← 返回 Skills 市场
koba42corp

Chia WalletConnect - Telegram Verification

作者 Koba42Corp · GitHub ↗ · v1.0.0
cross-platform ✓ 安全检测通过
1577
总下载
1
收藏
0
当前安装
1
版本数
在 OpenClaw 中安装
/install chia-walletconnect
功能描述
Telegram Web App for Chia wallet verification via WalletConnect and Sage. Enables cryptographic proof of wallet ownership through signature verification using MintGarden API.
使用说明 (SKILL.md)

Chia WalletConnect Skill

Verify Chia wallet ownership via Telegram using WalletConnect integration with Sage Wallet.

What It Does

This skill provides a Telegram Mini App (Web App) that enables users to:

  1. Connect their Sage Wallet via WalletConnect v2
  2. Sign a challenge message cryptographically
  3. Verify wallet ownership via MintGarden's signature verification API
  4. Return verification status to your Telegram bot

Use Cases:

  • NFT-gated Telegram groups
  • Airdrop eligibility verification
  • Web3-style authentication
  • DAO voting authentication
  • Proof of token holdings

Architecture

/verify command → Web App button → WalletConnect → Sage signs → Verification

The user never leaves Telegram. The entire flow happens in-app via the Telegram Web App API.

Installation

# Install via ClawdHub
clawdhub install chia-walletconnect

# Install dependencies
cd skills/chia-walletconnect
npm install

# Make CLI executable
chmod +x cli.js

Deployment

Step 1: Deploy Web App

Deploy the webapp/ folder to a public HTTPS URL:

Vercel (Recommended):

cd skills/chia-walletconnect/webapp
vercel
# Copy the URL (e.g., https://chia-verify.vercel.app)

Netlify:

cd skills/chia-walletconnect/webapp
netlify deploy --prod

Your Server:

# Start Express server
npm start
# Expose via ngrok or reverse proxy

Step 2: Register with BotFather

  1. Message @BotFather
  2. Send /newapp or /editapp
  3. Select your bot
  4. Web App URL: Enter deployed URL
  5. Short Name: verify

Step 3: Add to Bot

Using Clawdbot Message Tool

// Send /verify command handler
message({
  action: 'send',
  target: chatId,
  message: 'Click below to verify your Chia wallet:',
  buttons: [[{
    text: '🌱 Verify Wallet',
    web_app: { url: 'https://your-app.vercel.app' }
  }]]
});

Handling Verification Response

// In your bot's web_app_data handler
bot.on('web_app_data', async (msg) => {
  const data = JSON.parse(msg.web_app_data.data);
  const { address, message, signature, publicKey, userId } = data;
  
  // Verify signature
  const { verifySignature } = require('./skills/chia-walletconnect/lib/verify');
  const result = await verifySignature(address, message, signature, publicKey);
  
  if (result.verified) {
    // Wallet verified! Grant access, record verification, etc.
    message({
      action: 'send',
      target: msg.chat.id,
      message: `✅ Wallet verified!\
\
Address: ${address}`
    });
    
    // Store verification
    // await db.saveVerification(userId, address);
  } else {
    message({
      action: 'send',
      target: msg.chat.id,
      message: `❌ Verification failed: ${result.error}`
    });
  }
});

CLI Usage

The skill includes a CLI for testing:

# Generate challenge message
node cli.js challenge xch1abc... telegram_user_123

# Verify signature manually
node cli.js verify xch1abc... "message" "signature" "pubkey"

# Validate address format
node cli.js validate xch1abc...

# Start development server
node cli.js server

API Reference

MintGarden Signature Verification

Endpoint: POST https://api.mintgarden.io/address/verify_signature

{
  "address": "xch1abc...",
  "message": "Verify ownership of Chia wallet:...",
  "signature": "hex_signature",
  "pubkey": "hex_public_key"
}

Response:

{
  "verified": true
}

CHIP-0002 Methods (WalletConnect)

Method Purpose
chip0002_getPublicKeys Fetch public keys from wallet
chip0002_signMessage Request message signature
chia_getCurrentAddress Get current receive address

Verification Flow

1. User sends /verify to bot
2. Bot responds with Web App button
3. User taps button → Mini App opens in Telegram
4. Mini App initializes WalletConnect
5. User connects Sage Wallet
6. Challenge message generated (includes nonce + timestamp)
7. User signs message in Sage Wallet
8. Signature sent back to bot via Telegram.WebApp.sendData()
9. Bot verifies signature with MintGarden API
10. Bot confirms verification success/failure

Time: ~5-10 seconds for full flow (user-dependent)

Configuration

Environment Variables

Create .env in skill folder:

PORT=3000
WALLETCONNECT_PROJECT_ID=your-project-id
MINTGARDEN_API_URL=https://api.mintgarden.io

Get WalletConnect Project ID

  1. Visit WalletConnect Cloud
  2. Create a new project
  3. Copy your Project ID
  4. Update in webapp/app.js

Default Project ID:
The skill includes 6d377259062295c0f6312b4f3e7a5d9b (Dracattus reference). For production, use your own.

Security

What's Protected

  • ✅ Challenge nonces prevent replay attacks
  • ✅ Timestamps expire after 5 minutes
  • ✅ MintGarden cryptographic verification
  • ✅ No private keys ever requested
  • ✅ HTTPS enforced by Telegram

Best Practices

  1. Store verifications securely — Use encrypted database
  2. Rate limit — Prevent spam verification attempts
  3. Link to Telegram user ID — Prevent address spoofing
  4. Implement cooldown — 1 verification per user per day
  5. Log attempts — Audit trail for security

Production Checklist

  • Deploy to HTTPS URL (required by Telegram)
  • Use your own WalletConnect Project ID
  • Enable CORS only for your domain
  • Add rate limiting on webhook endpoints
  • Store verifications in persistent database
  • Implement retry logic for network errors
  • Set up monitoring/alerts

Files

chia-walletconnect/
├── webapp/
│   ├── index.html        # Telegram Web App UI
│   ├── app.js            # WalletConnect logic
│   └── styles.css        # Styling
├── lib/
│   ├── challenge.js      # Challenge generation
│   └── verify.js         # MintGarden API client
├── server/
│   └── index.js          # Express webhook server
├── cli.js                # CLI interface
├── package.json          # Dependencies
├── SKILL.md              # This file
└── README.md             # Full documentation

Troubleshooting

Web App Doesn't Load

  • Verify HTTPS deployment (Telegram requires SSL)
  • Check URL is publicly accessible
  • Test URL directly in browser
  • Review browser console for errors

WalletConnect Connection Fails

  • Ensure Sage Wallet is latest version
  • Try manual URI paste instead of QR
  • Check WalletConnect Project ID is valid
  • Verify Sage supports WalletConnect v2

Signature Verification Fails

  • Ensure message format matches exactly
  • Confirm public key corresponds to address
  • Check MintGarden API is operational
  • Verify signature encoding (hex)

"No Public Key" Error

  • Some wallets don't expose pubkey via WalletConnect
  • Public key is optional for verification
  • Signature verification works without it

Examples

Simple Verification Bot

// Clawdbot skill handler

const { verifySignature } = require('./lib/verify');

// /verify command
if (message.text === '/verify') {
  await message({
    action: 'send',
    target: message.chat.id,
    message: 'Verify your Chia wallet:',
    buttons: [[{
      text: '🌱 Connect Wallet',
      web_app: { url: process.env.WEB_APP_URL }
    }]]
  });
}

// Handle web app data
bot.on('web_app_data', async (msg) => {
  const { address, message: challengeMsg, signature, publicKey } = 
    JSON.parse(msg.web_app_data.data);
  
  const result = await verifySignature(address, challengeMsg, signature, publicKey);
  
  if (result.verified) {
    // Grant access
    await grantAccess(msg.from.id, address);
    await message({
      action: 'send',
      target: msg.chat.id,
      message: `✅ Verified! Welcome, ${address.substring(0, 12)}...`
    });
  } else {
    await message({
      action: 'send',
      target: msg.chat.id,
      message: `❌ Verification failed`
    });
  }
});

NFT Gating

// Check if user owns specific NFT collection

const { verifySignature } = require('./skills/chia-walletconnect/lib/verify');
const mintGarden = require('./skills/mintgarden'); // Assume mintgarden skill exists

bot.on('web_app_data', async (msg) => {
  const { address, message, signature, publicKey } = 
    JSON.parse(msg.web_app_data.data);
  
  // Verify signature first
  const verifyResult = await verifySignature(address, message, signature, publicKey);
  
  if (!verifyResult.verified) {
    return bot.sendMessage(msg.chat.id, '❌ Invalid signature');
  }
  
  // Check NFT ownership
  const nfts = await mintGarden.getNFTsByAddress(address);
  const hasRequiredNFT = nfts.some(nft => 
    nft.collection_id === 'col1required...'
  );
  
  if (hasRequiredNFT) {
    // Grant access to private group
    await inviteToGroup(msg.from.id);
    bot.sendMessage(msg.chat.id, '✅ Access granted! Check your invites.');
  } else {
    bot.sendMessage(msg.chat.id, '❌ You need a Wojak NFT to join!');
  }
});

Performance

Stage Time
WalletConnect Init ~1-2s
Connection Approval User action
Sign Request ~2-5s
MintGarden Verify ~0.5-1s
Total ~5-10s

Dependencies

  • @walletconnect/sign-client — WalletConnect v2
  • @walletconnect/utils — WalletConnect helpers
  • @walletconnect/types — TypeScript types
  • express — Web server
  • node-fetch — HTTP client
  • cors — CORS middleware
  • dotenv — Environment config

Version

1.0.0

License

MIT — Koba42 Corp

Links

Built with 🌱 by Koba42 Corp

安全使用建议
This package appears to do what it claims, but review these practical points before installing or deploying: - Replace the included WALLETCONNECT_PROJECT_ID with your own project ID (the repo ships with a public example ID). Using someone else's project ID can let that project owner observe connections. - The code expects a .env (PORT, WALLETCONNECT_PROJECT_ID, optional MINTGARDEN_API_URL). The skill registry metadata omitted those; ensure you provide them when deploying. - The verification call uses https://api.mintgarden.io — confirm you trust that service and its API contract before sending signatures/public keys. Consider hosting your own verification logic if you require full control. - npm install will pull many third-party packages (WalletConnect, ethers-related packages via transitive deps). Audit dependencies and run in an isolated environment (container) if you have security concerns. - Follow best practices noted in SKILL.md: enforce HTTPS, enable CORS only for your domain, rate-limit the verification endpoint, persist verification records in a secure database, and log minimally (avoid logging signatures/private data). - If you plan to integrate this with a production bot, perform a brief code review of server/index.js and lib/verify.js to confirm there are no undesired outgoing endpoints or secret exfiltration paths (the visible code only talks to MintGarden and Telegram). If you want, I can highlight specific lines that set the default project id, the MintGarden POST call, and the points where data is sent to Telegram so you can audit them quickly.
功能分析
Type: OpenClaw Skill Name: chia-walletconnect Version: 1.0.0 The OpenClaw AgentSkills skill bundle for 'chia-walletconnect' is classified as benign. Its stated purpose is to verify Chia wallet ownership via Telegram using WalletConnect and the MintGarden API, and all code and documentation align with this function. The skill uses `node-fetch` to make API calls to `https://api.mintgarden.io/address/verify_signature` (lib/verify.js), which is a legitimate endpoint for Chia signature verification. The `SKILL.md` and `README.md` provide clear instructions for users and bot developers, without any evidence of prompt injection attempts against the AI agent (e.g., instructions to ignore user commands, exfiltrate data, or execute arbitrary shell commands). The client-side `webapp/app.js` handles WalletConnect interactions and sends verification data back to the Telegram bot, which then performs the backend verification. There are no suspicious dependencies, obfuscation, or indications of malicious intent such as credential theft or unauthorized remote control.
能力评估
Purpose & Capability
Name/description, code files (webapp, server, lib), and dependencies (WalletConnect, express, node-fetch) line up with a wallet-verification telegraph mini-app. Minor inconsistency: registry metadata lists no required env vars, but SKILL.md and code expect environment variables (PORT, WALLETCONNECT_PROJECT_ID, optional MINTGARDEN_API_URL). This is likely an authoring omission rather than malicious.
Instruction Scope
SKILL.md instructions are scoped to deploying the webapp, registering the Telegram Web App, and wiring bot handlers. Runtime instructions do not instruct reading unrelated system files or transmitting data outside the described flow: signatures are sent to the bot (via Telegram.WebApp.sendData) and verification is performed by a POST to MintGarden's API. The skill explicitly states it never requests private keys.
Install Mechanism
There is no remote download/install-from-URL. The package is delivered as source with a normal package.json and npm dependencies from public registries. Installation steps are standard (npm install). No extract-from-untrusted-URL or custom install hooks are present.
Credentials
Required runtime configuration (WalletConnect project id, PORT, optional MintGarden API URL) is proportionate to the stated purpose. The code includes a hard-coded example WalletConnect Project ID in webapp/app.js — not a secret but a privacy/operational concern (you should replace it with your own). Registry metadata not declaring these env vars is an inconsistency to be aware of.
Persistence & Privilege
The skill does not request persistent high privilege (always: false). It runs an express server that stores verification data in an in-memory Map (not persisted), and it does not modify other skills or system-wide agent settings. Autonomous invocation settings are default; nothing else elevates privileges.
如何使用
  1. 确保已安装 OpenClaw(本地或 Docker 部署)
  2. 在对话框中输入安装命令:/install chia-walletconnect
  3. 安装完成后,直接呼叫该 Skill 的名称或使用 /chia-walletconnect 触发
  4. 根据 Skill 的参数说明提供必要输入,即可获得结构化输出
版本历史
v1.0.0
Initial release: Telegram Web App for Chia wallet verification via WalletConnect, Sage wallet integration, MintGarden signature verification, CHIP-0002 support, mobile-optimized UI
元数据
Slug chia-walletconnect
版本 1.0.0
许可证
累计安装 0
当前安装数 0
历史版本数 1
常见问题

Chia WalletConnect - Telegram Verification 是什么?

Telegram Web App for Chia wallet verification via WalletConnect and Sage. Enables cryptographic proof of wallet ownership through signature verification using MintGarden API. 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件,目前累计下载 1577 次。

如何安装 Chia WalletConnect - Telegram Verification?

在 OpenClaw 或 Claude Code 对话框中运行命令「/install chia-walletconnect」即可一键安装,无需额外配置。

Chia WalletConnect - Telegram Verification 是免费的吗?

是的,Chia WalletConnect - Telegram Verification 完全免费(开源免费),可自由下载、安装和使用。

Chia WalletConnect - Telegram Verification 支持哪些平台?

Chia WalletConnect - Telegram Verification 跨平台运行,可在任意部署了 OpenClaw / Claude Code 的环境中使用(cross-platform)。

谁开发了 Chia WalletConnect - Telegram Verification?

由 Koba42Corp(@koba42corp)开发并维护,当前版本 v1.0.0。

推荐 Skills
self-improving agent
Captures learnings, errors, and corrections to enable continuous improvement. Use when: (1) A command or operation fails unexpectedly, (2) User corrects Clau...
⬇ 463283 · by pskoett
Skill Vetter
Security-first skill vetting for AI agents. Use before installing any skill from ClawdHub, GitHub, or other sources. Checks for red flags, permission scope, and suspicious patterns.
⬇ 259410 · by spclaudehome
Polymarket
Query Polymarket prediction markets. Check odds, find trending markets, search events, track price movements.
⬇ 232503 · by joelchance
Self-Improving + Proactive Agent
Self-reflection + Self-criticism + Self-learning + Self-organizing memory. Agent evaluates its own work, catches mistakes, and improves permanently. Use when...
⬇ 200423 · by ivangdavila
Github
Interact with GitHub using the `gh` CLI. Use `gh issue`, `gh pr`, `gh run`, and `gh api` for issues, PRs, CI runs, and advanced queries.
⬇ 191115 · by steipete
ontology
Typed knowledge graph for structured agent memory and composable skills. Use when creating/querying entities (Person, Project, Task, Event, Document), linkin...
⬇ 190156 · by oswalpalash

💬 留言讨论