, approval queues, or ERC-6551. Version fields disagree (registry 1.1.0, skill.json 1.0.0, SKILL.md references npm v2.4.1). Homepage/source are missing. These inconsistencies mean the skill may not do what it claims.
Instruction Scope
SKILL.md instructs installing an external npm package and shows code that expects a privateKey variable (agent-held secret) and performs payments, swaps and bridging to arbitrary endpoints/chains. There are no concrete safeguards, no declared storage or approval workflow, and no instructions for enforcing per-tx/day budgets even though the top-level description emphasizes them. The instructions therefore give broad discretion to sign and send value without specified guardrails.
Install Mechanism
This is an instruction-only skill (no install spec or code bundled), which is lower static risk, but the SKILL.md explicitly directs 'npm install agentwallet-sdk' — instructing the agent to fetch and run external code at runtime. npm is a well-known host, but the package version in the document differs from other metadata and no source/homepage repository is provided, increasing uncertainty about what will be installed.
Credentials
The skill requests no environment variables or primary credential, yet its example usage requires a private key and blockchain RPC/API access (for payments, bridging, swaps). A wallet SDK that signs transactions typically requires secrets and provider endpoints; their absence from the declared requirements is disproportionate and unexplained. That gap increases the risk of ad-hoc secret handling or insecure prompts at runtime.
Persistence & Privilege
The skill does not request 'always: true' and does not claim to modify other skills or system-wide settings. Autonomous invocation is enabled (platform default), which is expected for an operational SDK, but this combined with the other concerns increases operational risk; by itself the persistence/privilege model is acceptable.
如何使用
  1. 确保已安装 OpenClaw(本地或 Docker 部署)
  2. 在对话框中输入安装命令:/install agentwallet-sdk
  3. 安装完成后,直接呼叫该 Skill 的名称或使用 /agentwallet-sdk 触发
  4. 根据 Skill 的参数说明提供必要输入,即可获得结构化输出
版本历史
v1.1.0
- Major update: switched focus from on-chain spend limits to a full-featured, non-custodial wallet SDK for AI agents. - Added support for x402 payments, CCTP V2 cross-chain bridge transfers, Uniswap V3 swaps, and ERC-8004 agent identity. - Replaced previous architecture and usage docs with new modular examples (Wallet, Payment, Bridge, Swap, Identity). - Integration instructions now included for Mastra AI framework and ClawPay MCP. - Removed documentation files related to audits, known issues, deployments, and prior skill versions for brevity. - Security and installation sections updated to match new SDK scope.
v1.0.2
Docs-only package: removed SDK source code from skill (install via npm instead). Reduces scanner false positives.
v1.0.1
Security: removed example files with private key references from skill package, declared env requirements in metadata, updated npm package name
v1.0.0
Initial release: Secure smart contract wallet for AI agents with spend limits, operator permissions, and HITL approval on Base.
元数据
Slug agentwallet-sdk
版本 1.1.0
许可证
累计安装 2
当前安装数 2
历史版本数 4
常见问题

Agentwallet Sdk 是什么?

Manage on-chain spend limits for AI agents with ERC-6551 wallets, enforcing per-tx and daily token budgets, scoped operator access, and approval queues on Base. 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件,目前累计下载 565 次。

如何安装 Agentwallet Sdk?

在 OpenClaw 或 Claude Code 对话框中运行命令「/install agentwallet-sdk」即可一键安装,无需额外配置。

Agentwallet Sdk 是免费的吗?

是的,Agentwallet Sdk 完全免费(开源免费),可自由下载、安装和使用。

Agentwallet Sdk 支持哪些平台?

Agentwallet Sdk 跨平台运行,可在任意部署了 OpenClaw / Claude Code 的环境中使用(cross-platform)。

谁开发了 Agentwallet Sdk?

由 up2itnow(@up2itnow)开发并维护,当前版本 v1.1.0。

推荐 Skills
self-improving agent
Captures learnings, errors, and corrections to enable continuous improvement. Use when: (1) A command or operation fails unexpectedly, (2) User corrects Clau...
⬇ 463283 · by pskoett
Skill Vetter
Security-first skill vetting for AI agents. Use before installing any skill from ClawdHub, GitHub, or other sources. Checks for red flags, permission scope, and suspicious patterns.
⬇ 259410 · by spclaudehome
Polymarket
Query Polymarket prediction markets. Check odds, find trending markets, search events, track price movements.
⬇ 232503 · by joelchance
Self-Improving + Proactive Agent
Self-reflection + Self-criticism + Self-learning + Self-organizing memory. Agent evaluates its own work, catches mistakes, and improves permanently. Use when...
⬇ 200423 · by ivangdavila
Github
Interact with GitHub using the `gh` CLI. Use `gh issue`, `gh pr`, `gh run`, and `gh api` for issues, PRs, CI runs, and advanced queries.
⬇ 191113 · by steipete
ontology
Typed knowledge graph for structured agent memory and composable skills. Use when creating/querying entities (Person, Project, Task, Event, Document), linkin...
⬇ 190156 · by oswalpalash

💬 留言讨论