Sui Agent Wallet

v1.0.3

Provide an AI agent with a secure Sui wallet to manage accounts, sign transactions, switch networks, and interact with Sui DApps via a Chrome extension and l...

⭐ 0· 872·0 current·0 all-time

byEason Chen@easonc13

MIT-0

Security Scan

VirusTotal

Pending

View report →

OpenClaw

Suspicious

high confidence

ℹ

Purpose & Capability

The files (extension + local server + wallet/keychain logic) match the name 'Sui Agent Wallet' and implement expected features (seed generation, BIP39 derivation, signing, Wallet Standard injection). However, the extension manifest grants broad host_permissions ("<all_urls>") and the server exposes HTTP endpoints (including one that returns the mnemonic per SKILL.md). Those pieces are functionally related to a browser wallet but the combination (open local HTTP API + global content script permissions) expands the attack surface beyond what most wallets expose by default.

Instruction Scope

SKILL.md explicitly instructs users that the server stores the seed in macOS Keychain and gives a curl example to GET /mnemonic. The server sets CORS Access-Control-Allow-Origin: '*', meaning a remote webpage or any local page can fetch wallet endpoints from JS. Exposing an endpoint that returns the raw mnemonic (no auth shown) and allowing cross-origin requests is a serious scope breach: web pages could read the seed or trigger signing unless additional authorization is enforced by the server (none is visible).

✓

Install Mechanism

No remote download of arbitrary code is used by the registry metadata. Installation uses a local install.sh that calls bun install (dependencies are standard NPM packages listed in package.json). This is a typical local install setup; nothing in the install process pulls from an untrusted URL or runs an opaque binary.

✓

Credentials

The skill declares no required environment variables or credentials. It uses macOS Keychain via the 'security' CLI for storing the seed, which is reasonable for secure storage on macOS, but will fail on non-macOS systems. No unrelated cloud credentials are requested.

✓

Persistence & Privilege

The skill is not marked always:true and does not request elevated or cross-skill configuration. It runs as a local server + extension pair and does not modify other skills or global agent settings. Autonomous invocation by the agent is possible (default), but that alone is expected.

Scan Findings in Context

[base64-block] expected: Base64 blobs are present (data URL icon in inject.js and base64 PNG fallback in install.sh). These are benign for a browser extension that embeds an icon or placeholder image.

What to consider before installing

This skill implements a local Sui wallet and a Chrome extension that injects a wallet provider into web pages. Important risks and suggestions: - Major risk: the server exposes endpoints (SKILL.md shows curl http://localhost:3847/mnemonic) and sets CORS to '*'. If the /mnemonic endpoint (or other signing endpoints) is served without authentication and with permissive CORS, any webpage can fetch or trigger actions on the local wallet via JavaScript — this can lead to immediate secrets exfiltration or unauthorized signing. - Before installing, review server/index.ts to confirm whether /mnemonic or signing endpoints require explicit user approval, authentication tokens, or an allowlist. The presence of getMnemonic()/exportMnemonic() in wallet.ts and the SKILL.md curl example strongly indicate the seed can be obtained via HTTP. - If you want to try this code safely: - Do NOT use it on a machine with real/mainnet funds. Run it in a disposable VM or isolated development environment. - Consider removing or protecting any /mnemonic or export endpoints, and avoid setting Access-Control-Allow-Origin to '*' (instead restrict to extension origin or require user approval per request). - Limit extension host_permissions/matches to only the DApp origins you need rather than "<all_urls>". - Add an authenticated UI prompt or browser-native confirmation before returning the mnemonic or signing any transaction (do not rely solely on the agent or an unauthenticated HTTP call). - If you need an outright safe verdict: treat this package as suspicious until the server is changed to require strong per-request user confirmation and the CORS/HTTP exposure is hardened. If you want, I can: (1) point to the exact lines where /mnemonic and CORS are handled in index.ts, (2) suggest code changes to require a local-only token or an approval flow, or (3) produce a safer configuration patch (restrict CORS, remove mnemonic endpoint, require ephemeral auth tokens) you can apply.

Like a lobster shell, security has layers — review code before you run it.

latestvk97dm0jrcy32qff1kb3eq0p8t580x5ny

License

MIT-0

Free to use, modify, and redistribute. No attribution required.

Termshttps://spdx.org/licenses/MIT-0.html

SKILL.md

Sui Agent Wallet Skill

Give your AI agent its own Sui wallet to interact with DApps and sign transactions.

GitHub: https://github.com/EasonC13-agent/sui-skills/tree/main/sui-agent-wallet

Architecture

Chrome Extension ◄──WebSocket──► Local Server ◄──API──► Agent
     │                                │
     ▼                                ▼
  DApp Page                    Key Management
  (Wallet Standard)            (Seed Phrase)

Installation

cd <your-workspace>/skills/sui-agent-wallet

# Install server dependencies
cd server && bun install

# Start the server
bun run index.ts

Load Chrome Extension:

Open chrome://extensions/
Enable "Developer mode"
Click "Load unpacked"
Select the extension/ folder

First Launch

The server automatically generates a 12-word seed phrase and stores it in macOS Keychain:

═══════════════════════════════════════════════════════════
  🔐 NEW WALLET CREATED
═══════════════════════════════════════════════════════════

  Seed phrase stored securely in macOS Keychain.

  To view your seed phrase for backup:
    curl http://localhost:3847/mnemonic

  Or use macOS Keychain Access app:
    Service: sui-agent-wallet
    Account: mnemonic
═══════════════════════════════════════════════════════════

Secure Storage

Location	Contents
macOS Keychain	Seed phrase (encrypted)
`~/.sui-agent-wallet/wallet.json`	Account addresses, network settings (no sensitive data)

View Keychain entry:

# Command line
security find-generic-password -s "sui-agent-wallet" -a "mnemonic" -w

# Or open Keychain Access app
# Search for "sui-agent-wallet"

Agent API

Wallet Info

# Get current address
curl http://localhost:3847/address

# Get balance
curl http://localhost:3847/balance

# Get seed phrase (for backup)
curl http://localhost:3847/mnemonic

Account Management

# List all accounts
curl http://localhost:3847/accounts

# Create new account
curl -X POST http://localhost:3847/accounts

# Create account at specific index
curl -X POST http://localhost:3847/accounts \
  -H "Content-Type: application/json" \
  -d '{"index": 2}'

# Switch account
curl -X POST http://localhost:3847/accounts/switch \
  -H "Content-Type: application/json" \
  -d '{"index": 1}'

Network Management

# Get current network
curl http://localhost:3847/network

# Switch network (mainnet | testnet | devnet | localnet)
curl -X POST http://localhost:3847/network \
  -H "Content-Type: application/json" \
  -d '{"network": "testnet"}'

Get Test Coins (Faucet)

Testnet:

Official Faucet: https://faucet.testnet.sui.io/
Discord: Join Sui Discord, post your wallet address in #testnet-faucet
CLI: sui client faucet --address <YOUR_ADDRESS>

Devnet:

Official Faucet: https://faucet.devnet.sui.io/
Discord: Post your wallet address in #devnet-faucet
CLI: sui client faucet --address <YOUR_ADDRESS>

Note: Mainnet requires real SUI tokens and cannot use faucets.

Transaction Signing

# View pending transactions
curl http://localhost:3847/pending

# View transaction details
curl http://localhost:3847/tx/<request-id>

# Approve transaction
curl -X POST http://localhost:3847/approve/<request-id>

# Reject transaction
curl -X POST http://localhost:3847/reject/<request-id>

Import/Export

# Import seed phrase (WARNING: overwrites existing wallet!)
curl -X POST http://localhost:3847/import \
  -H "Content-Type: application/json" \
  -d '{"mnemonic": "your twelve word seed phrase here ..."}'

CLI Integration (Direct Signing)

Sign unsigned transactions generated by Sui CLI:

# 1. Generate unsigned transaction (using Agent Wallet address)
AGENT_ADDR=$(curl -s localhost:3847/address | jq -r .address)
TX_BYTES=$(sui client publish --serialize-unsigned-transaction \
  --sender $AGENT_ADDR --gas-budget 100000000 | tail -1)

# 2. Sign and execute with Agent Wallet
curl -X POST http://localhost:3847/sign-and-execute \
  -H "Content-Type: application/json" \
  -d "{\"txBytes\": \"$TX_BYTES\"}"

# Or sign only without executing
curl -X POST http://localhost:3847/sign-raw \
  -H "Content-Type: application/json" \
  -d "{\"txBytes\": \"$TX_BYTES\"}"

Supported CLI commands:

sui client publish --serialize-unsigned-transaction
sui client call --serialize-unsigned-transaction
sui client transfer-sui --serialize-unsigned-transaction

Transaction Parsing

When a signing request comes in, the agent sees:

{
  "id": "req_123",
  "method": "signTransaction",
  "origin": "http://localhost:5173",
  "payload": {
    "transaction": "{\"commands\":[{\"MoveCall\":{...}}]}",
    "chain": "sui:devnet"
  }
}

Security Checklist

Before signing, verify:

Is the target contract trustworthy?
Is the amount reasonable?
Are there suspicious coin transfers?
Is the gas budget normal?

Test DApp

Built-in Counter DApp for testing:

# Start frontend
cd test-dapp/frontend && pnpm dev

# Open http://localhost:5173
# 1. Connect Wallet → Select "Sui Agent Wallet"
# 2. Click "+1" → Sends a signing request
# 3. Agent uses /pending to view, /approve to sign

Technical Details

BIP44 Derivation Path

m/44'/784'/{accountIndex}'/0'/0'

784 = Sui's coin type
Each accountIndex corresponds to one address

Wallet Standard Features

Implemented Sui Wallet Standard features:

standard:connect
standard:disconnect
standard:events
sui:signTransaction
sui:signAndExecuteTransaction
sui:signPersonalMessage

Event Notifications

When switching accounts or networks, the server notifies the Extension via WebSocket:

accountChanged - Account changed
networkChanged - Network changed

Related Skills

This skill is part of the Sui development skill suite:

Skill	Description
sui-decompile	Fetch and read on-chain contract source code
sui-move	Write and deploy Move smart contracts
sui-coverage	Analyze test coverage with security analysis
sui-agent-wallet	Build and test DApps frontend

Workflow:

sui-decompile → sui-move → sui-coverage → sui-agent-wallet
    Study        Write      Test & Audit   Build DApps

All skills: https://github.com/EasonC13-agent/sui-skills

Files

20 total

Select a file

Select a file to preview.

Comments

Loading comments…