← 返回 Skills 市场
beardkoda

Agent-Wallet

作者 Akinsuyi Joshua · GitHub ↗ · v1.2.4 · MIT-0
cross-platform ⚠ suspicious
170
总下载
1
收藏
0
当前安装
8
版本数
在 OpenClaw 中安装
/install ai-agent-wallet
功能描述
Single-source wallet skill for generate, import, get-balance, sign, and send flows using local wallet files plus executable Node scripts. Use when the user a...
使用说明 (SKILL.md)

Agent Wallet Skill

Changelog: CHANGELOG.md

Purpose

Use this file as the only wallet skill entrypoint for local wallet workflows.

Runtime Requirements

  • Runtime: Node.js 18+
  • Required package: viem
  • Required secret key: WALLET_SECRET_KEY (used for local secret encryption/decryption)
  • Wallet signer file: wallet/signer.json
  • Network config file: wallet/config.json

Executable Scripts

Run these scripts from agent-wallet-skills for each action:

  • generate-wallet: node scripts/generate-wallet.js --method=\x3Cprivate-key|seed-phrase> [--overwrite=true]
  • import-wallet: node scripts/import-wallet.js --seedPhrase="\x3Cwords>" [--overwrite=true] or --privateKey=0x...
  • get-balance: node scripts/get-balance.js --address=0x... [--tokenAddress=0x...] [--decimals=18] [--symbol=TOKEN]
  • sign-messages: node scripts/sign-messages.js --message="hello from wallet"
  • send (native): node scripts/send.js --to=0x... --amount=\x3Cnative-amount> --confirm=true [--confirmMainnet=true]
  • send (token): node scripts/send.js --to=0x... --amount=\x3Ctoken-amount> --tokenAddress=0x... [--decimals=18] [--symbol=TOKEN] --confirm=true [--confirmMainnet=true]

Notes:

  • Wallet material is stored in wallet/signer.json as encrypted fields only.
  • Default network is loaded from wallet/config.json with shape [{ rpc_url, chain_id, current }].
  • send.js requires explicit --confirm=true.
  • Mainnet broadcasts require an additional --confirmMainnet=true.

Routing Logic

  1. Identify user intent:
    • create/recover/import wallet -> generate-wallet or import-wallet
    • check native/token balance -> get-balance
    • sign arbitrary payload/message -> sign-messages
    • transfer/broadcast transaction -> send
  2. Precheck wallet/config.json for read/write chain operations (get-balance, send, and any network-aware generation flow):
    • require array format [{ rpc_url, chain_id, current }]
    • require exactly one entry with current: true
    • require non-empty rpc_url and chain_id on the current entry
    • if invalid, stop and ask user to set defaults first
  3. Execute the script mapped to the action:
    • generate-wallet -> node scripts/generate-wallet.js --method=\x3Cprivate-key|seed-phrase>
    • import-wallet -> node scripts/import-wallet.js --seedPhrase="\x3Cwords>" or --privateKey=0x...
    • get-balance -> node scripts/get-balance.js --address=0x... [--tokenAddress=0x...]
    • sign-messages -> node scripts/sign-messages.js --message="hello from wallet"
    • send (native) -> node scripts/send.js --to=0x... --amount=\x3Cnative-amount> --confirm=true [--confirmMainnet=true]
    • send (token) -> node scripts/send.js --to=0x... --amount=\x3Ctoken-amount> --tokenAddress=0x... [--decimals=18] [--symbol=TOKEN] --confirm=true [--confirmMainnet=true]
  4. If wallet/signer.json already exists and user asks to regenerate/import over it, require explicit confirmation first.
  5. If intent is unclear, ask one focused question:
    • "Do you want to generate/import a wallet, check balance, or send a transaction?"
  6. If a script fails, return the error with corrected input guidance.

Generate / Import Workflow

Inputs:

  • Seed phrase (12/24 words), or private key (0x prefixed or raw hex), or generation request
  • Optional --overwrite=true when replacing existing wallet/signer.json

Rules:

  • Default generation method is private-key unless user requests mnemonic.
  • Do not overwrite existing signer file unless user requested it and confirmed.
  • Validate private key as 64 hex chars (after optional 0x removal).
  • Validate seed phrase word count and normalize whitespace.
  • Derive address before persisting.
  • Encrypt signer secrets before writing to disk.
  • Never print full seed phrase/private key in normal responses.

Expected wallet/signer.json structure:

{
  "method": "seed_phrase",
  "address": "0x...",
  "encryptedSeedPhrase": "\x3Cencrypted-secret>",
  "encryptedPrivateKey": null,
  "createdAt": "2026-04-13T00:00:00.000Z",
  "updatedAt": "2026-04-13T00:00:00.000Z"
}

Balance Workflow

Inputs:

  • --address (required)
  • --tokenAddress (optional for ERC-20 mode)
  • optional --decimals and --symbol

Rules:

  • Always validate address and tokenAddress (when provided).
  • Always require a valid current network in wallet/config.json.
  • Native mode: query getBalance and return raw + formatted values.
  • Token mode: query balanceOf; read decimals/symbol when possible, otherwise fall back to defaults.

Send Workflow

Inputs:

  • --to recipient (required)
  • --amount amount to transfer (required)
  • --tokenAddress (optional for ERC-20 mode)
  • optional --decimals and --symbol (token mode only)
  • --confirm=true (required to broadcast)
  • --confirmMainnet=true (required on mainnet chain IDs)

Rules:

  • Load signer from wallet/signer.json (seed_phrase or private_key).
  • Decrypt signer material with WALLET_SECRET_KEY before deriving account.
  • Require valid current network in wallet/config.json.
  • Validate recipient address, tokenAddress (when provided), and positive amount.
  • Native mode: precheck native balance and send via value transfer.
  • Token mode: resolve token decimals/symbol, precheck balanceOf, then call ERC-20 transfer.
  • Require explicit broadcast confirmation; require double confirmation for mainnet (--confirmMainnet=true).
  • Return tx hash on success, and include transfer mode (native or token).

Sign Workflow

Inputs:

  • --message (required)

Rules:

  • Load signer from wallet/signer.json (seed_phrase or private_key).
  • Decrypt signer material with WALLET_SECRET_KEY before deriving account.
  • Require non-empty message content.
  • Return deterministic signature and signer address; do not broadcast or require chain config.

Shared Safety Rules

  • Never expose full seed phrases/private keys in chat, logs, or summaries.
  • Never store plaintext signer secrets in wallet/signer.json.
  • Keep wallet files local (wallet/signer.json, wallet/config.json).
  • Default to non-broadcast/read-only behavior unless user explicitly asks to send.
  • If chain is unspecified, prefer a testnet and state the selection.
  • On failure, return actionable correction steps and do not continue automatically.

Failure Handling

  • Invalid mnemonic/private key -> stop and request corrected input.
  • Missing/invalid wallet/signer.json -> request generate/import first.
  • Missing/invalid wallet/config.json -> request default network setup first.
  • Multiple or zero current: true entries -> stop and request normalization.
  • Insufficient balance for transfer -> return required vs available values.
  • RPC timeout/network errors -> retry once, then ask for alternate RPC.

Completion Requirements

Before finishing:

  • confirm action executed (generate, import, balance, send)
  • confirm secret material was not exposed in plain text
  • confirm chain and wallet address used (when applicable)
  • provide one next action (backup, verify balance, or track transaction)

Standard Response Contract

Return this structure across all actions:

  • action: generate | import | balance | sign | send
  • chain: chain id/name used, or none for offline-only generation/import
  • address: active wallet or queried address
  • txHash: transaction hash when available, else null
  • status: success | failed | needs_confirmation
  • next_step: one clear follow-up action
安全使用建议
This skill appears to be a legitimate local wallet tool, but there are a few things to check before installing or using it: - Confirm the WALLET_SECRET_KEY requirement: SKILL.md and the code require WALLET_SECRET_KEY (used to encrypt/decrypt wallet material). The registry metadata showing no required env var is contradictory — ask the publisher to fix the metadata or document why it's missing. - Ensure your environment has Node 18+ and the 'viem' dependency installed; the skill provides scripts but no install instructions for dependencies. Run in an isolated environment if you can. - Protect WALLET_SECRET_KEY: treat it as a high-value secret (store in a secure vault/OS keychain) because possession allows decrypting local signer files and signing/sending transactions. - Review wallet/config.json RPC URLs before use. RPC endpoints are necessary but can be malicious or log requests — use trusted RPCs and test on a non‑mainnet chain first. - Backup wallet/signer.json and test generate/import/get-balance flows on testnets before broadcasting any mainnet transaction. The skill enforces confirmations, but human verification is still recommended. If the author can correct the registry metadata and add installation guidance for dependencies, that will remove the main inconsistencies flagged here.
功能分析
Type: OpenClaw Skill Name: ai-agent-wallet Version: 1.2.4 This skill bundle provides a comprehensive and well-structured set of tools for local cryptocurrency wallet management, including key generation, importing, balance checking, and transaction signing. It demonstrates strong security hygiene by enforcing encryption of sensitive material (seed phrases and private keys) using AES-256-GCM in `scripts/secret-crypto.js`, requiring multi-step confirmations for mainnet transactions in `scripts/send.js`, and explicitly forbidding the logging or display of plaintext secrets in `SKILL.md`. The implementation uses the reputable `viem` library and lacks any indicators of data exfiltration, unauthorized remote execution, or malicious prompt injection.
能力标签
cryptorequires-walletcan-sign-transactionsrequires-sensitive-credentials
能力评估
Purpose & Capability
Name/description (local wallet: generate/import/balance/sign/send) match the scripts and file-based workflows. WALLET_SECRET_KEY is logically required for encrypting/decrypting local signer material.
Instruction Scope
SKILL.md is explicit about actions, file paths (wallet/signer.json, wallet/config.json), confirmation gates (overwrite, mainnet double confirmation), and avoids printing raw secrets. The runtime instructions limit activity to wallet generation, signing, balance checks, and sending via configured RPCs.
Install Mechanism
No install spec is provided even though SKILL.md declares a runtime dependency on Node >=18 and the 'viem' package. The bundle includes Node scripts but provides no guidance to ensure 'viem' is installed — this is an operational gap (not necessarily malicious) that can cause failures or unexpected behavior if the runtime differs from the developer's environment.
Credentials
The scripts legitimately require WALLET_SECRET_KEY (used by secret-crypto.js to derive the AES key). However, the registry metadata supplied earlier lists 'Required env vars: none' while the SKILL.md frontmatter and code require WALLET_SECRET_KEY — an inconsistency that should be resolved before trusting the skill.
Persistence & Privilege
The skill does not request elevated privileges or permanent always: true presence. It reads/writes only its own wallet files under 'wallet/'. It does rely on the agent being able to run the included Node scripts (normal for a code-backed skill).
如何使用
  1. 确保已安装 OpenClaw(本地或 Docker 部署)
  2. 在对话框中输入安装命令:/install ai-agent-wallet
  3. 安装完成后,直接呼叫该 Skill 的名称或使用 /ai-agent-wallet 触发
  4. 根据 Skill 的参数说明提供必要输入,即可获得结构化输出
版本历史
v1.2.4
**Changelog for version 1.2.4:** - Security update: `reads_env_secrets` is now set to `true` (was `false`). - Send action scripts now require `--confirmMainnet=true` for mainnet broadcasts; instructions updated to reflect this. - Minor documentation adjustments on confirmation requirements for mainnet transfers.
v1.2.3
- Added message signing functionality with the new sign-messages script. - Updated routing logic and workflows to include support for signing arbitrary messages. - SKILL.md improved with details for the new sign action, including required inputs and response structure. - Version bump to 1.2.3.
v1.2.1
**Summary:** This version introduces local encryption of wallet secrets and updates environment/config requirements. - Adds secret encryption/decryption logic with new script (`scripts/secret-crypto.js`) - Requires `WALLET_SECRET_KEY` environment variable for local encryption - Wallet signer data is now stored encrypted in `wallet/signer.json`; no more plaintext seed or private key - Updates references from "siger.json" to "signer.json" throughout - Enhances security by never exposing or storing secrets in plain text - Updates documentation to reflect encrypted fields and new requirements
v1.2.0
**Switched to a single, script-driven wallet skill with improved safety and flow.** - Consolidated skill to use executable Node scripts for all wallet actions (generate, import, balance, send) with no subskills. - Removed references to environment variable-based wallet secrets; now uses local `wallet/siger.json` and `wallet/config.json`. - Added new scripts: `generate-wallet.js`, `import-wallet.js`, `get-balance.js`, and `send.js`. - Updated safety and confirmation rules: explicit confirmation required before overwriting or broadcasting, especially on mainnet. - Improved error handling and input validation; failures return clear guidance for correction. - Standardized response contract and next-action recommendations across all workflows.
v1.1.3
- No visible file changes detected in this release. - Version number updated to 1.1.3. - No functional or documentation changes noted.
v1.1.2
- No code or documentation changes detected in this version. - Version bump from 1.1.1 to 1.1.2 with no modifications to functionality or files.
v1.1.1
- Added CHANGELOG.md to the project. - Updated SKILL.md with version, dependency, runtime, environment variables, and detailed security/confirmation requirements. - Clarified the use of required and optional environment variables. - Added a "Changelog: CHANGELOG.md" reference to the documentation. - Enhanced security policy details, including double confirmation for mainnet broadcasts.
v1.0.2
- Added detailed SKILL.md documentation for agent-wallet setup and routing logic. - Clarified input requirements, secret handling, and runtime dependencies. - Outlined explicit routing logic between wallet generation, import, balance checking, and transaction sending. - Documented safety rules for secret management and user confirmations. - Standardized response structure across wallet-related skills.
元数据
Slug ai-agent-wallet
版本 1.2.4
许可证 MIT-0
累计安装 0
当前安装数 0
历史版本数 8
常见问题

Agent-Wallet 是什么?

Single-source wallet skill for generate, import, get-balance, sign, and send flows using local wallet files plus executable Node scripts. Use when the user a... 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件,目前累计下载 170 次。

如何安装 Agent-Wallet?

在 OpenClaw 或 Claude Code 对话框中运行命令「/install ai-agent-wallet」即可一键安装,无需额外配置。

Agent-Wallet 是免费的吗?

是的,Agent-Wallet 完全免费,采用 MIT-0 许可证,可自由下载、安装和使用。

Agent-Wallet 支持哪些平台?

Agent-Wallet 跨平台运行,可在任意部署了 OpenClaw / Claude Code 的环境中使用(cross-platform)。

谁开发了 Agent-Wallet?

由 Akinsuyi Joshua(@beardkoda)开发并维护,当前版本 v1.2.4。

推荐 Skills
self-improving agent
Captures learnings, errors, and corrections to enable continuous improvement. Use when: (1) A command or operation fails unexpectedly, (2) User corrects Clau...
⬇ 463283 · by pskoett
Skill Vetter
Security-first skill vetting for AI agents. Use before installing any skill from ClawdHub, GitHub, or other sources. Checks for red flags, permission scope, and suspicious patterns.
⬇ 259410 · by spclaudehome
Polymarket
Query Polymarket prediction markets. Check odds, find trending markets, search events, track price movements.
⬇ 232503 · by joelchance
Self-Improving + Proactive Agent
Self-reflection + Self-criticism + Self-learning + Self-organizing memory. Agent evaluates its own work, catches mistakes, and improves permanently. Use when...
⬇ 200423 · by ivangdavila
Github
Interact with GitHub using the `gh` CLI. Use `gh issue`, `gh pr`, `gh run`, and `gh api` for issues, PRs, CI runs, and advanced queries.
⬇ 191115 · by steipete
ontology
Typed knowledge graph for structured agent memory and composable skills. Use when creating/querying entities (Person, Project, Task, Event, Document), linkin...
⬇ 190156 · by oswalpalash

💬 留言讨论