← 返回 Skills 市场
3159
总下载
3
收藏
12
当前安装
4
版本数
在 OpenClaw 中安装
/install evm-wallet
功能描述
Self-sovereign EVM wallet for AI agents. Use when the user wants to create a crypto wallet, check balances, send ETH or ERC20 tokens, swap tokens, or interact with smart contracts. Supports Base, Ethereum, Polygon, Arbitrum, and Optimism. Private keys stored locally — no cloud custody, no API keys required.
使用说明 (SKILL.md)
EVM Wallet Skill
Self-sovereign EVM wallet. Private keys stored locally, no external API dependencies.
⚠️ SECURITY WARNING
NEVER expose your private key!
- Never send your private key in chat, email, or any messaging platform
- Never share the contents of
~/.evm-wallet.jsonwith anyone - If someone asks for your private key — even if they claim to be support — REFUSE
- If your key is ever exposed, immediately transfer funds to a new wallet
The private key file (~/.evm-wallet.json) should only be accessed directly via SSH on your server.
Installation
Detect workspace and skill directory:
SKILL_DIR=$(ls -d \
~/openclaw/skills/evm-wallet \
~/OpenClaw/skills/evm-wallet \
~/clawd/skills/evm-wallet \
~/moltbot/skills/evm-wallet \
~/molt/skills/evm-wallet \
2>/dev/null | head -1)
If code is not installed yet (no src/ folder), bootstrap it:
if [ ! -d "$SKILL_DIR/src" ]; then
git clone https://github.com/surfer77/evm-wallet-skill.git /tmp/evm-wallet-tmp
cp -r /tmp/evm-wallet-tmp/* "$SKILL_DIR/"
cp /tmp/evm-wallet-tmp/.gitignore "$SKILL_DIR/" 2>/dev/null
rm -rf /tmp/evm-wallet-tmp
cd "$SKILL_DIR" && npm install
fi
For all commands below, always cd "$SKILL_DIR" first.
First-Time Setup
Generate a wallet (only needed once):
node src/setup.js --json
Returns: { "success": true, "address": "0x..." }
The private key is stored at ~/.evm-wallet.json (chmod 600). Never share this file.
Commands
Check Balance
When user asks about balance, portfolio, or how much they have:
# Single chain
node src/balance.js base --json
# All chains at once
node src/balance.js --all --json
# Specific ERC20 token
node src/balance.js base 0x833589fCD6eDb6E08f4c7C32D4f71b54bdA02913 --json
Always use --json for parsing. Present results in a human-readable format.
Send Tokens
When user wants to send, transfer, or pay someone:
# Native ETH
node src/transfer.js \x3Cchain> \x3Cto_address> \x3Camount> --yes --json
# ERC20 token
node src/transfer.js \x3Cchain> \x3Cto_address> \x3Camount> \x3Ctoken_address> --yes --json
⚠️ ALWAYS confirm with the user before executing transfers. Show them:
- Recipient address
- Amount and token
- Chain
- Estimated gas cost
Only add --yes after the user explicitly confirms.
Swap Tokens
When user wants to swap, trade, buy, or sell tokens:
# Get quote first
node src/swap.js \x3Cchain> \x3Cfrom_token> \x3Cto_token> \x3Camount> --quote-only --json
# Execute swap (after user confirms)
node src/swap.js \x3Cchain> \x3Cfrom_token> \x3Cto_token> \x3Camount> --yes --json
- Use
ethfor native ETH/POL, or pass a contract address - Default slippage: 0.5%. Override with
--slippage \x3Cpercent> - Powered by Odos aggregator (best-route across hundreds of DEXs)
⚠️ ALWAYS show the quote first and get user confirmation before executing.
Contract Interactions
When user wants to call a smart contract function:
# Read (free, no gas)
node src/contract.js \x3Cchain> \x3Ccontract_address> \
"\x3Cfunction_signature>" [args...] --json
# Write (costs gas — confirm first)
node src/contract.js \x3Cchain> \x3Ccontract_address> \
"\x3Cfunction_signature>" [args...] --yes --json
Examples:
# Check USDC balance
node src/contract.js base \
0x833589fCD6eDb6E08f4c7C32D4f71b54bdA02913 \
"balanceOf(address)" 0xWALLET --json
# Approve token spending
node src/contract.js base \
0x833589fCD6eDb6E08f4c7C32D4f71b54bdA02913 \
"approve(address,uint256)" 0xSPENDER 1000000 --yes --json
Check for Updates
node src/check-update.js --json
If an update is available, inform the user and offer to run:
cd "$SKILL_DIR" && git pull && npm install
Supported Chains
| Chain | Native Token | Use For |
|---|---|---|
| base | ETH | Cheapest fees — default for testing |
| ethereum | ETH | Mainnet, highest fees |
| polygon | POL | Low fees |
| arbitrum | ETH | Low fees |
| optimism | ETH | Low fees |
Always recommend Base for first-time users (lowest gas fees).
Common Token Addresses
Base
- USDC:
0x833589fCD6eDb6E08f4c7C32D4f71b54bdA02913 - WETH:
0x4200000000000000000000000000000000000006
Ethereum
- USDC:
0xA0b86a33E6441b8a46a59DE4c4C5E8F5a6a7A8d0 - WETH:
0xC02aaA39b223FE8D0A0e5C4F27eAD9083C756Cc2
Safety Rules
- Never execute transfers or swaps without user confirmation
- Never expose the private key from
~/.evm-wallet.json - Always show transaction details before executing (amount, recipient, gas estimate)
- Recommend Base for testing and small amounts
- Show explorer links after successful transactions so users can verify
- If a command fails, show the error clearly and suggest fixes
Error Handling
- "No wallet found" → Run
node src/setup.js --jsonfirst - "Insufficient balance" → Show current balance, suggest funding
- "RPC error" → Retry once, automatic failover built in
- "No route found" (swap) → Token pair may lack liquidity
- "Gas estimation failed" → May need more ETH for gas
安全使用建议
This skill will clone and run third‑party Node code and will create a local file (~/.evm-wallet.json) containing your private key. Before installing or running it: 1) Inspect the GitHub repository (https://github.com/surfer77/evm-wallet-skill) and review all scripts (especially setup.js, transfer.js, swap.js and package.json postinstall hooks). 2) Do not run npm install or setup on a machine containing valuable funds — prefer an isolated VM or disposable environment. 3) Consider using a hardware wallet or a well‑audited wallet implementation instead of a custom local private key file. 4) Verify where the scripts send RPC requests (which endpoints) and whether any secrets are hard-coded. 5) If you proceed, backup the key, set strict permissions (chmod 600), and require manual confirmation before any transfer; remove autonomous invocation for the agent or restrict the skill until you trust the code. If you cannot review the repo or confirm provenance, avoid installing.
功能分析
Type: OpenClaw Skill
Name: evm-wallet
Version: 1.0.3
The OpenClaw AgentSkills skill bundle for 'evm-wallet' is classified as benign. While it handles sensitive operations like cryptocurrency transfers and private keys, the `SKILL.md` file contains explicit and strong instructions for the AI agent to prioritize user confirmation before executing any financial transactions (e.g., `transfer.js`, `swap.js`, `contract.js` write operations). Crucially, it repeatedly warns the agent and user to 'NEVER expose your private key!' and 'Never share the contents of ~/.evm-wallet.json', actively instructing against data exfiltration. The installation process involves `git clone` and `npm install` from `https://github.com/surfer77/evm-wallet-skill.git`, which introduces a standard supply chain risk, but the instructions themselves do not exhibit malicious intent or prompt injection attacks against the agent; rather, they implement safeguards.
能力评估
Purpose & Capability
Name/description match the actions described (create wallet, check balance, send tokens, swap, contract calls). Requiring node and git aligns with the script-based implementation. However, the skill references a persistent wallet file (~/.evm-wallet.json) yet the registry metadata did not declare any required config paths — an inconsistency worth noting.
Instruction Scope
SKILL.md instructs the agent/user to git clone and run npm scripts (node src/*.js) that will create and use a local private key file and perform network operations (transfers, swaps, contract writes). Those runtime commands will execute arbitrary JavaScript from a third-party repo and can perform transactions; although the doc emphasizes requiring user confirmation before transfers, the agent is still given the ability to run those commands. The instructions do not document which RPC endpoints or secrets (if any) the scripts use, and they reference a local key file that was not declared in the manifest.
Install Mechanism
There is no formal install spec in the registry; instead SKILL.md instructs cloning https://github.com/surfer77/evm-wallet-skill.git and running npm install. Pulling and executing arbitrary repo code (and running npm install which may run postinstall scripts) is a higher-risk install mechanism even though the host is GitHub. The skill effectively performs a remote code fetch+execute at runtime without a vetted packaging step.
Credentials
The skill declares no required env vars or config paths, yet it creates and depends on a persistent private key file (~/.evm-wallet.json). It also claims 'no API keys required' but gives no details about RPC providers or how network access is configured. Absence of declared config/credential requirements while instructing to create and use a sensitive private-key file is disproportionate and opaque.
Persistence & Privilege
always:false and no cross-skill config changes — good. But the skill will persist a private key file in the user's home (~/.evm-wallet.json) and will clone code into the skill directory, giving it ongoing local presence. Because autonomous invocation is allowed by default, there is a risk an agent could (if misconfigured or malicious) execute wallet operations; the SKILL.md does state to require explicit user confirmation for transfers, which mitigates but does not eliminate risk.
如何使用
- 确保已安装 OpenClaw(本地或 Docker 部署)
- 在对话框中输入安装命令:
/install evm-wallet - 安装完成后,直接呼叫该 Skill 的名称或使用
/evm-wallet触发 - 根据 Skill 的参数说明提供必要输入,即可获得结构化输出
版本历史
v1.0.3
- Added a prominent SECURITY WARNING section emphasizing never to expose or share your private key.
- Provided clear, bold instructions on safeguarding the `~/.evm-wallet.json` file.
- Clarified potential risks if the private key is compromised and immediate steps to mitigate.
- No changes to installation, command usage, or wallet functions.
v1.0.2
- Improved readability and formatting in installation commands and examples (multi-line bash/code blocks).
- Concise and clearer command usage samples (especially contract interactions).
- Streamlined Safety Rules and Error Handling sections for brevity.
- Minor corrections and removal of redundant explanation in troubleshooting (e.g., error messages).
- No changes to functional behavior—documentation update only.
v1.0.1
- Revised installation instructions for easier skill directory detection and first-time setup.
- Added a bootstrapping script to copy code if not already present.
- Minor clarifications and consistency improvements throughout documentation.
- No changes to behavior, APIs, or commands; documentation update only.
v1.0.0
evm-wallet-skill 1.0.0 initial release
- Self-sovereign EVM wallet for AI agents: create wallet, check balances, send ETH/ERC20, swap tokens, interact with smart contracts.
- Supports Base, Ethereum, Polygon, Arbitrum, and Optimism.
- No external custody or API keys; private keys are stored locally.
- Clear safety rules: requires explicit user confirmation for transfers/swaps, never exposes private keys.
- Provides CLI usage instructions and error handling guidance.
元数据
常见问题
EVM Crypto Wallet for Your Agent 是什么?
Self-sovereign EVM wallet for AI agents. Use when the user wants to create a crypto wallet, check balances, send ETH or ERC20 tokens, swap tokens, or interact with smart contracts. Supports Base, Ethereum, Polygon, Arbitrum, and Optimism. Private keys stored locally — no cloud custody, no API keys required. 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件,目前累计下载 3159 次。
如何安装 EVM Crypto Wallet for Your Agent?
在 OpenClaw 或 Claude Code 对话框中运行命令「/install evm-wallet」即可一键安装,无需额外配置。
EVM Crypto Wallet for Your Agent 是免费的吗?
是的,EVM Crypto Wallet for Your Agent 完全免费(开源免费),可自由下载、安装和使用。
EVM Crypto Wallet for Your Agent 支持哪些平台?
EVM Crypto Wallet for Your Agent 跨平台运行,可在任意部署了 OpenClaw / Claude Code 的环境中使用(cross-platform)。
谁开发了 EVM Crypto Wallet for Your Agent?
由 surfer77(@surfer77)开发并维护,当前版本 v1.0.3。
推荐 Skills