← 返回 Skills 市场
Xaman Wallet Integration
作者
HarleysCodes
· GitHub ↗
· v1.0.0
561
总下载
0
收藏
0
当前安装
1
版本数
在 OpenClaw 中安装
/install xaman-wallet-integration
功能描述
Integrate Xaman wallet SDK to authenticate users, connect wallets, request XRP payments, and manage sessions on the XRP Ledger.
安全使用建议
This SKILL.md otherwise looks like a normal browser-side Xumm/Xaman wallet integration, but there are three points to check before installing: (1) Metadata mismatch — the skill metadata declares no env vars but the instructions require NEXT_PUBLIC_XAMAN_API_KEY; ask the publisher to correct metadata so you know what secrets/config are needed. (2) Trust the CDN — the runtime instructs you to load code from https://xumm.app; verify that domain and the SDK file are legitimate and consider pinning a known-good release or hosting the SDK yourself if you need higher supply-chain assurance. (3) Session storage and API key exposure — NEXT_PUBLIC_ indicates the key will be public in client builds and the SDK persists JWTs in localStorage by default (accessible to other scripts and vulnerable to XSS). If you need stronger security, use server-side flows, avoid storing long-lived tokens in localStorage, or configure the SDK to use more secure storage. If you cannot validate the skill author/source (homepage/source are missing), request provenance before installing.
功能分析
Type: OpenClaw Skill
Name: xaman-wallet-integration
Version: 1.0.0
The skill bundle provides instructions and code snippets for integrating the Xaman wallet (formerly Xumm) for XRP Ledger authentication and transactions. It instructs loading an SDK from the official `https://xumm.app` CDN, which is a legitimate source for the stated purpose. All content in `SKILL.md` is purely instructional and descriptive, focusing on the wallet integration process. There are no signs of prompt injection attempts against the AI agent, no malicious code, no data exfiltration, nor any unauthorized actions or external communications beyond the legitimate Xaman service.
能力评估
Purpose & Capability
The SKILL.md describes exactly the expected behavior for a Xumm/Xaman PKCE wallet integration (loading the SDK from the Xumm CDN, authorizing, reading session state). However, the registry metadata claims no required environment variables while the runtime instructions explicitly require NEXT_PUBLIC_XAMAN_API_KEY. That metadata/instruction mismatch is incoherent and should be corrected.
Instruction Scope
The instructions tell the agent (developer) to load a remote SDK from https://xumm.app/assets/cdn/xumm-oauth2-pkce.min.js and to persist sessions (JWTs) in localStorage by default. Loading third-party JS at runtime and storing tokens in localStorage are expected for a browser wallet integration but are security-sensitive actions; the SKILL.md does not provide guidance about securing the API key, mitigating XSS, or alternatives to localStorage.
Install Mechanism
This is instruction-only (no install spec, no files). That lowers static install risk, but the instruction requires including a remote CDN script (xumm.app). Runtime inclusion of remote code is normal for a web SDK but relies on trusting that domain and its supply chain.
Credentials
The SKILL.md requires NEXT_PUBLIC_XAMAN_API_KEY (client-facing variable) but the skill metadata lists no required env vars. Requiring a NEXT_PUBLIC_ prefixed key is consistent with client-side use (public), but the metadata omission is misleading. Also, defaulting to rememberJwt:true means tokens are persisted to localStorage (accessible to other scripts), which raises proportionality/privacy concerns.
Persistence & Privilege
always is false and there is no install script or filesystem/config-path access requested. The skill does not ask for persistent platform-level privileges or to modify other skills. The main persistence concern is the SDK's use of browser localStorage for sessions (mentioned in the instructions).
如何使用
- 确保已安装 OpenClaw(本地或 Docker 部署)
- 在对话框中输入安装命令:
/install xaman-wallet-integration - 安装完成后,直接呼叫该 Skill 的名称或使用
/xaman-wallet-integration触发 - 根据 Skill 的参数说明提供必要输入,即可获得结构化输出
版本历史
v1.0.0
- Initial release of the Xaman Wallet integration skill.
- Enables authentication and transaction requests for the XRP Ledger using the XummPkce SDK.
- Provides guidance for connecting user wallets, signing in, and requesting payments or signatures.
- Includes SDK loading instructions and essential method descriptions for quick integration.
- Details environment setup and troubleshooting tips.
元数据
常见问题
Xaman Wallet Integration 是什么?
Integrate Xaman wallet SDK to authenticate users, connect wallets, request XRP payments, and manage sessions on the XRP Ledger. 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件,目前累计下载 561 次。
如何安装 Xaman Wallet Integration?
在 OpenClaw 或 Claude Code 对话框中运行命令「/install xaman-wallet-integration」即可一键安装,无需额外配置。
Xaman Wallet Integration 是免费的吗?
是的,Xaman Wallet Integration 完全免费(开源免费),可自由下载、安装和使用。
Xaman Wallet Integration 支持哪些平台?
Xaman Wallet Integration 跨平台运行,可在任意部署了 OpenClaw / Claude Code 的环境中使用(cross-platform)。
谁开发了 Xaman Wallet Integration?
由 HarleysCodes(@harleyscodes)开发并维护,当前版本 v1.0.0。
推荐 Skills