← 返回 Skills 市场
Base Wallet
作者
Ju Chun Ko
· GitHub ↗
· v1.5.0
2314
总下载
3
收藏
9
当前安装
6
版本数
在 OpenClaw 中安装
/install base-wallet
功能描述
🔐 Base Wallet - Crypto Identity for AI Agents. Create wallets, sign messages (SIWE), send transactions programmatically. No browser extensions, no human intervention. The foundation for autonomous Web3 agents.
使用说明 (SKILL.md)
🔐 Base Wallet - Crypto Identity for AI Agents
Every autonomous agent needs a wallet. Create one without human help.
TL;DR: Programmatic wallet creation on Base/Ethereum. SIWE auth, balance checks, transactions.
Why Base Wallet?
- True autonomy — Your agent creates and controls its own wallet
- No browser needed — Pure CLI, no extensions or popups
- SIWE ready — Sign-In with Ethereum for Web3 services
- Secure by default — Environment variables, no plaintext keys
Create and manage Base chain (Ethereum-compatible) wallets programmatically.
⚠️ Security First
| ✅ DO | ❌ DON'T |
|---|---|
| Use environment variables for private keys | Store private keys in plain text files |
| Set wallet files to chmod 600 | Commit wallet files to git |
Use --env mode (recommended) |
Use console.log(privateKey) |
| Back up mnemonics offline | Share private keys or mnemonics |
Quick Start
Create a New Wallet (Recommended)
# Output as environment variable format (safest)
node scripts/create-wallet.js --env
# Output example:
# export WALLET_ADDRESS="0x..."
# export PRIVATE_KEY="0x..."
Then copy to your shell or .env file.
Create with File Storage (Opt-in)
# Only if you need file-based storage
node scripts/create-wallet.js --managed my-agent
⚠️ This stores private key in ~/.openclaw/wallets/my-agent.json
Usage Examples
Load Wallet from Environment
const { ethers } = require('ethers');
// ✅ SECURE: Load from environment variable
const wallet = new ethers.Wallet(process.env.PRIVATE_KEY);
console.log('Address:', wallet.address);
// ❌ NEVER: console.log('Private Key:', wallet.privateKey);
Load from Mnemonic
const wallet = ethers.Wallet.fromPhrase(process.env.MNEMONIC);
Check Balance
const provider = new ethers.JsonRpcProvider('https://mainnet.base.org');
const balance = await provider.getBalance(wallet.address);
console.log('Balance:', ethers.formatEther(balance), 'ETH');
Sign Message (SIWE)
const message = `example.com wants you to sign in with your Ethereum account:
${wallet.address}
Sign in message
URI: https://example.com
Version: 1
Chain ID: 8453
Nonce: ${nonce}
Issued At: ${new Date().toISOString()}`;
const signature = await wallet.signMessage(message);
Send Transaction
const provider = new ethers.JsonRpcProvider('https://mainnet.base.org');
const connectedWallet = wallet.connect(provider);
const tx = await connectedWallet.sendTransaction({
to: recipientAddress,
value: ethers.parseEther('0.001')
});
const receipt = await tx.wait();
console.log('TX Hash:', tx.hash);
Scripts
| Script | Description |
|---|---|
create-wallet.js --env |
Create wallet, output as env vars (recommended) |
create-wallet.js --managed [name] |
Create wallet, save to file (opt-in) |
create-wallet.js --json |
Create wallet, output as JSON |
basemail-register.js [name] |
Register for BaseMail email |
check-balance.js [address] |
Check wallet balance |
BaseMail Integration
Register for a @basemail.ai email using your wallet signature.
# If using environment variable:
PRIVATE_KEY="0x..." node scripts/basemail-register.js
# If using managed wallet:
node scripts/basemail-register.js my-agent
Network Configuration
| Network | Chain ID | RPC URL |
|---|---|---|
| Base Mainnet | 8453 | https://mainnet.base.org |
| Base Sepolia | 84532 | https://sepolia.base.org |
📝 Audit Logging
Operations are logged to ~/.base-wallet/audit.log.
Secure Storage Pattern
// ✅ Recommended: Use environment variables
const privateKey = process.env.PRIVATE_KEY;
if (!privateKey) {
throw new Error('PRIVATE_KEY environment variable not set');
}
const wallet = new ethers.Wallet(privateKey);
// ❌ Avoid: Storing private keys in code or files
If you must store to file (not recommended):
const fs = require('fs');
const path = require('path');
// Store with restricted permissions
const filepath = path.join(process.env.HOME, '.openclaw', 'wallets', 'wallet.json');
fs.writeFileSync(filepath, JSON.stringify({
address: wallet.address,
// Only store if absolutely necessary
privateKey: wallet.privateKey
}), { mode: 0o600 }); // Owner read/write only
.gitignore
Add to your project's .gitignore:
# Wallet files - NEVER commit!
.openclaw/
*.wallet.json
*.mnemonic
private-key*
Dependencies
npm install ethers
Changelog
v1.1.0 (2026-02-08)
- 🔐 Security: Changed create-wallet.js to opt-in file storage
- ✨ Added --env mode (recommended)
- 📝 Added audit logging
- ⚠️ Removed console.log(privateKey) from examples
- 📄 Enhanced security documentation
v1.0.0
- 🎉 Initial release
安全使用建议
This skill appears to do what it says: create wallets, sign SIWE messages, check balances, and register with BaseMail. Before installing: 1) inspect and run in a safe environment (container or isolated account); 2) run npm install (ethers) before using; 3) prefer the --env mode (set PRIVATE_KEY only in your process env) and avoid using --managed unless you accept storing keys on disk; 4) note the skill will create files in ~/.openclaw/wallets and ~/.base-wallet/audit.log — protect or delete them as needed and add wallet files to .gitignore; 5) verify you trust https://api.basemail.ai before handing it a signing wallet; 6) if you will let an autonomous agent use this skill, be aware it can create and use keys programmatically — limit autonomy if you don't want an agent transacting on-chain.
功能分析
Type: OpenClaw Skill
Name: base-wallet
Version: 1.5.0
This skill bundle is designed for programmatic management of Base/Ethereum wallets by AI agents. While handling cryptographic private keys is inherently high-risk, the skill demonstrates strong security practices: it primarily recommends using environment variables for private keys, requires explicit opt-in and user confirmation for file-based storage, and sets strict file permissions (0o600) for any stored wallet data in `scripts/create-wallet.js` and `scripts/basemail-register.js`. The `SKILL.md` documentation is transparent about security risks and provides clear warnings and best practices. All network calls are to documented endpoints (`https://api.basemail.ai`, `https://mainnet.base.org`) for the stated purpose of wallet operations and email registration. No evidence of prompt injection, unauthorized data exfiltration, or malicious execution was found.
能力评估
Purpose & Capability
Name/description (Base wallet, SIWE, transactions) match the included scripts and documentation. The three scripts implement wallet creation, balance checks, and BaseMail registration against api.basemail.ai — all coherent with the declared purpose.
Instruction Scope
Runtime instructions and scripts operate within expected scope: creating wallets, optionally storing managed wallet files (~/.openclaw/wallets), logging to ~/.base-wallet/audit.log, checking balances via RPC, and calling BaseMail endpoints. Minor scope notes: the SKILL.md strongly recommends using environment variables (PRIVATE_KEY, MNEMONIC, WALLET_DIR) and also documents an opt-in file storage mode; these behaviors are explicit in the scripts (no unexpected file or system scanning).
Install Mechanism
There is no automated install spec (instruction-only install), which is lowest risk. package.json lists an ethers dependency and SKILL.md tells the user to npm install ethers; the skill will fail unless dependencies are installed. No remote downloads or obscure URLs are used.
Credentials
The scripts use PRIVATE_KEY, MNEMONIC, and optional WALLET_DIR — all directly relevant to wallet management. However, the registry metadata declared no required env vars while the runtime explicitly reads these environment variables; this metadata omission is a minor inconsistency but not malicious.
Persistence & Privilege
always:false (normal). The skill persists optional managed wallet files under ~/.openclaw/wallets and writes an audit log to ~/.base-wallet/audit.log. These are expected for this type of tool but are persistent artifacts the user should consider and protect.
如何使用
- 确保已安装 OpenClaw(本地或 Docker 部署)
- 在对话框中输入安装命令:
/install base-wallet - 安装完成后,直接呼叫该 Skill 的名称或使用
/base-wallet触发 - 根据 Skill 的参数说明提供必要输入,即可获得结构化输出
版本历史
v1.5.0
Full English documentation
v1.4.0
Better branding: title format, Why section, autonomy focus
v1.3.0
Shorter description
v1.2.0
Enhanced branding: Crypto Identity for AI Agents
v1.1.0
Security: opt-in file storage, env var preferred, removed console.log(privateKey), added audit logging
v1.0.0
Initial release: Create Base/Ethereum wallets, SIWE signing, BaseMail.ai integration
元数据
常见问题
Base Wallet 是什么?
🔐 Base Wallet - Crypto Identity for AI Agents. Create wallets, sign messages (SIWE), send transactions programmatically. No browser extensions, no human intervention. The foundation for autonomous Web3 agents. 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件,目前累计下载 2314 次。
如何安装 Base Wallet?
在 OpenClaw 或 Claude Code 对话框中运行命令「/install base-wallet」即可一键安装,无需额外配置。
Base Wallet 是免费的吗?
是的,Base Wallet 完全免费(开源免费),可自由下载、安装和使用。
Base Wallet 支持哪些平台?
Base Wallet 跨平台运行,可在任意部署了 OpenClaw / Claude Code 的环境中使用(cross-platform)。
谁开发了 Base Wallet?
由 Ju Chun Ko(@daaab)开发并维护,当前版本 v1.5.0。
推荐 Skills