← 返回 Skills 市场
204
总下载
0
收藏
1
当前安装
1
版本数
在 OpenClaw 中安装
/install nansen-wallet-keychain-migration
功能描述
Migrate an existing nansen-cli wallet from insecure password storage (env files, .credentials) to the new secure keychain-backed flow.
安全使用建议
Before installing, consider the following:
- Ask the publisher why NANSEN_API_KEY is declared as a required/primary credential when the migration steps in SKILL.md never reference it. If the skill truly needs that API key, ask for a clear explanation and which commands use it.
- The migration process will run commands that can reveal private keys (nansen wallet export default) and will read local files like ~/.nansen/.env or ~/.nansen/wallets/.credentials. Only run this skill on a trusted, local machine and avoid letting the agent send outputs (private keys or passwords) to external places or chat history.
- The SKILL.md uses NANSEN_WALLET_PASSWORD at runtime but that env var is not declared in metadata; verify how you will provide the password. If you prefer, perform the migration manually following the documented commands instead of giving an agent permission to run them.
- Verify the source of the nansen-cli npm package (official publisher) before allowing the skill to install it. Installing an npm CLI grants code execution privileges on your machine.
- If you decide to proceed, run the commands interactively yourself or require explicit human confirmation before the agent executes any command that might print private keys or read password files.
功能分析
Type: OpenClaw Skill
Name: nansen-wallet-keychain-migration
Version: 0.1.0
The skill is designed to migrate Nansen wallet passwords from insecure files to an OS keychain, but it requires the agent to execute high-risk commands like 'nansen wallet export default', which outputs raw private keys to the terminal for verification purposes. While the instructions in SKILL.md explicitly forbid logging or storing passwords, the process of handling and displaying private keys within the agent's execution environment poses a significant risk of accidental exposure or exfiltration if the agent's logs are compromised.
能力评估
Purpose & Capability
The skill's stated purpose is migrating a local nansen-cli wallet password into the OS keychain. The runtime instructions only call the local 'nansen' CLI, read ~/.nansen files, and use NANSEN_WALLET_PASSWORD; they do not reference or need an API key. However the registry metadata declares NANSEN_API_KEY as a required/primary credential. That env var appears unrelated to the documented migration steps and is unnecessary for the described local operations.
Instruction Scope
SKILL.md provides concrete shell commands to detect password storage, run 'nansen wallet secure', unset env vars, and run 'nansen wallet export default' to verify decryption. These actions are coherent with migration. They do, however, require handling sensitive data: exporting the wallet will reveal private keys and the skill tells agents to read or source plaintext password files if authorized. The instructions explicitly warn not to store the password and to ask the human, which is good, but an agent executing these steps could still display or capture secrets if not carefully controlled.
Install Mechanism
Install is a node package (nansen-cli) that provides the 'nansen' binary. Pulling an official npm CLI is a reasonable install path for a CLI-based migration. This is moderate-risk compared to no install, but consistent with the need for a 'nansen' binary.
Credentials
Declared required env: NANSEN_API_KEY (primary). The instructions actually use NANSEN_WALLET_PASSWORD and local files (~/.nansen/.env, ~/.nansen/wallets/.credentials). NANSEN_API_KEY is never referenced in SKILL.md. Conversely, NANSEN_WALLET_PASSWORD (used at runtime) is not declared as a required env or primary credential. This mismatch is disproportionate and unexplained and increases risk: the skill requests access to an unrelated API credential while not declaring the sensitive local password variable it will handle.
Persistence & Privilege
The skill is not always-enabled and is user-invocable; it can be invoked autonomously (disable-model-invocation=false) which is the platform default. The skill does not attempt to persist itself or modify other skills' configs. Note: because it runs local shell commands that can reveal private keys/passwords, autonomous invocation combined with the environment mismatch (requests an API key) raises the possible blast radius if an agent is permitted to run it without human oversight.
如何使用
- 确保已安装 OpenClaw(本地或 Docker 部署)
- 在对话框中输入安装命令:
/install nansen-wallet-keychain-migration - 安装完成后,直接呼叫该 Skill 的名称或使用
/nansen-wallet-keychain-migration触发 - 根据 Skill 的参数说明提供必要输入,即可获得结构化输出
版本历史
v0.1.0
nansen-wallet-keychain-migration v0.1.0
- Initial release supporting migration of nansen-cli wallet credentials from insecure storage (env files, .credentials) to a secure OS keychain.
- Provides detailed detection steps and multiple migration paths based on how the password is currently stored.
- Covers post-migration verification and cleanup instructions.
- Includes guidance and safety rules to ensure passwords are never exposed or mishandled.
- Documents handling of lost/unrecoverable passwords and creating a new wallet.
元数据
常见问题
Nansen Wallet Keychain Migration 是什么?
Migrate an existing nansen-cli wallet from insecure password storage (env files, .credentials) to the new secure keychain-backed flow. 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件,目前累计下载 204 次。
如何安装 Nansen Wallet Keychain Migration?
在 OpenClaw 或 Claude Code 对话框中运行命令「/install nansen-wallet-keychain-migration」即可一键安装,无需额外配置。
Nansen Wallet Keychain Migration 是免费的吗?
是的,Nansen Wallet Keychain Migration 完全免费,采用 MIT-0 许可证,可自由下载、安装和使用。
Nansen Wallet Keychain Migration 支持哪些平台?
Nansen Wallet Keychain Migration 跨平台运行,可在任意部署了 OpenClaw / Claude Code 的环境中使用(cross-platform)。
谁开发了 Nansen Wallet Keychain Migration?
由 Nansen AI(@nansen-devops)开发并维护,当前版本 v0.1.0。
推荐 Skills