← 返回 Skills 市场
231
总下载
0
收藏
1
当前安装
2
版本数
在 OpenClaw 中安装
/install nansen-wallet-manager
功能描述
Wallet management — create (local or Privy server-side), list, show, export, send, delete. Use when creating wallets, checking balances, or sending tokens.
安全使用建议
This skill appears to be a real CLI wrapper for wallet actions, but it has important inconsistencies and sensitive behavior you should review before installing:
- The registry metadata only lists NANSEN_API_KEY, yet the instructions require additional secrets (PRIVY_APP_ID, PRIVY_APP_SECRET) and an optional NANSEN_WALLET_PASSWORD. Ask the publisher to update metadata to list all required env vars.
- The CLI can export private keys for local wallets and may store passwords in a plaintext fallback at ~/.nansen/wallets/.credentials. If you install this, be aware that exporting keys or using the insecure fallback can expose funds.
- The installer is an npm package (nansen-cli). Verify the package source, publisher identity, and review the package on the public npm registry or its GitHub repo before installing.
- For agent use, prefer Privy (server-side keys) for automation if you trust Privy; otherwise require explicit human confirmation for any 'wallet export', 'send', or 'delete' operations.
- If you cannot verify the upstream package or the publisher, avoid installing or restrict the skill so it cannot run sensitive commands automatically. Request the skill's homepage/repo and a full list of required env vars from the publisher; that information would materially change this assessment.
功能分析
Type: OpenClaw Skill
Name: nansen-wallet-manager
Version: 0.1.1
The skill provides high-risk capabilities for managing cryptocurrency wallets, including the ability to send tokens and export private keys via the 'nansen' CLI (SKILL.md). While the instructions include defensive measures—such as requiring the agent to ask the human user for passwords and forbidding the storage of credentials—the 'wallet export' command inherently risks leaking plaintext private keys into the agent's observation logs and subsequent conversation history. These high-risk functionalities, while aligned with the stated purpose, create a significant surface for accidental data exposure or unauthorized asset transfer if the agent is manipulated.
能力评估
Purpose & Capability
Name/description, required binary (nansen), and primary env (NANSEN_API_KEY) align with a CLI-based wallet manager. However, the SKILL.md documents additional required credentials and behaviors (PRIVY_APP_ID, PRIVY_APP_SECRET, NANSEN_WALLET_PASSWORD, use of OS keychain and ~/.nansen/.credentials) that are not declared in the registry metadata. The ability to export private keys from local wallets is also part of the documented functionality and is sensitive.
Instruction Scope
The SKILL.md instructs the agent to run CLI commands that create, export, send, and delete wallets and to use Privy (server-side) or local encrypted storage. It explicitly documents exporting private keys for local wallets and the CLI fallback to an on-disk credentials file. The instructions reference env vars and secrets (PRIVY_*, NANSEN_WALLET_PASSWORD) that were not declared. Commands the agent will run can produce private keys and perform network operations — reasonable for a wallet manager but high-risk and the scope is broader than the declared metadata.
Install Mechanism
Install spec is a node/npm package (nansen-cli) that provides the 'nansen' binary. This is an expected and common install method for a CLI skill; moderate trust is required (npm package provenance should be verified), but there are no raw URL downloads or archive extraction in the spec.
Credentials
Registry metadata only lists NANSEN_API_KEY (primaryEnv), but the SKILL.md requires or references additional secrets: NANSEN_WALLET_PASSWORD, PRIVY_APP_ID, PRIVY_APP_SECRET, and possibly others. The skill also relies on OS keychain access and may fall back to an insecure ~/.nansen/.credentials file. Requesting undisclosed secrets and implicit file access is disproportionate and should have been declared.
Persistence & Privilege
always:false and agent invocation is normal. The skill does not request forced always-on presence. However, runtime behavior interacts with system secret stores (OS keychain) and may create ~/.nansen files (including an insecure fallback). That persistence is operationally significant for secrets handling, but not a metadata privilege misconfiguration on its own.
如何使用
- 确保已安装 OpenClaw(本地或 Docker 部署)
- 在对话框中输入安装命令:
/install nansen-wallet-manager - 安装完成后,直接呼叫该 Skill 的名称或使用
/nansen-wallet-manager触发 - 根据 Skill 的参数说明提供必要输入,即可获得结构化输出
版本历史
v0.1.1
- Added separate usage examples for Privy (server-side) and Local (password-required) wallet creation in the "Create" section.
- Clarified environment variable requirements for each wallet provider.
- No changes to CLI commands or supported features; update is limited to documentation improvements in SKILL.md.
v0.1.0
nansen-wallet-manager 0.1.0
- Initial release with support for creating, listing, showing, exporting, sending from, and deleting wallets.
- Supports both local (encrypted on disk) and Privy server-side wallet providers.
- Provides secure password handling via OS keychain or environment variable for local wallets.
- Comprehensive documentation on agent-safe flows, environment variables, and CLI flags.
- Supports native and token transfers across EVM and Solana chains.
元数据
常见问题
Nansen Wallet Manager 是什么?
Wallet management — create (local or Privy server-side), list, show, export, send, delete. Use when creating wallets, checking balances, or sending tokens. 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件,目前累计下载 231 次。
如何安装 Nansen Wallet Manager?
在 OpenClaw 或 Claude Code 对话框中运行命令「/install nansen-wallet-manager」即可一键安装,无需额外配置。
Nansen Wallet Manager 是免费的吗?
是的,Nansen Wallet Manager 完全免费,采用 MIT-0 许可证,可自由下载、安装和使用。
Nansen Wallet Manager 支持哪些平台?
Nansen Wallet Manager 跨平台运行,可在任意部署了 OpenClaw / Claude Code 的环境中使用(cross-platform)。
谁开发了 Nansen Wallet Manager?
由 Nansen AI(@nansen-devops)开发并维护,当前版本 v0.1.1。
推荐 Skills