WalletPilot 7715

Execute on-chain transactions with user-granted permissions. Built on MetaMask ERC-7715. No private keys, full guardrails.

MIT-0 · Free to use, modify, and redistribute. No attribution required.

⭐ 1 · 1.3k · 0 current installs · 0 all-time installs

byFrancesco@andreolf

MIT-0

Security Scan

VirusTotal

Benign

View report →

OpenClaw

Suspicious

medium confidence

Purpose & Capability

The SKILL.md describes a wallet/transaction agent built on a WalletPilot API and MetaMask ERC-7715 permissions, which legitimately requires an API key and interaction with a user wallet. However, the registry metadata lists no required environment variables or primary credential even though examples repeatedly use an apiKey (e.g., 'wp_...' and process.env.WALLETPILOT_KEY). The skill also advertises external endpoints and a published SDK; those are coherent with the stated purpose but the metadata omission is inconsistent.

Instruction Scope

The instructions direct the agent to request permissions (deep links to MetaMask), fetch swap quotes from third-party aggregators (1inch/0x), and call WalletPilot endpoints to execute transactions. They rely on pilot.getState to decide whether to execute trades; if an API key and active permission exist the agent is instructed to execute without an explicit per-transaction confirmation step in the examples. The SKILL.md does not instruct the agent to prompt the human for each transaction, which could enable autonomous spending within granted limits.

ℹ

Install Mechanism

There is no formal install spec in the registry (instruction-only), which reduces automatic disk footprint risk. The README tells users to run `npm install @walletpilot/sdk` and obtain an API key from walletpilot.xyz — installing an npm package is normal for this use-case but the skill provides no integrity/source verification in metadata. Because the skill performs financial actions, verifying the SDK source (npm GitHub repo, checksums) is important.

Credentials

Examples use an API key (e.g., new WalletPilot({ apiKey: 'wp_...' }) and process.env.WALLETPILOT_KEY) and the history example shows Bearer wp_... header usage, but the skill metadata declares no required env vars or primary credential. That mismatch is problematic: the runtime requires a secret (API key) but the registry doesn't surface it. No private key is requested, which is appropriate, but the missing declaration of the API credential and any guidance on its scope/rotation is a concern.

ℹ

Persistence & Privilege

The skill is not marked always:true (good). Model invocation is allowed by default; combined with the ability to execute transactions this increases blast radius if an agent has the API key and active permissions. The SKILL.md relies on user-granted on-chain permissions (ERC-7715) for spend control, but examples show automatic execution once state.connected is true — the lack of enforced per-transaction human confirmation in examples increases risk and should be considered by the user.

What to consider before installing

Do not install or give this skill access to secrets until you verify the vendor and the SDK. Steps to reduce risk: - Confirm the project identity: visit walletpilot.xyz, inspect the GitHub repo (https://github.com/andreolf/walletpilot) and verify the npm package @walletpilot/sdk source code and recent commits. Ensure the repo and website match and appear legitimate. - Require the maintainer to declare the required secret(s) in the registry (primaryEnv) so you can manage them via your agent's secrets store rather than placing keys in plain environment variables. - Audit the SDK code (or a trusted third party) to confirm it does not accept private keys or expose other sensitive flows, and check what the apiKey authorizes server-side. - Limit permissions before granting them: use minimal spend limits, restrict chains and contract allowlists, and set short expiry periods. Test on a testnet or with a tiny amount first. - Ensure the agent prompts you for every non-trivial transaction (explicit human confirmation) rather than auto-executing trades simply because state.connected is true. - If you must proceed, store the API key in a secrets manager, do not place it in general environment variables, and monitor all WalletPilot-related activity (permission list, tx history, and revocations). If you cannot confirm the provider and audit the SDK, treat this skill as high-risk for financial loss and avoid giving it credentials or wide permissions.

Like a lobster shell, security has layers — review code before you run it.

Current versionv0.1.0

Download zip

agentvk9701abwkcewgkf8r4z9d3dajd80ey5nautomationvk9701abwkcewgkf8r4z9d3dajd80ey5nblockchainvk9701abwkcewgkf8r4z9d3dajd80ey5ncryptovk9701abwkcewgkf8r4z9d3dajd80ey5ndefivk9701abwkcewgkf8r4z9d3dajd80ey5nerc7715vk9701abwkcewgkf8r4z9d3dajd80ey5nethereumvk9701abwkcewgkf8r4z9d3dajd80ey5nlatestvk9701abwkcewgkf8r4z9d3dajd80ey5nmetamaskvk9701abwkcewgkf8r4z9d3dajd80ey5npermissionsvk9701abwkcewgkf8r4z9d3dajd80ey5nsmart-accountsvk9701abwkcewgkf8r4z9d3dajd80ey5ntransactionsvk9701abwkcewgkf8r4z9d3dajd80ey5nwalletvk9701abwkcewgkf8r4z9d3dajd80ey5nweb3vk9701abwkcewgkf8r4z9d3dajd80ey5n

License

MIT-0

Free to use, modify, and redistribute. No attribution required.

Termshttps://spdx.org/licenses/MIT-0.html

SKILL.md

WalletPilot-7715

Give your AI agent crypto superpowers with MetaMask ERC-7715 permissions.

Overview

WalletPilot enables AI agents to execute on-chain transactions using MetaMask's ERC-7715 permission standard. Users grant scoped permissions (spend limits, chain restrictions) once, then agents can execute freely within those limits.

Key Features:

No private keys shared - users keep their MetaMask
Configurable guardrails (spend limits, chain allowlists)
Multi-chain support (Ethereum, Polygon, Arbitrum, Optimism, Base)
Built on MetaMask's official Smart Accounts Kit

Setup

Get an API key at walletpilot.xyz
Install the SDK: npm install @walletpilot/sdk

Available Actions

connect

Request wallet permissions from user.

import { WalletPilot, PermissionBuilder } from '@walletpilot/sdk';

const pilot = new WalletPilot({ apiKey: 'wp_...' });

const permission = new PermissionBuilder()
  .spend('USDC', '100', 'day')   // Max $100 USDC per day
  .spend('ETH', '0.1', 'day')    // Max 0.1 ETH per day
  .chains([1, 137, 42161])       // Ethereum, Polygon, Arbitrum
  .expiry('30d')                 // Valid for 30 days
  .build();

const { deepLink } = await pilot.requestPermission(permission);
console.log('User should open:', deepLink);

execute

Execute a transaction using granted permissions.

const result = await pilot.execute({
  to: '0x1234...',        // Target contract
  data: '0xabcd...',      // Calldata (e.g., swap)
  value: '0',             // ETH value (optional)
  chainId: 1,             // Chain ID
});

console.log('Transaction hash:', result.hash);

balance

Check token balances (uses standard RPC, no permission needed).

import { createPublicClient, http } from 'viem';
import { mainnet } from 'viem/chains';

const client = createPublicClient({
  chain: mainnet,
  transport: http(),
});

const balance = await client.getBalance({ address: '0x...' });

swap

Execute a token swap via DEX aggregator.

// Get swap quote from 1inch, 0x, or similar
const quote = await fetch('https://api.1inch.io/v5.0/1/swap?...');
const { tx } = await quote.json();

// Execute via WalletPilot
await pilot.execute({
  to: tx.to,
  data: tx.data,
  value: tx.value,
  chainId: 1,
});

send

Send tokens to an address.

import { encodeFunctionData, erc20Abi } from 'viem';

// Encode ERC20 transfer
const data = encodeFunctionData({
  abi: erc20Abi,
  functionName: 'transfer',
  args: ['0xRecipient...', 1000000n], // 1 USDC (6 decimals)
});

await pilot.execute({
  to: '0xUSDC_ADDRESS...',
  data,
  chainId: 1,
});

history

Get transaction history.

const state = pilot.getState();
console.log('Active permissions:', state.permissions);

// Or via API
const response = await fetch('https://api.walletpilot.xyz/v1/tx/history/PERMISSION_ID', {
  headers: { 'Authorization': 'Bearer wp_...' },
});
const { data } = await response.json();
console.log('Recent transactions:', data);

Permission Types

Permission	Example	Description
`spend`	`{ token: 'USDC', limit: '100', period: 'day' }`	Max token spend per period
`chains`	`[1, 137, 42161]`	Allowed chain IDs
`contracts`	`['0x...']`	Allowed contract addresses
`expiry`	`'30d'`	Permission expiration

Supported Chains

Chain	ID	Name
Ethereum	1	mainnet
Polygon	137	polygon
Arbitrum	42161	arbitrum
Optimism	10	optimism
Base	8453	base

Security

No Private Keys: Users keep full custody via MetaMask
Scoped Permissions: Agents can only act within granted limits
Time-Limited: Permissions automatically expire
Revocable: Users can revoke permissions anytime
Auditable: All transactions logged and visible

API Reference

Base URL: https://api.walletpilot.xyz

Endpoint	Method	Description
`/v1/permissions/request`	POST	Request new permission
`/v1/permissions/:id`	GET	Get permission details
`/v1/tx/execute`	POST	Execute transaction
`/v1/tx/:hash`	GET	Get transaction status

Example: DeFi Agent

import { WalletPilot, PermissionBuilder } from '@walletpilot/sdk';

async function defiAgent() {
  const pilot = new WalletPilot({ apiKey: process.env.WALLETPILOT_KEY });

  // Check if we have active permissions
  const state = pilot.getState();
  
  if (!state.connected) {
    // Request permission
    const permission = new PermissionBuilder()
      .spend('USDC', '500', 'day')
      .chains([1, 42161])
      .expiry('7d')
      .description('DeFi trading agent')
      .build();
    
    const { deepLink } = await pilot.requestPermission(permission);
    console.log('Approve in MetaMask:', deepLink);
    return;
  }

  // Execute trades
  const swapData = await getSwapQuote('USDC', 'ETH', '100');
  
  await pilot.execute({
    to: swapData.to,
    data: swapData.data,
    chainId: 1,
  });
  
  console.log('Swap executed!');
}

Comments

Loading comments…