{"skill":{"slug":"chia-walletconnect","displayName":"Chia WalletConnect - Telegram Verification","summary":"Telegram Web App for Chia wallet verification via WalletConnect and Sage. Enables cryptographic proof of wallet ownership through signature verification using MintGarden API.","description":"---\nname: chia-walletconnect\ndescription: Telegram Web App for Chia wallet verification via WalletConnect and Sage. Enables cryptographic proof of wallet ownership through signature verification using MintGarden API.\nmetadata: {\"clawdbot\":{\"requires\":{\"bins\":[\"node\"]},\"install\":[]}}\n---\n\n# Chia WalletConnect Skill\n\nVerify Chia wallet ownership via Telegram using WalletConnect integration with Sage Wallet.\n\n## What It Does\n\nThis skill provides a **Telegram Mini App** (Web App) that enables users to:\n1. Connect their Sage Wallet via WalletConnect v2\n2. Sign a challenge message cryptographically\n3. Verify wallet ownership via MintGarden's signature verification API\n4. Return verification status to your Telegram bot\n\n**Use Cases:**\n- NFT-gated Telegram groups\n- Airdrop eligibility verification\n- Web3-style authentication\n- DAO voting authentication\n- Proof of token holdings\n\n## Architecture\n\n```\n/verify command → Web App button → WalletConnect → Sage signs → Verification\n```\n\nThe user never leaves Telegram. The entire flow happens in-app via the Telegram Web App API.\n\n## Installation\n\n```bash\n# Install via ClawdHub\nclawdhub install chia-walletconnect\n\n# Install dependencies\ncd skills/chia-walletconnect\nnpm install\n\n# Make CLI executable\nchmod +x cli.js\n```\n\n## Deployment\n\n### Step 1: Deploy Web App\n\nDeploy the `webapp/` folder to a public HTTPS URL:\n\n**Vercel (Recommended):**\n```bash\ncd skills/chia-walletconnect/webapp\nvercel\n# Copy the URL (e.g., https://chia-verify.vercel.app)\n```\n\n**Netlify:**\n```bash\ncd skills/chia-walletconnect/webapp\nnetlify deploy --prod\n```\n\n**Your Server:**\n```bash\n# Start Express server\nnpm start\n# Expose via ngrok or reverse proxy\n```\n\n### Step 2: Register with BotFather\n\n1. Message [@BotFather](https://t.me/BotFather)\n2. Send `/newapp` or `/editapp`\n3. Select your bot\n4. **Web App URL:** Enter deployed URL\n5. **Short Name:** `verify`\n\n### Step 3: Add to Bot\n\n#### Using Clawdbot Message Tool\n\n```javascript\n// Send /verify command handler\nmessage({\n  action: 'send',\n  target: chatId,\n  message: 'Click below to verify your Chia wallet:',\n  buttons: [[{\n    text: '🌱 Verify Wallet',\n    web_app: { url: 'https://your-app.vercel.app' }\n  }]]\n});\n```\n\n#### Handling Verification Response\n\n```javascript\n// In your bot's web_app_data handler\nbot.on('web_app_data', async (msg) => {\n  const data = JSON.parse(msg.web_app_data.data);\n  const { address, message, signature, publicKey, userId } = data;\n  \n  // Verify signature\n  const { verifySignature } = require('./skills/chia-walletconnect/lib/verify');\n  const result = await verifySignature(address, message, signature, publicKey);\n  \n  if (result.verified) {\n    // Wallet verified! Grant access, record verification, etc.\n    message({\n      action: 'send',\n      target: msg.chat.id,\n      message: `✅ Wallet verified!\\n\\nAddress: ${address}`\n    });\n    \n    // Store verification\n    // await db.saveVerification(userId, address);\n  } else {\n    message({\n      action: 'send',\n      target: msg.chat.id,\n      message: `❌ Verification failed: ${result.error}`\n    });\n  }\n});\n```\n\n## CLI Usage\n\nThe skill includes a CLI for testing:\n\n```bash\n# Generate challenge message\nnode cli.js challenge xch1abc... telegram_user_123\n\n# Verify signature manually\nnode cli.js verify xch1abc... \"message\" \"signature\" \"pubkey\"\n\n# Validate address format\nnode cli.js validate xch1abc...\n\n# Start development server\nnode cli.js server\n```\n\n## API Reference\n\n### MintGarden Signature Verification\n\n**Endpoint:** `POST https://api.mintgarden.io/address/verify_signature`\n\n```json\n{\n  \"address\": \"xch1abc...\",\n  \"message\": \"Verify ownership of Chia wallet:...\",\n  \"signature\": \"hex_signature\",\n  \"pubkey\": \"hex_public_key\"\n}\n```\n\n**Response:**\n```json\n{\n  \"verified\": true\n}\n```\n\n### CHIP-0002 Methods (WalletConnect)\n\n| Method | Purpose |\n|--------|---------|\n| `chip0002_getPublicKeys` | Fetch public keys from wallet |\n| `chip0002_signMessage` | Request message signature |\n| `chia_getCurrentAddress` | Get current receive address |\n\n## Verification Flow\n\n```\n1. User sends /verify to bot\n2. Bot responds with Web App button\n3. User taps button → Mini App opens in Telegram\n4. Mini App initializes WalletConnect\n5. User connects Sage Wallet\n6. Challenge message generated (includes nonce + timestamp)\n7. User signs message in Sage Wallet\n8. Signature sent back to bot via Telegram.WebApp.sendData()\n9. Bot verifies signature with MintGarden API\n10. Bot confirms verification success/failure\n```\n\n**Time:** ~5-10 seconds for full flow (user-dependent)\n\n## Configuration\n\n### Environment Variables\n\nCreate `.env` in skill folder:\n\n```env\nPORT=3000\nWALLETCONNECT_PROJECT_ID=your-project-id\nMINTGARDEN_API_URL=https://api.mintgarden.io\n```\n\n### Get WalletConnect Project ID\n\n1. Visit [WalletConnect Cloud](https://cloud.walletconnect.com)\n2. Create a new project\n3. Copy your Project ID\n4. Update in `webapp/app.js`\n\n**Default Project ID:**  \nThe skill includes `6d377259062295c0f6312b4f3e7a5d9b` (Dracattus reference). For production, use your own.\n\n## Security\n\n### What's Protected\n\n- ✅ Challenge nonces prevent replay attacks\n- ✅ Timestamps expire after 5 minutes\n- ✅ MintGarden cryptographic verification\n- ✅ No private keys ever requested\n- ✅ HTTPS enforced by Telegram\n\n### Best Practices\n\n1. **Store verifications securely** — Use encrypted database\n2. **Rate limit** — Prevent spam verification attempts\n3. **Link to Telegram user ID** — Prevent address spoofing\n4. **Implement cooldown** — 1 verification per user per day\n5. **Log attempts** — Audit trail for security\n\n### Production Checklist\n\n- [ ] Deploy to HTTPS URL (required by Telegram)\n- [ ] Use your own WalletConnect Project ID\n- [ ] Enable CORS only for your domain\n- [ ] Add rate limiting on webhook endpoints\n- [ ] Store verifications in persistent database\n- [ ] Implement retry logic for network errors\n- [ ] Set up monitoring/alerts\n\n## Files\n\n```\nchia-walletconnect/\n├── webapp/\n│   ├── index.html        # Telegram Web App UI\n│   ├── app.js            # WalletConnect logic\n│   └── styles.css        # Styling\n├── lib/\n│   ├── challenge.js      # Challenge generation\n│   └── verify.js         # MintGarden API client\n├── server/\n│   └── index.js          # Express webhook server\n├── cli.js                # CLI interface\n├── package.json          # Dependencies\n├── SKILL.md              # This file\n└── README.md             # Full documentation\n```\n\n## Troubleshooting\n\n### Web App Doesn't Load\n\n- Verify HTTPS deployment (Telegram requires SSL)\n- Check URL is publicly accessible\n- Test URL directly in browser\n- Review browser console for errors\n\n### WalletConnect Connection Fails\n\n- Ensure Sage Wallet is latest version\n- Try manual URI paste instead of QR\n- Check WalletConnect Project ID is valid\n- Verify Sage supports WalletConnect v2\n\n### Signature Verification Fails\n\n- Ensure message format matches exactly\n- Confirm public key corresponds to address\n- Check MintGarden API is operational\n- Verify signature encoding (hex)\n\n### \"No Public Key\" Error\n\n- Some wallets don't expose pubkey via WalletConnect\n- Public key is optional for verification\n- Signature verification works without it\n\n## Examples\n\n### Simple Verification Bot\n\n```javascript\n// Clawdbot skill handler\n\nconst { verifySignature } = require('./lib/verify');\n\n// /verify command\nif (message.text === '/verify') {\n  await message({\n    action: 'send',\n    target: message.chat.id,\n    message: 'Verify your Chia wallet:',\n    buttons: [[{\n      text: '🌱 Connect Wallet',\n      web_app: { url: process.env.WEB_APP_URL }\n    }]]\n  });\n}\n\n// Handle web app data\nbot.on('web_app_data', async (msg) => {\n  const { address, message: challengeMsg, signature, publicKey } = \n    JSON.parse(msg.web_app_data.data);\n  \n  const result = await verifySignature(address, challengeMsg, signature, publicKey);\n  \n  if (result.verified) {\n    // Grant access\n    await grantAccess(msg.from.id, address);\n    await message({\n      action: 'send',\n      target: msg.chat.id,\n      message: `✅ Verified! Welcome, ${address.substring(0, 12)}...`\n    });\n  } else {\n    await message({\n      action: 'send',\n      target: msg.chat.id,\n      message: `❌ Verification failed`\n    });\n  }\n});\n```\n\n### NFT Gating\n\n```javascript\n// Check if user owns specific NFT collection\n\nconst { verifySignature } = require('./skills/chia-walletconnect/lib/verify');\nconst mintGarden = require('./skills/mintgarden'); // Assume mintgarden skill exists\n\nbot.on('web_app_data', async (msg) => {\n  const { address, message, signature, publicKey } = \n    JSON.parse(msg.web_app_data.data);\n  \n  // Verify signature first\n  const verifyResult = await verifySignature(address, message, signature, publicKey);\n  \n  if (!verifyResult.verified) {\n    return bot.sendMessage(msg.chat.id, '❌ Invalid signature');\n  }\n  \n  // Check NFT ownership\n  const nfts = await mintGarden.getNFTsByAddress(address);\n  const hasRequiredNFT = nfts.some(nft => \n    nft.collection_id === 'col1required...'\n  );\n  \n  if (hasRequiredNFT) {\n    // Grant access to private group\n    await inviteToGroup(msg.from.id);\n    bot.sendMessage(msg.chat.id, '✅ Access granted! Check your invites.');\n  } else {\n    bot.sendMessage(msg.chat.id, '❌ You need a Wojak NFT to join!');\n  }\n});\n```\n\n## Performance\n\n| Stage | Time |\n|-------|------|\n| WalletConnect Init | ~1-2s |\n| Connection Approval | User action |\n| Sign Request | ~2-5s |\n| MintGarden Verify | ~0.5-1s |\n| **Total** | **~5-10s** |\n\n## Dependencies\n\n- `@walletconnect/sign-client` — WalletConnect v2\n- `@walletconnect/utils` — WalletConnect helpers\n- `@walletconnect/types` — TypeScript types\n- `express` — Web server\n- `node-fetch` — HTTP client\n- `cors` — CORS middleware\n- `dotenv` — Environment config\n\n## Version\n\n1.0.0\n\n## License\n\nMIT — Koba42 Corp\n\n## Links\n\n- **MintGarden API:** https://api.mintgarden.io/docs\n- **WalletConnect:** https://docs.walletconnect.com/\n- **Telegram Web Apps:** https://core.telegram.org/bots/webapps\n- **Sage Wallet:** https://www.sagewallet.io/\n- **CHIP-0002:** https://github.com/Chia-Network/chips/blob/main/CHIPs/chip-0002.md\n\n---\n\n**Built with 🌱 by Koba42 Corp**\n","topics":["Wallet","Telegram"],"tags":{"latest":"1.0.0"},"stats":{"comments":0,"downloads":2034,"installsAllTime":76,"installsCurrent":0,"stars":1,"versions":1},"createdAt":1769730633425,"updatedAt":1778485868789},"latestVersion":{"version":"1.0.0","createdAt":1769730633425,"changelog":"Initial release: Telegram Web App for Chia wallet verification via WalletConnect, Sage wallet integration, MintGarden signature verification, CHIP-0002 support, mobile-optimized UI","license":null},"metadata":{"setup":[],"os":null,"systems":null},"owner":{"handle":"koba42corp","userId":"s178ggk1zgbe8bk8vpp508wm1x884fp8","displayName":"Koba42Corp","image":"https://avatars.githubusercontent.com/u/76798369?v=4"},"moderation":{"isSuspicious":false,"isMalwareBlocked":false,"verdict":"clean","reasonCodes":["review.llm_review"],"summary":"Review: review.llm_review","engineVersion":"v2.4.24","updatedAt":1779917901142}}