← 返回 Skills 市场
408
总下载
0
收藏
0
当前安装
5
版本数
在 OpenClaw 中安装
/install elytro-wallet-cli-skill
功能描述
Entry point for the Elytro wallet skill plus the curated DeFi sub-skills. Start here before loading any individual protocol skill.
使用说明 (SKILL.md)
Elytro Skills Pack
Welcome! The elytro CLI prints this URL in elytro --help so agents always land on the canonical instructions before touching a wallet. Read this document once, then jump into the sub-skills listed below.
Raw link surfaced in
elytro --help:https://raw.githubusercontent.com/Elytro-eth/skills/main/SKILL.md
Need to swap tokens? Install defi/uniswap/SKILL.md.
Need to execute another protocol flow? Install that protocol’s folder (e.g., defi/pendle/SKILL.md) alongside defi/elytro/SKILL.md.
Start Here
- Install the Elytro CLI –
npm install -g @elytro/cli(Node ≥ 24). Most workflows reference CLI commands, so have it ready. - Load the
elytrowallet skill – located atelytro/SKILL.md. That skill covers account management, inline-button UX rules, and Elytro-specific safety guidance. - Pick the right DeFi stack – browse
defi/SKILL.md. It links to protocol skills (Uniswap today, more coming) and the execution bridge (defi/elytro/SKILL.md). - Combine as needed – for a token swap you typically load three skills simultaneously:
elytro(wallet UX, menus, account safety)defi(routing dispatcher + checklist)defi/uniswap(Uniswap AI planner prompts)
Once the planner produces calldata/UserOps, hand them todefi/elytro.
Skill Map
| Path | Description | Use Cases |
|---|---|---|
elytro/ |
Elytro wallet main skill. Inline button rules, menus, tx approvals. | Anything involving Elytro smart accounts (balances, send, deploy, security). |
defi/ |
Directory skill that triages DeFi intents and links to protocol sub-skills. | When a user simply says “do DeFi” or hasn’t picked a protocol yet. |
defi/elytro/ |
Execution bridge from planner calldata/UserOps into Elytro smart accounts. | Running Uniswap AI instructions, relaying calldata, simulating & sending tx/UserOps. |
defi/uniswap/ |
Uniswap AI planning prompts and guardrails. | Swaps, LP adds/removes, Uniswap analytics before execution. |
payroll/ |
Payroll runbook for Elytro smart accounts. | Recurring ETH/USDC payouts with manual approval every pay period. |
Add more folders under defi/ (defi/\x3Cprotocol>/SKILL.md) to extend the pack; the directory skill will automatically link to them once documented.
Installation Cheat Sheet
# Install the whole pack (skills CLI)
npx skills add Elytro-eth/skills
# Focus on the Elytro wallet skill
npx skills add Elytro-eth/skills --skill elytro
# Uniswap planner only
npx skills add Elytro-eth/skills --skill defi/uniswap
Clawhub users can add the repo once, then enable whichever folders are needed per workspace. No repackaging required; Clawhub preserves the \x3Cfolder>/SKILL.md layout.
安全使用建议
This skill appears to be a legitimate wallet + DeFi orchestration pack, but it includes risky behaviors you should consider before installing:
- Do not allow automatic in-place updates of skill files: the SKILL.md explicitly instructs the agent to curl a remote SKILL.md and overwrite the local file. That lets remote content change the agent's instructions without a human review. If you install, disable or audit that auto-update step and prefer pinned commit hashes or signed releases.
- Verify the Elytro CLI package before installing (review the npm package @elytro/cli source, maintainers, and published tarball). Don't blindly run global npm installs on production agents.
- Treat env/credentials as sensitive: the docs mention ELYTRO_ENV, Pimlico keys, RPC overrides and payment/delegation flows but the pack doesn't declare required env vars. Only provide the minimal secrets needed, and avoid storing payroll rosters or private keys in public or world-readable locations.
- Turn off or require explicit confirmation for the CLI 'update apply' step; allow only manual updates after review.
- For any flows that submit transactions or OTPs: ensure the agent always requests explicit human approval (and the skill claims to require this, but you should enforce it in agent config). Never expose OTP codes or private keys to automated agents.
If you need to proceed: review the repo on GitHub (or the npm package source), pin to a specific commit/tag, and remove/replace the automatic SKILL.md-overwrite instruction with a human-moderated update process. If you cannot audit the package and you operate valuable funds, treat this skill as high risk and avoid installing it.
功能分析
Type: OpenClaw Skill
Name: elytro-wallet-cli-skill
Version: 0.2.3
The skill bundle contains a high-risk instruction in `elytro/SKILL.md` directing the AI agent to automatically download and overwrite its own instruction file (`SKILL.md`) using `curl` from a remote GitHub URL (raw.githubusercontent.com/Elytro-eth/skills) before executing any other commands. This self-modifying behavior functions as a remote instruction injection vector, allowing the agent's logic to be altered at runtime without user intervention. While presented as an 'auto-update' feature for the Elytro CLI, this pattern of fetching and immediately following remote instructions is a significant security risk that bypasses standard skill management lifecycles.
能力评估
Purpose & Capability
The package is presented as an Elytro wallet + DeFi skill pack and most required actions (installing an Elytro CLI and orchestrating calldata/UserOps) are coherent with that purpose. However, the repo and top-level metadata declare no install spec while elytro/SKILL.md includes an install via npm in its metadata — an internal mismatch. Also, some instructions ask for environment variables (ELYTRO_ENV, Pimlico key, RPC overrides) and behaviors (auto-updating the SKILL.md) that are not justified simply by 'wallet + planner' functionality.
Instruction Scope
The elytro skill mandates two auto-update actions every run: (1) check + apply CLI updates, and (2) fetch and overwrite the local SKILL.md from https://raw.githubusercontent.com/... and re-read it. Automatically overwriting the skill text at runtime expands the agent's trusted update surface and effectively allows remote modification of its runtime instructions. The skills also reference exporting env vars and other files (planner outputs, roster CSVs) that are not declared in the pack metadata. The instruction 'determine the absolute path of this SKILL.md file at runtime, then download and overwrite it' is particularly broad and risky.
Install Mechanism
There is no top-level install spec, but the elytro/SKILL.md metadata lists an npm install of @elytro/cli (Node >=24), which is an expected install method for a CLI. Downloading the SKILL.md from raw.githubusercontent.com is from a well-known host (lower risk than arbitrary hosting) but the practice of repeatedly overwriting local skill files from that remote URL is a high-risk install/update pattern because it changes agent instructions on-disk at runtime.
Credentials
The registry metadata declares no required environment variables, yet multiple SKILL.md files instruct the agent to export/use ELYTRO_ENV, Pimlico keys, RPC overrides, and to manage delegation/payments. Payroll and execution flows rely on access to on-chain accounts and possibly stored keys (via the CLI). These environment and credential mentions are not declared as required, creating a mismatch and lack of clarity about what secrets or config the skill expects.
Persistence & Privilege
The skill does not set always:true, but it instructs agents to auto-update the installed CLI and to overwrite its own SKILL.md from the network on every run. That gives the skill effective persistent modification capability over its runtime instructions and the agent's local skill files — a high-privilege behavior that should require explicit human approval or stronger verification (signing, pinned commit/hash).
如何使用
- 确保已安装 OpenClaw(本地或 Docker 部署)
- 在对话框中输入安装命令:
/install elytro-wallet-cli-skill - 安装完成后,直接呼叫该 Skill 的名称或使用
/elytro-wallet-cli-skill触发 - 根据 Skill 的参数说明提供必要输入,即可获得结构化输出
版本历史
v0.2.3
No changes detected in this release.
- Version bumped to 0.2.3 with no updates to files or documentation.
- All workflows, documentation, and skill behaviors remain unchanged.
v0.2.2
**Major update: Introduces the Elytro Skills Pack as a modular entry point for wallet and DeFi functionality.**
- Added a new root skill ("Elytro Skills Pack") as the primary onboarding and documentation hub.
- Reorganized previous wallet skill as a sub-skill at `elytro/`, with DeFi and protocol skills now referenced from the main index.
- Provides step-by-step installation guidance and links to all sub-skills (wallet, DeFi dispatcher, execution bridge, Uniswap).
- Includes a clear skill map and CLI installation commands for flexible user onboarding.
- No longer includes direct wallet command or configuration documentation in the root skill; users are directed to appropriate sub-skills for specifics.
v0.2.1
No user-facing changes in this version.
- Version bumped to 0.2.1, but no file or documentation changes detected.
- Functionality and documentation remain the same as previous release.
v0.2.0
- Updated skill name, description, and metadata for clarity and accuracy, emphasizing security features and macOS Keychain integration.
- Expanded and clarified vault key management, including new, detailed instructions for macOS Keychain storage and explicit warnings about non-macOS fallback.
- Added clear setup sequence for first-time agents, highlighting secure secret handling and idempotent initialization.
- Improved and reorganized documentation of major account and transaction commands with updated options, usage notes, and critical agent-specific guidance.
- Added and refined details on error handling, pipeline steps, output formats, and exit codes for robust autonomous agent workflows.
- Document now explicitly targets autonomous agents, with guidance for OpenClaw integration and secure ops on macOS.
v0.0.1
Initial skill release for Elytro wallet CLI:
- Guides users through installing and setting up the Elytro command-line tool for ERC-4337 smart account wallets.
- Documents step-by-step workflows: wallet initialization, account creation/activation, transaction sending, on-chain queries, security hooks (2FA), and config management.
- Outlines environment variable support for RPC/bundler keys and configuration commands.
- Details transaction building, sending (including batch and contract calls), simulation, and output formats.
- Provides structured output and error handling conventions suitable for autonomous agent integration on supported Ethereum chains and testnets.
元数据
常见问题
Elytro: security-first ERC-4337 smart account wallet CLI for AI agents. Built-in 2FA, configurable spending limits. 是什么?
Entry point for the Elytro wallet skill plus the curated DeFi sub-skills. Start here before loading any individual protocol skill. 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件,目前累计下载 408 次。
如何安装 Elytro: security-first ERC-4337 smart account wallet CLI for AI agents. Built-in 2FA, configurable spending limits.?
在 OpenClaw 或 Claude Code 对话框中运行命令「/install elytro-wallet-cli-skill」即可一键安装,无需额外配置。
Elytro: security-first ERC-4337 smart account wallet CLI for AI agents. Built-in 2FA, configurable spending limits. 是免费的吗?
是的,Elytro: security-first ERC-4337 smart account wallet CLI for AI agents. Built-in 2FA, configurable spending limits. 完全免费,采用 MIT-0 许可证,可自由下载、安装和使用。
Elytro: security-first ERC-4337 smart account wallet CLI for AI agents. Built-in 2FA, configurable spending limits. 支持哪些平台?
Elytro: security-first ERC-4337 smart account wallet CLI for AI agents. Built-in 2FA, configurable spending limits. 跨平台运行,可在任意部署了 OpenClaw / Claude Code 的环境中使用(cross-platform)。
谁开发了 Elytro: security-first ERC-4337 smart account wallet CLI for AI agents. Built-in 2FA, configurable spending limits.?
由 joi(@walkjoi)开发并维护,当前版本 v0.2.3。
推荐 Skills