← 返回 Skills 市场
1598
总下载
1
收藏
0
当前安装
1
版本数
在 OpenClaw 中安装
/install wallet-pilot
功能描述
Universal browser wallet automation for AI agents. Supports 10 wallets including MetaMask, Rabby, Phantom, Trust Wallet, OKX, Coinbase, and more. EVM + Solana. Configurable guardrails with spend limits, chain allowlists, and approval thresholds.
安全使用建议
Treat this skill as high-risk and incomplete. Do not run any npm or setup scripts from unknown sources or import an unreviewed repo into a machine with real funds. Before using: (1) request the full source repository and package.json so you or a reviewer can audit the code and npm dependencies; (2) verify how and where the wallet seed/private keys are stored and insist on human confirmation for any transaction above a tiny test amount; (3) only test on an air-gapped or throwaway VM with a freshly funded agent wallet holding minimal funds; (4) require a review of the 'setup' script and any automation that can call sign/send to ensure it enforces the stated spend limits and allowlist checks; (5) prefer well-known, open-source alternatives or official integrations with provenance. If you cannot obtain auditable source code and a clear explanation of secret handling, do not install or use this skill with real assets.
功能分析
Type: OpenClaw Skill
Name: wallet-pilot
Version: 0.1.0
The skill bundle is designed for universal browser wallet automation, a high-risk domain involving financial transactions. However, the `SKILL.md` documentation extensively details robust security measures and guardrails, including the use of isolated browser profiles, separate wallets, spend limits, protocol allowlists, and full logging. There is no evidence of prompt injection attempts against the AI agent, nor any instructions for malicious execution, data exfiltration, or persistence. The setup steps and available actions are clearly aligned with the stated purpose, and the inherent risks are explicitly acknowledged and mitigated by the documented design.
能力评估
Purpose & Capability
The SKILL.md describes a full TypeScript/Playwright codebase and a plugin architecture (src/, adapters, example files) but the published skill contains only the SKILL.md and no code, package.json, or binaries. It also tells the user to run npm install and npm run setup even though no install spec or code files are provided. That mismatch makes it impossible to verify the implementation and is inconsistent with the claimed capabilities.
Instruction Scope
The runtime instructions direct automated wallet actions (connect, swap, send, sign) and to create and persist a browser profile that contains a new seed-backed wallet. These actions are inherently high-risk. The instructions are also vague about exactly what the 'setup' script does, where secrets (seed phrase, private keys) will be stored, and what human confirmations are required — giving broad discretion that could lead to irreversible fund loss if misused.
Install Mechanism
No formal install spec is included (instruction-only). SKILL.md tells the user to run npm install and npx playwright install chromium, which would pull packages from npm based on a package.json that is not present in the package. That pattern shifts trust to an external, unverified codebase the user must obtain; it is not itself an automated install step in the skill bundle but it creates a practical install risk if the user follows the instructions without first inspecting code.
Credentials
The skill requests no environment variables or external credentials in metadata, which is proportionate. However, the functionality requires filesystem access to browser profiles and will involve private keys/seed phrases stored locally by the browser extension — the SKILL.md does not specify safe handling or encryption of those secrets. No declared env vars is not evidence of safety here because secrets live in the browser profile.
Persistence & Privilege
The skill does not request always:true and does not declare elevated platform privileges. Autonomous model invocation is allowed by default (disable-model-invocation: false), which is normal for skills; combined with the ability to sign/send transactions this increases impact but is not itself an incoherence.
如何使用
- 确保已安装 OpenClaw(本地或 Docker 部署)
- 在对话框中输入安装命令:
/install wallet-pilot - 安装完成后,直接呼叫该 Skill 的名称或使用
/wallet-pilot触发 - 根据 Skill 的参数说明提供必要输入,即可获得结构化输出
版本历史
v0.1.0
Initial release of WalletPilot – universal browser wallet automation for AI agents.
- Supports automation across 10 popular browser wallets (MetaMask, Rabby, Phantom, Trust Wallet, OKX, Coinbase, and more)
- Works with EVM and Solana chains
- Configurable permission guardrails: spend limits, chain allowlists, approval thresholds
- Plugin-based adapter architecture makes adding new wallets easy
- Full logging, isolated agent wallet profile, and clear security model for safe usage
- Simple CLI for actions: connect, swap, send, sign, check balance, view history
元数据
常见问题
WalletPilot 是什么?
Universal browser wallet automation for AI agents. Supports 10 wallets including MetaMask, Rabby, Phantom, Trust Wallet, OKX, Coinbase, and more. EVM + Solana. Configurable guardrails with spend limits, chain allowlists, and approval thresholds. 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件,目前累计下载 1598 次。
如何安装 WalletPilot?
在 OpenClaw 或 Claude Code 对话框中运行命令「/install wallet-pilot」即可一键安装,无需额外配置。
WalletPilot 是免费的吗?
是的,WalletPilot 完全免费(开源免费),可自由下载、安装和使用。
WalletPilot 支持哪些平台?
WalletPilot 跨平台运行,可在任意部署了 OpenClaw / Claude Code 的环境中使用(cross-platform)。
谁开发了 WalletPilot?
由 Francesco(@andreolf)开发并维护,当前版本 v0.1.0。
推荐 Skills