← 返回 Skills 市场
1879
总下载
0
收藏
7
当前安装
1
版本数
在 OpenClaw 中安装
/install clawdwallet
功能描述
Install and control ClawdWallet - a multi-chain Web3 wallet Chrome extension controlled by Clawdbot agents. Use when setting up agent-controlled wallet, connecting to dApps, signing transactions, or managing crypto across 20+ chains (EVM, Bitcoin, Solana, Cosmos). Powered by ShapeShift hdwallet.
使用说明 (SKILL.md)
ClawdWallet
Multi-chain wallet extension your agent controls via WebSocket.
Quick Install
# Clone and build
git clone https://github.com/NeOMakinG/clawdwallet.git
cd clawdwallet
npm install
npm run build
# Or use pre-built dist/ folder directly
Load in Chrome
chrome://extensions→ Enable Developer mode- Load unpacked → select
dist/folder - Click extension icon → set WebSocket URL (default:
ws://localhost:3033/clawdwallet)
Clawdbot Gateway Config
Add to your gateway config:
extensions:
clawdwallet:
enabled: true
Agent Commands
Initialize with existing seed
{"type": "init_wallet", "mnemonic": "your twenty four words..."}
Generate new wallet
{"type": "generate_wallet"}
Returns addresses for all supported chains.
Approve dApp request
{"type": "sign_and_respond", "requestId": "uuid"}
Reject request
{"type": "reject_request", "requestId": "uuid", "reason": "Looks suspicious"}
Check status
{"type": "get_status"}
Incoming Requests
When dApp requests signature, you receive:
{
"type": "wallet_request",
"id": "uuid",
"chain": "ethereum",
"method": "eth_sendTransaction",
"params": [{"to": "0x...", "value": "0x..."}],
"origin": "https://app.uniswap.org"
}
Review and approve/reject based on context.
Supported Chains
| Family | Chains |
|---|---|
| EVM | Ethereum, Polygon, Optimism, Arbitrum, Base, Avalanche, Gnosis, BSC |
| UTXO | Bitcoin, Litecoin, Dogecoin, Bitcoin Cash |
| Cosmos | Cosmos Hub, Osmosis, THORChain, Mayachain |
| Other | Solana, TON, Near, Sui, Tron |
Security Notes
- Only use with trusted agents
- Consider dedicated wallet for agent operations
- Never expose mnemonic or WebSocket URL publicly
安全使用建议
This skill does what it claims (agent-controlled wallet) but carries notable risks. Before installing or using it: (1) Do NOT transmit your mnemonic to any agent unless you fully trust and have audited the code. (2) Review the GitHub repository and its dependency tree; verify commit authorship and use pinned release tags or cryptographic signatures rather than cloning master. (3) Prefer secure channels: run a locally isolated instance, require TLS/auth for the WebSocket (wss + auth tokens), and restrict access to localhost only. (4) Consider using a dedicated, funded wallet with minimal funds or hardware wallet integrations instead of exposing high-value mnemonics. (5) If you lack the ability to audit the repo and dependencies, avoid running npm install/build from an untrusted source. These mitigations will reduce supply-chain and secret-exfiltration risk.
功能分析
Type: OpenClaw Skill
Name: clawdwallet
Version: 0.1.0
The skill instructs the agent to `git clone` and `npm install` an external GitHub repository (`https://github.com/NeOMakinG/clawdwallet.git`) in `SKILL.md`. This introduces a significant supply chain risk, as the agent is directed to download and execute arbitrary code from a third-party source. While the stated purpose is to control a Web3 wallet, which inherently involves high-risk capabilities like handling mnemonics and signing transactions, the reliance on external code without direct control over its content makes the skill suspicious due to the potential for compromise.
能力评估
Purpose & Capability
Name/description (agent-controlled Web3 wallet extension) match the SKILL.md: it documents loading a Chrome extension, a WebSocket control channel, JSON commands for initializing/generating wallets and signing requests, and supported chains. Required capabilities align with the declared purpose.
Instruction Scope
Instructions explicitly direct users/agents to provide raw mnemonics via JSON messages and to accept and act on dApp signature requests. There is no guidance or enforcement of secure key handling (no authenticated or encrypted channel, no mnemonic encryption, no replay/authorization controls). The SKILL.md also instructs cloning and building an external repo and loading a browser extension—actions that expand scope to downloading and executing third-party code and handling sensitive secrets.
Install Mechanism
Although the skill bundle itself contains no install spec, the runtime instructions tell operators to git clone https://github.com/NeOMakinG/clawdwallet.git and run npm install/build. That is a supply-chain risk: pulling and running arbitrary code from an external repo (unknown ownership) and running npm install (which can fetch many third-party packages) is high-risk unless the repo and dependencies are audited and signatures verified.
Credentials
The skill declares no environment variables or credentials, yet its operation requires handling highly sensitive secrets (wallet mnemonic) and a control WebSocket URL. The instructions expect the mnemonic to be sent to the agent/extension, which is a disproportionate exposure of secrets that is not justified or mitigated in the doc (no use of hardware wallets, secure enclaves, wss with auth, or ephemeral key wrapping).
Persistence & Privilege
always is false and there are no install-time changes declared in the skill bundle. However, the SKILL.md asks operators to modify a gateway config to enable the extension and to run and host a WebSocket endpoint locally. That is normal for extension integration but increases attack surface (service running locally that accepts control commands).
如何使用
- 确保已安装 OpenClaw(本地或 Docker 部署)
- 在对话框中输入安装命令:
/install clawdwallet - 安装完成后,直接呼叫该 Skill 的名称或使用
/clawdwallet触发 - 根据 Skill 的参数说明提供必要输入,即可获得结构化输出
版本历史
v0.1.0
- Initial release of ClawdWallet skill (v0.1.0).
- Enables agent-controlled multi-chain Web3 wallet via Chrome extension and WebSocket.
- Supports wallet setup, dApp connections, transaction signing, and multi-chain crypto management (20+ chains including EVM, Bitcoin, Solana, Cosmos).
- Agent commands documented for wallet initialization, signing, and request handling.
- Security recommendations included in documentation.
元数据
常见问题
Clawdwallet 是什么?
Install and control ClawdWallet - a multi-chain Web3 wallet Chrome extension controlled by Clawdbot agents. Use when setting up agent-controlled wallet, connecting to dApps, signing transactions, or managing crypto across 20+ chains (EVM, Bitcoin, Solana, Cosmos). Powered by ShapeShift hdwallet. 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件,目前累计下载 1879 次。
如何安装 Clawdwallet?
在 OpenClaw 或 Claude Code 对话框中运行命令「/install clawdwallet」即可一键安装,无需额外配置。
Clawdwallet 是免费的吗?
是的,Clawdwallet 完全免费(开源免费),可自由下载、安装和使用。
Clawdwallet 支持哪些平台?
Clawdwallet 跨平台运行,可在任意部署了 OpenClaw / Claude Code 的环境中使用(cross-platform)。
谁开发了 Clawdwallet?
由 NeOMakinG(@neomaking)开发并维护,当前版本 v0.1.0。
推荐 Skills