← 返回 Skills 市场
apoorvlathey

WalletChan

作者 Apoorv Lathey · GitHub ↗ · v1.0.2 · MIT-0
cross-platform ✓ 安全检测通过
220
总下载
1
收藏
0
当前安装
3
版本数
在 OpenClaw 中安装
/install walletchan
功能描述
Drive the WalletChan browser extension as a human-in-the-loop co-pilot for web3 dapps. The agent navigates the dapp UI and surfaces each transaction or signa...
安全使用建议
This skill appears coherent with its stated purpose, but take these precautions before installing or using it: - Never paste your Master Password into chat. Only provide the Agent Password generated inside WalletChan, and only when you intend the agent to act. - Prefer to paste the Agent Password during an interactive session and revoke/rotate it afterward; WalletChan supports revocation. - Ensure Chrome is launched with remote debugging bound to localhost only (127.0.0.1) and is not exposed to the network or VPNs that might route external traffic to your machine. - Use a dedicated Chrome profile for WalletChan and the skill to limit exposure of other tabs/sessions. - Review the WalletChan extension listing and source repo yourself (or have someone audit it) to confirm the extension enforces the claimed UI restrictions (cannot export keys, reveal seed phrase, or change master password). - Consider disabling autonomous agent invocation or require explicit user confirmation before the agent performs actions that could move funds; do not allow the agent to act unattended if you plan to share the Agent Password. - If you are not comfortable trusting the agent to not exfiltrate ephemeral inputs, avoid pasting any password into the agent UI and interact with the extension manually. If you want additional assurance, request the full SKILL.md content and the extension source code for a focused review (particularly the code paths that enforce the 'Agent Password' restrictions).
功能分析
Type: OpenClaw Skill Name: walletchan Version: 1.0.2 The WalletChan skill is a browser automation tool designed to assist users with Web3 transactions via a dedicated Chrome extension. The instructions in SKILL.md emphasize a 'human-in-the-loop' security model, utilizing a scoped 'Agent Password' to prevent the agent from accessing sensitive data like private keys or seed phrases. It includes explicit safeguards against prompt injection from untrusted web content and requires the agent to keep the user's view synchronized with its actions for transparency.
能力标签
cryptorequires-walletrequires-sensitive-credentials
能力评估
Purpose & Capability
The name/description (drive WalletChan extension to assist with web3 dapps) matches the declared requirements: local Chrome with remote debugging and the WalletChan extension. The skill declares no unrelated env vars, binaries, or config paths.
Instruction Scope
SKILL.md instructs the agent to use Chrome's DevTools Protocol to drive tabs, surface decoded transaction data, and enter an ephemeral Agent Password provided by the user. Those actions are within the scope of UI automation for a wallet extension, but they depend on the agent faithfully following the 'never persist' and 'type only into the unlock field' rules — which are trust-based and not enforceable by the registry. The instructions do not request reading system files or unrelated environment variables.
Install Mechanism
Instruction-only skill with no install spec and no code files. This is the lowest-risk install model; nothing is downloaded or written by the skill itself.
Credentials
The skill declares no environment variables or credentials. It does require the user to supply an ephemeral 'Agent Password' in-chat at runtime; that is proportionate to the described capability but is sensitive. The SKILL.md explicitly forbids storing the password and forbids asking for the Master Password, but preventing accidental disclosure of the Master Password relies on user caution. The skill also requires Chrome's remote-debugging port bound to localhost — if the user misconfigures this and exposes the port to the network, risk increases.
Persistence & Privilege
always:false (normal). The skill can be invoked autonomously by the agent (default platform behavior). If a user supplies the Agent Password and permits autonomous invocation, the agent could operate without further prompts; that is a behavioral risk tied to how the user supplies the password and the agent's invocation settings rather than an inherent inconsistency in the skill.
如何使用
  1. 确保已安装 OpenClaw(本地或 Docker 部署)
  2. 在对话框中输入安装命令:/install walletchan
  3. 安装完成后,直接呼叫该 Skill 的名称或使用 /walletchan 触发
  4. 根据 Skill 的参数说明提供必要输入,即可获得结构化输出
版本历史
v1.0.2
**1.0.2 — Adds metadata fields and clarifies required setup.** - Added homepage, source, and extension listing fields to the skill metadata. - Updated documentation to clearly describe required configuration steps. - Clarified that the Agent Password is never stored, logged, or read from the environment. - No code changes or new features.
v1.0.1
**No functional changes; metadata and documentation updates only.** - Updated the description to clarify the agent's human-in-the-loop, co-pilot role and strengthened explanations about the "Agent Password" security model. - Expanded and reorganized documentation for clearer process and stronger emphasis on user safety, transparent transaction review, and the non-custodial nature of the extension. - Documented prompt-injection protections and refusal to follow untrusted page instructions. - No code or functional changes included in this release.
v1.0.0
- Initial release of walletchan skill for interacting with web3 dapps via the WalletChan Chrome extension using Chrome DevTools Protocol (CDP). - Enables wallet connection, on-chain balance checking, signing, token swaps, deposits, and other dapp transactions through browser automation and the WalletChan extension. - Requires Chrome with remote debugging enabled and WalletChan properly installed and configured (including Agent Password). - Guides users to always operate in full-tab mode and to manage tab focus for clarity and safety. - Emphasizes proper verification of transaction details, lock state, and user security best practices before confirming blockchain actions.
元数据
Slug walletchan
版本 1.0.2
许可证 MIT-0
累计安装 0
当前安装数 0
历史版本数 3
常见问题

WalletChan 是什么?

Drive the WalletChan browser extension as a human-in-the-loop co-pilot for web3 dapps. The agent navigates the dapp UI and surfaces each transaction or signa... 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件,目前累计下载 220 次。

如何安装 WalletChan?

在 OpenClaw 或 Claude Code 对话框中运行命令「/install walletchan」即可一键安装,无需额外配置。

WalletChan 是免费的吗?

是的,WalletChan 完全免费,采用 MIT-0 许可证,可自由下载、安装和使用。

WalletChan 支持哪些平台?

WalletChan 跨平台运行,可在任意部署了 OpenClaw / Claude Code 的环境中使用(cross-platform)。

谁开发了 WalletChan?

由 Apoorv Lathey(@apoorvlathey)开发并维护,当前版本 v1.0.2。

推荐 Skills
self-improving agent
Captures learnings, errors, and corrections to enable continuous improvement. Use when: (1) A command or operation fails unexpectedly, (2) User corrects Clau...
⬇ 463283 · by pskoett
Skill Vetter
Security-first skill vetting for AI agents. Use before installing any skill from ClawdHub, GitHub, or other sources. Checks for red flags, permission scope, and suspicious patterns.
⬇ 259410 · by spclaudehome
Polymarket
Query Polymarket prediction markets. Check odds, find trending markets, search events, track price movements.
⬇ 232503 · by joelchance
Self-Improving + Proactive Agent
Self-reflection + Self-criticism + Self-learning + Self-organizing memory. Agent evaluates its own work, catches mistakes, and improves permanently. Use when...
⬇ 200423 · by ivangdavila
Github
Interact with GitHub using the `gh` CLI. Use `gh issue`, `gh pr`, `gh run`, and `gh api` for issues, PRs, CI runs, and advanced queries.
⬇ 191113 · by steipete
ontology
Typed knowledge graph for structured agent memory and composable skills. Use when creating/querying entities (Person, Project, Task, Event, Document), linkin...
⬇ 190156 · by oswalpalash

💬 留言讨论