← 返回 Skills 市场
983
总下载
0
收藏
5
当前安装
2
版本数
在 OpenClaw 中安装
/install authenticate-wallet
功能描述
Sign in to the wallet. Use when you or the user want to log in, sign in, connect, or set up the wallet, or when any wallet operation fails with authentication or "not signed in" errors. This skill is a prerequisite before sending, trading, or funding.
使用说明 (SKILL.md)
Authenticating with the Payments Wallet
When the wallet is not signed in (detected via npx awal status or when wallet operations fail with authentication errors), use the npx awal CLI to authenticate.
If you have access to email, you can authenticate the wallet yourself, otherwise you'll need to ask your human to give you an email address and to tell you the OTP code they receive.
Authentication Flow
Authentication uses a two-step email OTP process:
Step 1: Initiate login
npx awal@latest auth login \x3Cemail>
This sends a 6-digit verification code to the email and outputs a flowId.
Step 2: Verify OTP
npx awal@latest auth verify \x3CflowId> \x3Cotp>
Use the flowId from step 1 and the 6-digit code from the user's email to complete authentication. If you have the ability to access the user's email, you can read the OTP code, or you can ask your human for the code.
Checking Authentication Status
npx awal@latest status
Displays wallet server health and authentication status including wallet address.
Example Session
# Check current status
npx awal@latest status
# Start login (sends OTP to email)
npx awal@latest auth login [email protected]
# Output: flowId: abc123...
# After user receives code, verify
npx awal@latest auth verify abc123 123456
# Confirm authentication
npx awal@latest status
Available CLI Commands
| Command | Purpose |
|---|---|
npx awal@latest status |
Check server health and auth status |
npx awal@latest auth login \x3Cemail> |
Send OTP code to email, returns flowId |
npx awal@latest auth verify \x3CflowId> \x3Cotp> |
Complete authentication with OTP code |
npx awal@latest balance |
Get USDC wallet balance |
npx awal@latest address |
Get wallet address |
npx awal@latest show |
Open the wallet companion window |
JSON Output
All commands support --json for machine-readable output:
npx awal@latest status --json
npx awal@latest auth login [email protected] --json
npx awal@latest auth verify \x3CflowId> \x3Cotp> --json
安全使用建议
This skill is coherent in that it uses the 'awal' CLI to perform email OTP sign-in, but there are two things to consider before installing:
1) npx execution risk: The skill runs 'npx awal@latest' which downloads and executes code from the npm registry at runtime. If the package (or its dependencies) is malicious or compromised, that code runs on your agent host. Prefer establishing a vetted, pinned CLI binary or a fixed package version from a trusted publisher rather than executing '@latest'.
2) OTP/email access ambiguity: The SKILL.md suggests the agent can "access the user's email" to read OTPs. Unless you explicitly trust and permit the agent to read the mailbox, require manual entry of OTPs by the human. Do not give the agent mailbox credentials or automatic email access unless you understand and accept the privacy/exfiltration implications.
Practical steps:
- Verify the identity and reputation of the 'awal' package and its publisher on npm (or obtain an official CLI binary). Pin to a specific release instead of '@latest'.
- Restrict the agent from autonomously accessing the user's email; require the human to paste OTPs.
- Monitor and review outputs from any 'npx' runs the first few times, and consider running in an isolated environment if you must allow it.
If you cannot verify the CLI package or are unwilling to accept npx execution risk, treat this skill as unsafe to enable.
功能分析
Type: OpenClaw Skill
Name: authenticate-wallet
Version: 0.1.0
This skill bundle is benign. It provides instructions and allowed tools for authenticating a wallet using the `npx awal@latest` CLI. The `SKILL.md` clearly defines the purpose and the `allowed-tools` block strictly limits the agent's capabilities to specific `npx awal` commands. While there is a phrase 'If you have access to email, you can authenticate the wallet yourself', this is a conditional statement and does not pose a prompt injection risk as the `allowed-tools` explicitly prevent the agent from accessing email or performing any unauthorized actions beyond the wallet CLI.
能力评估
Purpose & Capability
Name/description align with the runtime instructions: the SKILL.md only instructs using the 'npx awal' CLI to perform OTP-based login, check status, and view wallet info. No unrelated credentials, binaries, or config paths are requested.
Instruction Scope
Instructions are narrowly scoped to running 'npx awal' commands (status, auth login, auth verify, balance, address, show). However the text says 'If you have the ability to access the user's email, you can read the OTP code' — that is vague and grants the agent broad discretion about email access (potential privacy/exfiltration risk). The SKILL.md does not include explicit commands to access email, but the suggestion opens scope creep.
Install Mechanism
There is no install spec, but the runtime explicitly invokes 'npx awal@latest'. npx will fetch and execute code from the npm registry at runtime; executing an unpinned '@latest' package from an unknown author can run arbitrary code on the host. This is an important runtime installation/execution risk even though no code files are bundled with the skill.
Credentials
The skill declares no environment variables, no credentials, and no config paths. The required access is proportional to the stated task (OTP-based CLI auth).
Persistence & Privilege
always:false and user-invocable:true. The skill does not request persistent system-wide privileges or to modify other skills. Autonomous invocation is allowed (disable-model-invocation:false) which is the platform default; combine this with the npx execution risk when deciding whether to allow autonomous runs.
如何使用
- 确保已安装 OpenClaw(本地或 Docker 部署)
- 在对话框中输入安装命令:
/install authenticate-wallet - 安装完成后,直接呼叫该 Skill 的名称或使用
/authenticate-wallet触发 - 根据 Skill 的参数说明提供必要输入,即可获得结构化输出
版本历史
v0.1.0
- Initial release of the "authenticate-wallet" skill.
- Allows users to sign in or connect to their wallet using an email-based OTP authentication flow.
- Introduces CLI support for checking status, initiating login, verifying OTP codes, and accessing balance and address.
- Includes detailed usage instructions and examples for all authentication steps.
- Supports JSON output for all commands.
v1.0.0
- Initial release of the authenticate-wallet skill.
- Allows users to sign in to their wallet using a two-step email OTP process via the npx awal CLI.
- Supports checking wallet authentication status and performing authentication when required for other wallet operations.
- Includes new user-invocable flows and clear instructions for handling “not signed in” authentication errors.
- Provides machine-readable JSON output for all commands.
元数据
常见问题
Authenticate Wallet 是什么?
Sign in to the wallet. Use when you or the user want to log in, sign in, connect, or set up the wallet, or when any wallet operation fails with authentication or "not signed in" errors. This skill is a prerequisite before sending, trading, or funding. 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件,目前累计下载 983 次。
如何安装 Authenticate Wallet?
在 OpenClaw 或 Claude Code 对话框中运行命令「/install authenticate-wallet」即可一键安装,无需额外配置。
Authenticate Wallet 是免费的吗?
是的,Authenticate Wallet 完全免费(开源免费),可自由下载、安装和使用。
Authenticate Wallet 支持哪些平台?
Authenticate Wallet 跨平台运行,可在任意部署了 OpenClaw / Claude Code 的环境中使用(cross-platform)。
谁开发了 Authenticate Wallet?
由 0xRAG(@0xrag)开发并维护,当前版本 v0.1.0。
推荐 Skills