ClawHub

Skill

v4.2.1

Secure AI agent wallets via Sigil Protocol. 3-layer Guardian validation on 6 EVM chains.

0· 937·1 current·1 all-time
by@efe-arv·duplicate of @efe-arv/sigil-wallet
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
Name/description (agent wallet protection via Sigil) matches the declared env vars (API key, account address, agent signer) and the SKILL.md usage (authenticate, evaluate, execute UserOps). Requested artifacts are what an ERC-4337 guardian/co-signing integration would reasonably need.
Instruction Scope
SKILL.md limits runtime actions to obtaining a JWT with the API key, evaluating/executing UserOps against api.sigil.codes, and local signing of UserOps. It does not instruct the agent to read unrelated system files or exfiltrate data to unexpected endpoints. It advises secure storage practices for credentials.
Install Mechanism
No install spec and no code files to execute are provided (instruction-only); this minimizes disk-write/install risk. package.json only documents env requirements. No remote downloads or extracts are present.
Credentials
The three required env vars are proportional to the described purpose: SIGIL_API_KEY (API auth), SIGIL_ACCOUNT_ADDRESS (target smart account), SIGIL_AGENT_SIGNER (signing credential). Note: SIGIL_AGENT_SIGNER is effectively a private signing credential/EOA key; requiring it is reasonable for local UserOp signing but it is highly sensitive — storing it in env vars or plaintext is risky and the skill correctly recommends secrets manager usage and rotation.
Persistence & Privilege
always is false and the skill is user-invocable. It does not request persistent agent-level privileges or modify other skills. Autonomous model invocation is allowed by default but is not combined with other red flags here.
Assessment
This skill appears to do what it claims, but it requires a sensitive signing credential (SIGIL_AGENT_SIGNER). Before installing: 1) Confirm sigil.codes and the listed GitHub repo are legitimate and match your expected provider. 2) Never place the agent private key in shared plaintext environment files—use a secrets manager (1Password CLI, Vault, AWS Secrets Manager) and set restrictive file permissions if stored locally. 3) Fund only the Sigil smart account and give the agent signer minimal gas, as the docs recommend. 4) Rotate agent signing credentials regularly and revoke immediately if you suspect compromise. 5) Limit the SIGIL_API_KEY scope and monitor audit logs for unexpected tx submissions. If you need higher assurance, ask the publisher for an explicit statement on how the agent signer is used (is it stored, transmitted, or only used for local signing via EIP-191/EIP-712?), and verify the on-chain contracts and Guardian service addresses before trusting significant funds.

Like a lobster shell, security has layers — review code before you run it.

latestvk97ddcyadydp2th37t60hq2j6x81xp27

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Runtime requirements

🛡️ Clawdis
EnvSIGIL_API_KEY, SIGIL_ACCOUNT_ADDRESS, SIGIL_AGENT_SIGNER
Primary envSIGIL_API_KEY

Comments