← 返回 Skills 市场
424
总下载
0
收藏
0
当前安装
1
版本数
在 OpenClaw 中安装
/install lws
功能描述
Lightweight Wallet Signer CLI — generate wallets, derive addresses, and sign messages across EVM, Solana, Bitcoin, Cosmos, and Tron chains.
使用说明 (SKILL.md)
LWS CLI
Minimal, offline-first CLI for generating wallets, deriving addresses, and signing messages across multiple chains.
Installation
One-liner:
curl -fsSL https://raw.githubusercontent.com/dawnlabsai/lws/main/lws/install.sh | bash
The installer will:
- Install Rust via
rustupif not already present - Clone the repo and build from source
- Place the
lwsbinary at~/.lws/bin/lws - Add
~/.lws/binto your shell'sPATH(supports zsh, bash, fish)
Set LWS_INSTALL_DIR to override the install location.
From source:
git clone https://github.com/dawnlabsai/lws.git
cd lws/lws
cargo build --workspace --release
cp target/release/lws ~/.lws/bin/lws
Commands
lws generate
Generate a new BIP-39 mnemonic phrase.
lws generate [--words 12|24]
--words— Number of mnemonic words, 12 or 24 (default:12)
lws derive
Derive an address from a mnemonic.
lws derive --mnemonic \x3CPHRASE> --chain \x3CCHAIN> [--index 0]
--mnemonic— BIP-39 mnemonic phrase (required)--chain— Chain type:evm,solana,bitcoin,cosmos,tron(required)--index— Account index (default:0)
lws sign
Sign a message with a mnemonic-derived key.
lws sign --mnemonic \x3CPHRASE> --chain \x3CCHAIN> --message \x3CMSG> [--index 0]
--mnemonic— BIP-39 mnemonic phrase (required)--chain— Chain type (required)--message— Message to sign (required)--index— Account index (default:0)
lws info
Show the vault path and list supported chains.
lws info
lws create-wallet
Create a new wallet — generates a mnemonic and saves a wallet descriptor to the vault.
lws create-wallet --name \x3CNAME> --chain \x3CCHAIN> [--words 12|24]
--name— Wallet name (required)--chain— Chain type (required)--words— Mnemonic word count (default:12)
lws list-wallets
List all saved wallets in the vault.
lws list-wallets
lws update
Update lws to the latest version by building from the latest commit.
lws update [--force]
--force— Rebuild even if already on the latest commit
lws uninstall
Remove lws from the system.
lws uninstall [--purge]
--purge— Also remove all wallet data and config (~/.lws)
Removes the binary, cleans PATH entries from shell config files, and optionally deletes the entire ~/.lws directory. Prompts for confirmation before proceeding.
File Layout
~/.lws/
├── bin/
│ └── lws # CLI binary
└── wallets/
└── \x3Cwallet-id>.json # Wallet descriptors
安全使用建议
This skill appears to implement a local wallet CLI and the build requirements (git/cargo) are reasonable, but you should not blindly run the curl|bash installer or supply real mnemonics until you verify the code. Actionable steps: (1) Inspect the GitHub repo and the install.sh script yourself (do not pipe to shell without review). (2) Prefer cloning and building from source locally (git clone && cargo build) rather than curl|bash. (3) Confirm how wallet JSON files are protected—look for encryption/passphrase support—and check file permissions on ~/.lws. (4) Avoid passing mnemonics on the command line; use interactive prompts or secure stdin if available. (5) If you must test, run in an isolated VM/container and use throwaway mnemonics (no real funds). (6) Consider using hardware wallets or well-audited software for real funds. If you want, I can (a) fetch and summarize the install.sh and repository files for manual review, or (b) list the lines in SKILL.md that expose secrets so you can adjust usage.
功能分析
Type: OpenClaw Skill
Name: lws
Version: 1.0.0
The skill is classified as suspicious primarily due to its installation and update methods. It instructs the agent to execute a remote script directly via `curl -fsSL ... | bash`, which is a significant supply chain vulnerability allowing arbitrary code execution if the remote script at `https://raw.githubusercontent.com/dawnlabsai/lws/main/lws/install.sh` is compromised. Additionally, the `lws update` command involves `git pull` and `cargo build` from a remote repository, further increasing the supply chain risk by compiling and executing potentially untrusted code. While the skill's described purpose (wallet management) is legitimate, these installation and update practices introduce high-risk capabilities without clear malicious intent from the skill's author, making it a critical vulnerability.
能力评估
Purpose & Capability
Name/description align with what the SKILL.md instructs: it builds a Rust CLI, requires git and cargo, and stores wallets under ~/.lws. Requiring git/cargo and optionally rustup is proportionate for a Rust CLI built from source.
Instruction Scope
The runtime instructions tell users/agents to install via curl | bash from a raw GitHub URL and to pass full BIP-39 mnemonics on the command line (e.g., lws derive --mnemonic <PHRASE> and lws sign --mnemonic <PHRASE>). Passing secrets on the CLI can leak to shell history and process listings. The SKILL.md does not describe encrypting the wallet vault or secure handling of mnemonics, so instructions do not constrain or protect sensitive data.
Install Mechanism
The installer is a curl -fsSL https://raw.githubusercontent.com/... | bash pipeline. GitHub raw content is a known host, but piping a remote install script to a shell executes remote code without an on-disk review and is higher risk. The installer may install rustup and build toolchains, which modify the system environment.
Credentials
The skill declares no required environment variables, which is fine, but it stores wallet descriptors under ~/.lws and expects users to supply raw mnemonics. There is no mention of vault encryption, passphrase protection, or secure storage. That absence is disproportionate for a tool that handles private keys and mnemonics.
Persistence & Privilege
The skill is not marked always:true and does not request elevated or cross-skill configuration. The installer writes to the user's home directory (~/.lws) and modifies shell config to add to PATH, which is expected for a CLI but should be reviewed by the user before permitting.
如何使用
- 确保已安装 OpenClaw(本地或 Docker 部署)
- 在对话框中输入安装命令:
/install lws - 安装完成后,直接呼叫该 Skill 的名称或使用
/lws触发 - 根据 Skill 的参数说明提供必要输入,即可获得结构化输出
版本历史
v1.0.0
Initial release of lws: Lightweight Wallet Signer CLI.
- Generate BIP-39 mnemonics, derive addresses, and sign messages for EVM, Solana, Bitcoin, Cosmos, and Tron chains.
- Minimal, offline-first CLI.
- Wallet management: create, list, and store wallets locally.
- Easy installation script and update/uninstall commands included.
- Works on macOS and Linux; requires git and Rust.
元数据
常见问题
Local Wallet Standard 是什么?
Lightweight Wallet Signer CLI — generate wallets, derive addresses, and sign messages across EVM, Solana, Bitcoin, Cosmos, and Tron chains. 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件,目前累计下载 424 次。
如何安装 Local Wallet Standard?
在 OpenClaw 或 Claude Code 对话框中运行命令「/install lws」即可一键安装,无需额外配置。
Local Wallet Standard 是免费的吗?
是的,Local Wallet Standard 完全免费(开源免费),可自由下载、安装和使用。
Local Wallet Standard 支持哪些平台?
Local Wallet Standard 跨平台运行,可在任意部署了 OpenClaw / Claude Code 的环境中使用(darwin, linux)。
谁开发了 Local Wallet Standard?
由 njdawn(@njdawn)开发并维护,当前版本 v1.0.0。
推荐 Skills