← 返回 Skills 市场
1781
总下载
0
收藏
5
当前安装
4
版本数
在 OpenClaw 中安装
/install openclaw-wallet
功能描述
Multi-chain wallet and trading tools for AI agents. Provides 27 tools for: wallet management (create, balance, export keys), token swaps with flexible amounts ($100, 50%, max), cross-chain bridges, DEX market data (trending, volume, gainers/losers), token launches with tiered market caps, and fee management. Supports Solana and EVM chains. Use when agents need to interact with wallets, execute trades, research tokens, or launch tokens.
安全使用建议
Before installing: (1) Treat this as high-risk: it can create wallets, handle seed phrases/private keys, and execute transactions. (2) Verify the npm package @loomlay/openclaw-wallet-plugin on npm and the GitHub repo — inspect the code and maintainers, confirm versions and signatures. (3) Do not rely on its 'auto-register' behavior: prefer setting LOOMLAY_API_KEY yourself and inspect ~/.loomlay/credentials.json after first run. (4) Require that the skill be user-invoked only and disable autonomous model invocation for any transaction-capable skill. (5) Consider using a hardware wallet or isolated environment for any live funds; never allow automated or background transfers without explicit, auditable user confirmation. (6) Ask the publisher to fix registry metadata to declare the required env vars and installation steps, and to document network endpoints and data retention for credentials. If you cannot review the package code and verify its provenance, avoid installing it on any machine with real funds or sensitive keys.
功能分析
Type: OpenClaw Skill
Name: openclaw-wallet
Version: 0.1.5
The skill bundle is classified as suspicious due to its extensive high-risk capabilities, despite including security best practices. The `SKILL.md` file instructs the AI agent to handle extremely sensitive data like cryptocurrency seed phrases and private keys (via `wallet_create` and `wallet_export_keys`), perform irreversible financial transactions (swaps, transfers, bridges), launch tokens, and execute arbitrary RPC calls to blockchain nodes. It also involves installing an external npm package (`@loomlay/openclaw-wallet-plugin`) and managing credentials in `~/.loomlay/credentials.json`. While these capabilities are aligned with the stated purpose of a multi-chain wallet tool, they present a significant attack surface for prompt injection, allowing an attacker to potentially trick the agent into misusing these powerful tools for unauthorized actions or data exposure.
能力评估
Purpose & Capability
The feature set (wallet creation, swaps, bridges, export keys) aligns with a 'wallet/trading' skill. However the registry metadata (which in the UI/registry shows no required env vars or install) conflicts with the SKILL.md metadata that declares LOOMLAY_API_KEY, LOOMLAY_BASE_URL, and an npm install. That mismatch is an incoherence: a wallet/trading plugin legitimately needs an API key, but the registry should declare it too.
Instruction Scope
SKILL.md instructs the agent to auto-register for an API key and save it to ~/.loomlay/credentials.json, to always run wallet_get() on first interaction, and describes creating wallets and showing seed phrases. These instructions read/write user home config and can cause credential provisioning and sensitive secrets (seed phrases, private keys) to be handled and displayed — behavior beyond simple read-only queries and requiring explicit user consent. The instructions also require the agent to execute financial actions (swaps, transfers) with a strict requirement to confirm — but the runtime instructions give the agent leeway to perform wallet creation and quoting automatically on first use.
Install Mechanism
The skill is instruction-only in the registry, but SKILL.md requires running 'npm install @loomlay/openclaw-wallet-plugin'. Installing an external npm package means arbitrary remote code will be added to the host environment. The registry provided no install spec; relying on an external npm package raises supply-chain risk and should be explicitly declared and reviewed before installation.
Credentials
SKILL.md metadata declares LOOMLAY_API_KEY as required and LOOMLAY_BASE_URL optional and describes automatic API key registration and local credential file writes. Handling API keys and writing ~/.loomlay/credentials.json is proportionate to a remote wallet service, but the registry's earlier 'Required env vars: none' is inconsistent. The skill also processes and exports extremely sensitive secrets (seed phrases, private keys), which is expected for a wallet but greatly increases the sensitivity of any credential/privilege it receives.
Persistence & Privilege
The skill is not marked always:true, but there is no disableModelInvocation flag set, meaning the model could invoke it autonomously. Given the skill can create wallets, export private keys, and execute trades/transfers, allowing autonomous model invocation is a significant privilege and risk unless the agent is strictly constrained to require explicit user confirmation for every fund-moving operation.
如何使用
- 确保已安装 OpenClaw(本地或 Docker 部署)
- 在对话框中输入安装命令:
/install openclaw-wallet - 安装完成后,直接呼叫该 Skill 的名称或使用
/openclaw-wallet触发 - 根据 Skill 的参数说明提供必要输入,即可获得结构化输出
版本历史
v0.1.5
- Added a new section detailing first-time wallet setup, including example code and clear user instructions.
- Instruct users to check for an existing wallet before any trading or wallet operation, and explain what to do if none exists.
- Provided troubleshooting advice for `wallet_get()` authorization failures.
- No changes to tools or APIs—documentation update only.
v0.1.4
Summary: Major simplification and streamlining of documentation; detailed reference sections added, standalone guides removed.
- SKILL.md was rewritten: now concise, focused on practical tool usage and API reference.
- 9 stand-alone reference and workflow markdown files were removed.
- All features, security rules, amount formats, and all 27 tools described directly in SKILL.md.
- Sample code and common usage patterns highlighted for each functionality.
- Documentation now assumes flat async tool functions for direct, easy integration.
v0.1.3
- Added installation instructions for the OpenClaw Wallet plugin via `npm install @loomlay/openclaw-wallet-plugin`.
- Updated workflow to explicitly include the installation step before authentication and usage.
- Modified metadata to specify package installation instructions and reference the plugin package instead of the SDK.
- Clarified that all tools are available after plugin installation and that authentication is handled automatically.
- Renamed product references from "SDK" to "plugin" throughout documentation for accuracy.
v0.1.2
Initial release: 27 tools for multi-chain wallets, trading, DEX data, and token launches
元数据
常见问题
Openclaw Wallet 是什么?
Multi-chain wallet and trading tools for AI agents. Provides 27 tools for: wallet management (create, balance, export keys), token swaps with flexible amounts ($100, 50%, max), cross-chain bridges, DEX market data (trending, volume, gainers/losers), token launches with tiered market caps, and fee management. Supports Solana and EVM chains. Use when agents need to interact with wallets, execute trades, research tokens, or launch tokens. 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件,目前累计下载 1781 次。
如何安装 Openclaw Wallet?
在 OpenClaw 或 Claude Code 对话框中运行命令「/install openclaw-wallet」即可一键安装,无需额外配置。
Openclaw Wallet 是免费的吗?
是的,Openclaw Wallet 完全免费(开源免费),可自由下载、安装和使用。
Openclaw Wallet 支持哪些平台?
Openclaw Wallet 跨平台运行,可在任意部署了 OpenClaw / Claude Code 的环境中使用(cross-platform)。
谁开发了 Openclaw Wallet?
由 loomlay(@loomlay)开发并维护,当前版本 v0.1.5。
推荐 Skills