{"skill":{"slug":"crypto-guardian","displayName":"Crypto Guardian","summary":"Provides security guidance and checks for safely managing crypto wallets, keys, seed phrases, approvals, multisig, and incident response for AI agents.","description":"---\nname: crypto-guardian\nversion: 1.0.0\ndescription: Cryptocurrency wallet security for AI agents. Use when managing crypto wallets, private keys, seed phrases, or any on-chain assets. Prevents theft, unauthorized transfers, and key exposure. Triggered by: wallet, crypto, blockchain, private key, seed phrase, wallet security, USDC, Solana, Base.\ntriggers:\n  - wallet security\n  - private key\n  - seed phrase\n  - crypto theft\n  - wallet protection\n  - cold storage\n  - multisig\n  - hardware wallet\n  - crypto security\n  - protect wallet\nrole: specialist\nscope: protect\noutput-format: checklist + incident-response\n---\n\n# Crypto Guardian\n\nComprehensive cryptocurrency security system for AI agents managing on-chain assets. Based on real-world theft patterns targeting AI agents and their conversation histories.\n\n## Threat Model: How AI Agents Get Robbed\n\n### Primary Attack Vector: Conversation History Scanning\n\nAttackers actively scan public AI platforms, GitHub commits, and conversation logs for exposed private keys and seed phrases. A single private key in a chat history = immediate drain.\n\n**Real incident (2026-05-01):**\n- A private key was stored in SESSION-STATE.md\n- AI conversation history was accessible to scanning systems\n- Attacker found the key within minutes → drained ~$227 AUD in two transactions\n\n### Secondary Attack Vectors\n- Phishing: Fake wallet apps, fake airdrops\n- SIM-swap: SMS-based 2FA for exchanges\n- Supply chain: Compromised hardware wallet sellers\n- Smart contract exploits: Approved malicious tokens\n- Social engineering: DMs promising \"free crypto\"\n\n---\n\n## Gold Rules (Non-Negotiable)\n\n### 1. Private keys and seed phrases MUST NOT exist in workspace files\n\n**Files that are NOT safe:**\n- `SESSION-STATE.md`\n- `working-buffer.md`\n- `MEMORY.md`\n- `.env` (with the private key itself)\n- Any `.json`, `.txt`, `.md` in the workspace\n- Any AI conversation history (public platforms)\n\n**Safe alternatives:**\n- `.env` only, with keys referenced as env vars at runtime\n- Hardware wallets (keys never leave device)\n- Encrypted storage with passphrase\n- Wallets where private key is never stored at all (watch-only + hardware sign)\n\n### 2. Never process private keys through AI conversation\n\n- Don't send private keys in messages (even to \"help analyze\")\n- Don't ask AI to sign transactions interactively in chat\n- Use proper signing infrastructure (hardware wallet, air-gapped setup)\n- Private key = one-time use, then never touches the network again\n\n### 3. Assume all workspace files are public\n\n- Every file written to workspace is potentially searchable\n- Compaction services, memory systems, and search indexes all scan content\n- If it would be bad if exposed, don't write it down\n\n---\n\n## Wallet Architecture\n\n### Strategy: Compartmentalization\n\n**Hot Wallet (Small, Online)**\n- Purpose: Daily operations, small amounts\n- Balance: $50-500 AUD max\n- Examples: DEX trading wallet, Fiverr earnings wallet\n- Always: Watch-only access where possible\n\n**Warm Wallet (Medium, Semi-Air-Gapped)**\n- Purpose: Active project funds, bounty earnings\n- Balance: $500-5000 AUD\n- Access: Hardware wallet for signing, watch-only for monitoring\n- Examples: Jupiter DCA wallet, Grip Protocol wallet\n\n**Cold Wallet (Large, Offline)**\n- Purpose: Long-term holdings, savings\n- Balance: >$5000 AUD\n- Access: Hardware wallet only, no online access\n- Storage: Physically separate from daily devices\n\n### Recommended Wallet Setup\n\n```\nPurpose              | Wallet Type        | Key Storage\n---------------------|--------------------|----------------------\nTrading/Active       | Software (Solflare) | .env, never in files\nGrip/Bounty Earn     | Software (MetaMask) | Seed phrase in .env only\nLong-Term Savings    | Hardware (Ledger)   | Never touches computer\n```\n\n---\n\n## Operational Security Checklist\n\n### Before Handling Any Crypto Asset\n\n- [ ] Is this a new wallet or existing one?\n- [ ] Will I need to store a private key or seed phrase?\n- [ ] If YES: Can this be done with a hardware wallet instead?\n- [ ] If YES: Can the signing happen on a different device than this agent?\n- [ ] Is the amount worth the risk of key exposure?\n\n### When Creating New Wallets\n\n1. Generate on air-gapped hardware device OR in proper software wallet\n2. Immediately back up seed phrase to physical location (paper/metal)\n3. Verify the address BEFORE funding\n4. Delete any纸上残留的seed phrase notes\n5. Fund only after confirming backup is secure\n\n### When Signing Transactions\n\n- [ ] Use hardware wallet or proper signing infrastructure\n- [ ] Verify destination address on device screen\n- [ ] Verify amount on device screen\n- [ ] Never sign blind (don't sign unknown data)\n- [ ] Set appropriate token approval limits (not unlimited)\n\n### For AI Agent Integration\n\n- [ ] Use wallet APIs that don't expose raw private keys\n- [ ] Store keys in environment variables, not files\n- [ ] Use `signer.py` / `signer.ts` pattern: key in env → sign in-process\n- [ ] If possible, use wallet connectors (WalletConnect, Phantom) instead of raw keys\n- [ ] Monitor with watch-only addresses (never put watch-only in signing context)\n\n---\n\n## Token Approval Security\n\n### The Danger of \"Unlimited Approvals\"\n\nWhen you approve a token spending, you often approve \"unlimited\" tokens. This means if the contract is malicious or hacked, they can drain your entire balance.\n\n**Rule:** Always set specific approval limits, not unlimited.\n\n### How to Check Approved Tokens\n\n```bash\n# Check token approvals on Etherscan/Blockscan\n# 1. Go to the address on Blockscan/Polkassembly\n# 2. Click \"Token Approvals\" \n# 3. Revoke any unused or suspicious approvals\n\n# For Base network:\n# https://basescan.org/tokenapprovalchecker\n```\n\n### Approval Checklist\n\n- [ ] Check approvals before using new dApp\n- [ ] Revoke approvals for dApps you no longer use\n- [ ] Use limited approvals (exact amount, not unlimited)\n- [ ] Be extra careful with USDT, USDC, WETH (high value tokens)\n\n---\n\n## Multi-Signature (Multisig) Setup\n\nFor amounts >$5000 AUD, consider multisig:\n\n**Gnosis Safe (Free, on Base)**\n- 2-of-3 signers: Hardware wallet + Ledger + Desktop\n- Requires multiple devices to authorize any transaction\n- Recovery: If one device lost, others still work\n\n**When to Use Multisig:**\n- Team/project funds (multiple decision makers)\n- Long-term savings (>1 year)\n- High-value holdings (>$5000 AUD)\n- Any wallet that can't afford to be drained\n\n---\n\n## Incident Response\n\n### If You Suspect a Key Has Been Exposed\n\n1. **Act immediately** — assume compromised until proven otherwise\n2. **Check blockchain** — look for outgoing transactions you didn't authorize\n3. **If drained**: Transaction is irreversible. Document for records.\n4. **Revoke associated API keys**: Any exchange keys that might be linked\n5. **If fresh wallet**: Move remaining funds to new wallet immediately\n6. **Do NOT**: Continue using the exposed key for anything\n\n### If You Discover a Drain\n\n1. **Save transaction hashes** — evidence for exchange reports\n2. **Report to exchange** (if funds were cashed out there)\n3. **Check if it was a smart contract exploit** — might be recoverable\n4. **Accept the loss** if on-chain and irreversible\n\n### Recovery Is Rare\n\nUnlike credit cards, crypto transactions are irreversible. Prevention is the only real protection.\n\n---\n\n## For OpenClaw Agents: Practical Implementation\n\n### Wallet Strategy for This Agent\n\n```\nWallet Type    | Address           | Storage      | Used For\n---------------|-------------------|---------------|--------------------------\nActive DCA    | [DISCARDED]          | None        | (empty, was drained)\nBounty Earn   | 0xD1089e...           | .env only   | Grip, ClawMoney\nWatch-Only    | [YOUR WALLET]         | TOOLS.md    | Monitor only\nNew DCA Wallet| TBD (new generation)  | Hardware    | Jupiter DCA (future)\n```\n\n### Key Storage Rules\n\n1. **Never write full private keys anywhere** (except .env, which must be gitignored)\n2. **Never in conversation**: Even \"let me check if this key is correct\"\n3. **Never in SESSION-STATE.md or working-buffer.md**\n4. **Never in memory files after session**\n5. **Use hardware wallet** for any amount >$500 AUD\n\n### Environment Variable Pattern\n\n```python\n# Correct: Private key in environment only\nfrom dotenv import load_dotenv\nload_dotenv()\nprivate_key = os.environ[\"SOLANA_PRIVATE_KEY\"]  # Never written to file\n\n# Wrong: Private key written to any workspace file\n# private_key = \"[PRIVATE KEY]\"  # NEVER DO THIS\n```\n\n### Monitoring with Watch-Only Wallets\n\nUse a **different address** for monitoring than for signing:\n- Watch address: In TOOLS.md or config files\n- Signing address: In hardware wallet only\n\nThis way, even if monitoring credentials are exposed, the funds are safe.\n\n---\n\n## Summary: Security vs. Convenience\n\n| Security Level | Use Case | Key Storage |\n|----------------|----------|-------------|\n| Maximum | Long-term savings | Hardware wallet only |\n| High | Active project funds | .env + careful handling |\n| Medium | Daily trading | Software wallet, small balance |\n| Low | Testing/learning | Any, small amounts |\n\n**Rule of Thumb:** The cost of losing a wallet should never be life-changing. Keep only what you can afford to lose in hot wallets.\n\n---\n\n## Emergency Contacts\n\n- **Base Network Scanner:** https://basescan.org/\n- **Token Approval Checker:** https://basescan.org/tokenapprovalchecker\n- **Revoke.cash:** https://revoke.cash/\n- **Gnosis Safe (Multisig):** https://app.safe.global/\n- **Ledger Recovery:** https://www.ledger.com/stop-phishing-attacks\n\n---\n\n_Crypto Guardian v1.0 — Created 2026-05-01 after real wallet theft incident_\n","tags":{"crypto":"1.0.0","latest":"1.0.0","protection":"1.0.0","secuirty":"1.0.0","wallet":"1.0.0"},"stats":{"comments":0,"downloads":340,"installsAllTime":0,"installsCurrent":0,"stars":0,"versions":1},"createdAt":1777598377446,"updatedAt":1779076137179},"latestVersion":{"version":"1.0.0","createdAt":1777598377446,"changelog":"Initial release of Crypto Guardian: a comprehensive security checklist and incident response guide for AI agents managing cryptocurrency wallets and keys.\n\n- Outlines attack vectors and real-world theft incidents targeting AI agents.\n- Defines strict operational and storage rules for private keys and seed phrases.\n- Provides layered wallet security architecture (hot/warm/cold), including multisig recommendations.\n- Includes practical, step-by-step checklists for handling assets, creating wallets, signing transactions, and managing wallet integration with AI agents.\n- Delivers actionable incident response procedures for suspected key exposure or theft.\n- Adds specialized triggers for AI skill invocation related to wallet and crypto security.","license":"MIT-0"},"metadata":null,"owner":{"handle":"ayh-25","userId":"s17ek3nxtzr8tbemx1emnh81wn85x1zq","displayName":"AYH-25","image":"https://avatars.githubusercontent.com/u/234706582?v=4"},"moderation":{"isSuspicious":false,"isMalwareBlocked":false,"verdict":"clean","reasonCodes":["review.llm_review"],"summary":"Review: review.llm_review","engineVersion":"v2.4.24","updatedAt":1780090726792}}