← 返回 Skills 市场
Multi-Party Agent Wallet
作者
Patrick Curé
· GitHub ↗
· v1.0.12
· MIT-0
257
总下载
0
收藏
0
当前安装
13
版本数
在 OpenClaw 中安装
/install mpa-wallet
功能描述
Operate and automate threshold multisignature workflows for MPC/MPA wallets on an isolated, dedicated host that contains no unrelated sensitive data or priva...
安全使用建议
This skill appears coherent for managing an mpc-auth node, but it requires access to a high-privilege management key and the local node repo. Before installing: (1) run it only on a dedicated, isolated machine as the SKILL.md instructs; (2) verify MPC_AUTH_URL points to a local/internal management API (not a remote public endpoint); (3) ensure $AUTH_KEY_PATH/mpc_auth_ed25519 has strict filesystem permissions and is not reused elsewhere; (4) keep at least one human-controlled node in the threshold+1 set so the agent cannot single-handedly sign transactions; (5) review and audit any repository scripts under $MPA_PATH and $MPC_CONFIG_PATH that the agent may execute; (6) monitor management API calls and require operator approval for any actions that would leave the local scope. These mitigations reduce the risk of accidental or coerced signing via prompt-injection or misconfiguration.
功能分析
Type: OpenClaw Skill
Name: mpa-wallet
Version: 1.0.12
The mpa-wallet skill bundle facilitates the automation of threshold multisignature workflows, which involves high-risk capabilities including shell execution (Foundry, Python), network access to management APIs/RPCs, and handling private management keys. While SKILL.md contains extensive security instructions, isolation requirements, and explicit guardrails against data exfiltration, the inherent power of the tools provided (e.g., executeSignResult.py and various transaction generation scripts) and the requirement for sensitive environment variables (KEYGEN_ID, AUTH_KEY_PATH) align with the criteria for a suspicious classification despite the lack of clear malicious intent.
能力标签
能力评估
Purpose & Capability
The name/description (MPC/MPA wallet management) aligns with required binaries (forge, cast, curl, jq, python3/pip3) and required env vars/config paths (management URL, management key path, node repo/.env). These are expected for an agent that authenticates to a local mpc-auth management API and performs on-chain queries/signing coordination.
Instruction Scope
SKILL.md confines actions to the local management API, node repo files, chain RPC configured by the node, and the dedicated management key. It explicitly forbids reading unrelated secrets or sending data to third-party platforms and instructs the agent to stop and ask for approval if a task would require leaving scope. The bootstrap steps (load .env, verify health, POST /keyGenRequest) are appropriate for the stated purpose.
Install Mechanism
Instruction-only skill with no install spec and no code files — nothing will be downloaded or written by the skill itself. This is the lowest-risk install model and matches the repository metadata.
Credentials
Requested env vars and config paths are relevant (management URL, management key path, node path, configs). The skill requires access to a dedicated management private key file ($AUTH_KEY_PATH/mpc_auth_ed25519), which is appropriate for automated management signing but is high privilege — operator must ensure the key is isolated and access is limited. One minor oddity: primaryEnv is set to MPC_AUTH_URL (a URL) rather than a secret token; this is not harmful but slightly unusual.
Persistence & Privilege
The skill does not request always:true and does not modify other skills or system-wide agent settings. It expects to run on an isolated host and operate only within its own node config and key path.
如何使用
- 确保已安装 OpenClaw(本地或 Docker 部署)
- 在对话框中输入安装命令:
/install mpa-wallet - 安装完成后,直接呼叫该 Skill 的名称或使用
/mpa-wallet触发 - 根据 Skill 的参数说明提供必要输入,即可获得结构化输出
版本历史
v1.0.12
Version 1.0.12 — No file changes detected.
- Added support for txParams in single and per index of batched sign requests
v1.0.11
mpa-wallet 1.0.11 Changelog
- Improved documentation with practical usage examples to guide users.
- Clarified Ed25519 management signing setup and reference documentation.
- Expanded and reorganized security, environment, and egress guardrails.
- Updated instructions for session bootstrap and environment variable handling.
- Specified allowed methods for creating and executing sign requests, with stronger emphasis on using provided scripts and helpers.
- Removed redundant or confusing explanations for easier onboarding.
v1.0.10
Version 1.0.10
- Updated documentation to clarify that the node submitting a multiSignRequest does not need to agree to their own request; only other nodes must agree for threshold+1 approval.
- Improved wording in the overview to emphasize the separation of responsibilities in the signing workflow.
- No code or structural changes; documentation only.
v1.0.9
## mpa-wallet v1.0.9
- Dependency update: `bins` now require `pip3` (was `pipx`).
- Merged gas params in signature.
v1.0.8
mpa-wallet 1.0.8
- Updated config requirements to include `mpc-config/configs.yaml` and `$MPA_PATH/.env`.
- Clarified and strengthened host security: highlighted that at least one human-controlled node must be included in the group to prevent potential takeover via management signing key injection.
- Added event listener for group messaging and automatic MPC signature generation and execution of accepted sign requests.
v1.0.7
mpa-wallet 1.0.7
- Added new required environment variable: MPC_CONFIG_PATH.
- Updated required config files to include $MPC_CONFIG_PATH.
- Changed primary environment variable from MPA_PATH to MPC_AUTH_URL in metadata.
- No functional or API changes; only updates to environmental and configuration metadata.
v1.0.6
Version 1.0.6
- Added "Scope and egress guardrails" section with strict requirements on local access and data boundaries.
- Clarified that the skill must not access unrelated secrets, credentials, or external web APIs unless explicitly permitted.
- Updated guidance to treat AUTH_KEY_PATH material as privileged and restrict printing or transmission.
- Highlighted that tasks outside defined scope require explicit operator approval.
- No code or file changes—documentation and policy clarifications only.
v1.0.5
- Switched primary environment variable to MPA_PATH and adjusted environment/config variables for improved clarity and automation.
- Updated references and instructions to use $MPA_PATH instead of $REFS_PATH for better directory consistency.
- Simplified configuration file paths for management key usage and documentation lookups.
- Removed obsolete references linking scripts and documentation, streamlining the setup process.
- Refined documentation to align with the updated environment variables and path conventions.
v1.0.4
mpa-wallet 1.0.4
- Added pipx to the required binaries for installation and operation.
- Added a new recipes config directory: "~mpcnode/mpc-config/recipes".
- Documented support for combining two multiSignRequest-style JSON outputs into a single batch using multiSignJoin.py before POST /multiSignRequest.
- Commonly used smart contract interactions in the recipes directory.
- Execute sign result script.
- Bumped version to 1.0.4; no other behavioral changes noted.
v1.0.3
Add script for multiSignRequest and clearer documentation.
v1.0.2
No code changes detected in this version.
- Version bump to 1.0.2 with an added script to poll the KeyGen messaging channel,
- Emphasise environment security by requiring a dedicated node with no secrets or sensitive data, or re-use of keys.
v1.0.1
- Added a frontmatter block with metadata including environment variables, required binaries, config paths, OS compatibility, and homepage.
- No changes to functional content or workflows.
- Improves discoverability and integration for agent environments by specifying setup requirements at the top.
v1.0.0
Initial release of the MPA / MPC wallet agent (Open Claw / Clawhub) skill.
- Enables AI agents to operate mpc-auth nodes within ContinuumDAO’s Multi-Party Agent (MPA) wallet system.
- Supports threshold-based multi-signature flows: propose, agree, trigger, and execute sign requests.
- Distinguishes between management signatures (API authentication) and MPC signatures (on-chain wallet authorization).
- Provides guidance for required setup, including Ed25519 management key configuration and prerequisite node environment.
- Covers agent workflow: messaging, transaction proposal, agreement, and persistent context management.
- References official ContinuumDAO documentation for initial node and group setup.
元数据
常见问题
Multi-Party Agent Wallet 是什么?
Operate and automate threshold multisignature workflows for MPC/MPA wallets on an isolated, dedicated host that contains no unrelated sensitive data or priva... 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件,目前累计下载 257 次。
如何安装 Multi-Party Agent Wallet?
在 OpenClaw 或 Claude Code 对话框中运行命令「/install mpa-wallet」即可一键安装,无需额外配置。
Multi-Party Agent Wallet 是免费的吗?
是的,Multi-Party Agent Wallet 完全免费,采用 MIT-0 许可证,可自由下载、安装和使用。
Multi-Party Agent Wallet 支持哪些平台?
Multi-Party Agent Wallet 跨平台运行,可在任意部署了 OpenClaw / Claude Code 的环境中使用(linux)。
谁开发了 Multi-Party Agent Wallet?
由 Patrick Curé(@patrickcure)开发并维护,当前版本 v1.0.12。
推荐 Skills