← 返回 Skills 市场
230
总下载
0
收藏
0
当前安装
1
版本数
在 OpenClaw 中安装
/install use-user-controlled-wallets
功能描述
Build non-custodial wallets where end users retain control of their private keys via Circle's user-controlled wallets SDK. Supports Google, Apple, Facebook s...
安全使用建议
This skill appears to be a legitimate integration guide for Circle user-controlled wallets, but there are a few things to check before using it in a project: (1) Confirm the metadata is updated to declare required environment variables (CIRCLE_API_KEY for your backend and CIRCLE_APP_ID for your frontend); absence in metadata is likely an oversight. (2) Keep the Circle API key strictly on the server — never embed it in frontend builds. (3) Replace demo persistence (localStorage) with secure storage/cookie strategies in production; avoid storing long-lived secrets in localStorage. (4) Verify the npm package names and audit the @circle-fin packages you install (pin versions, review changelogs). (5) Ensure you do not commit .env files or keys to version control; follow the included security rules. If you need higher confidence, ask the publisher to provide explicit required.env metadata and a short attestation of the npm package origins (official Circle packages).
功能分析
Type: OpenClaw Skill
Name: use-user-controlled-wallets
Version: 0.1.0
The skill bundle provides legitimate documentation and implementation patterns for integrating Circle's User-Controlled Wallets SDK. It emphasizes security best practices, such as keeping API keys on the backend, requiring explicit user consent for transactions, and using secure storage for session tokens. No evidence of data exfiltration, malicious execution, or prompt injection was found across SKILL.md or the reference files.
能力评估
Purpose & Capability
The name/description and the SKILL.md consistently describe building non-custodial wallets via Circle's user-controlled-wallets SDK. The npm packages and APIs referenced are coherent with that purpose. However, the skill metadata declares no required env vars while the instructions explicitly require CIRCLE_API_KEY (backend) and CIRCLE_APP_ID (frontend), which is a metadata omission that should be corrected.
Instruction Scope
Runtime instructions stay within the wallet creation/transaction domain and clearly separate backend vs frontend responsibilities (API key on backend, SDK on frontend, challenge flow). The examples instruct storing userToken/encryptionKey in localStorage or cookies for convenience; the doc warns not to use localStorage in production but still provides dev patterns that could lead to insecure implementations if copied verbatim.
Install Mechanism
This is an instruction-only skill (no install spec). It suggests installing scoped npm packages (@circle-fin/...), which is expected for the described functionality. There are no arbitrary download URLs or extract steps in the skill bundle.
Credentials
The SKILL.md requires sensitive environment/config values (CIRCLE_API_KEY for server, CIRCLE_APP_ID for client) but the skill metadata lists none. The omission reduces transparency about required secrets. Additionally, example code persists userToken/encryptionKey in localStorage or cookies — acceptable for quick demos but risky in production; guidance to prefer secure cookie attributes or other secure storage should be stronger.
Persistence & Privilege
The skill does not request persistent platform privileges (always: false) and does not attempt to modify other skills or system configs. Autonomous invocation is allowed by default but not combined here with other high-risk indicators.
如何使用
- 确保已安装 OpenClaw(本地或 Docker 部署)
- 在对话框中输入安装命令:
/install use-user-controlled-wallets - 安装完成后,直接呼叫该 Skill 的名称或使用
/use-user-controlled-wallets触发 - 根据 Skill 的参数说明提供必要输入,即可获得结构化输出
版本历史
v0.1.0
- Initial release of use-user-controlled-wallets skill.
- Enables building non-custodial wallets where users retain private key control using Circle's user-controlled wallets SDK.
- Supports PIN, email OTP, and social logins (Google, Apple, Facebook) with MPC-based key management.
- Details architecture, challenge-response execution flow, security rules, and implementation guides.
- Provides clear error handling, best practices, and direct reference links for developer support.
元数据
常见问题
Use User Controlled Wallets 是什么?
Build non-custodial wallets where end users retain control of their private keys via Circle's user-controlled wallets SDK. Supports Google, Apple, Facebook s... 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件,目前累计下载 230 次。
如何安装 Use User Controlled Wallets?
在 OpenClaw 或 Claude Code 对话框中运行命令「/install use-user-controlled-wallets」即可一键安装,无需额外配置。
Use User Controlled Wallets 是免费的吗?
是的,Use User Controlled Wallets 完全免费,采用 MIT-0 许可证,可自由下载、安装和使用。
Use User Controlled Wallets 支持哪些平台?
Use User Controlled Wallets 跨平台运行,可在任意部署了 OpenClaw / Claude Code 的环境中使用(cross-platform)。
谁开发了 Use User Controlled Wallets?
由 Madelyn(@mscandlen3)开发并维护,当前版本 v0.1.0。
推荐 Skills