wallet
v1.0.2Mokshya agent-wallet: public REST API + TEE signing (Shamir/AES-GCM). Use when debugging wallets.mokshya.io, GKE deploy, create/sign HTTP flows, rate limits,...
⭐ 0· 75·0 current·0 all-time
byAjay Gautam@evilboyajay
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Benign
high confidencePurpose & Capability
The SKILL.md content matches the skill description (debugging wallet flows, TEE signing, GKE deploy issues, and HTTP create/sign routes). It references the API/TEE architecture and gives troubleshooting steps appropriate for that purpose.
Instruction Scope
The instructions reference environment variables (DATABASE_URL, TEE_BASE_URL, INTERNAL_HMAC_SECRET) and deployment scripts, and point to source-file locations for context. They do not instruct the agent to read or exfiltrate unrelated system files or secrets, but they do assume the operator will set/configure secrets when deploying or debugging.
Install Mechanism
No install spec and no code files are present (instruction-only), so nothing will be written to disk or downloaded by the skill itself. This is the lowest-risk install posture.
Credentials
The SKILL.md mentions several sensitive env vars used by the system (e.g., INTERNAL_HMAC_SECRET, TEE_MASTER_KEY) but the skill metadata does not request any credentials. Mentioning those secrets is expected for deployment/debugging documentation, but be aware that real troubleshooting or testing will require supplying secrets to the runtime environment—do not provide TEE_MASTER_KEY to the API and avoid exposing private keys.
Persistence & Privilege
The skill is not marked always:true and does not request any persistent system privileges. Model invocation is allowed by default, which is normal; the skill contains no install-time code that would persist or change agent-wide settings.
Assessment
This skill is documentation-only and appears to honestly describe how the Mokshya wallet, TEE, and API interact. It does not itself request credentials or install code. Before using it: (1) treat the SKILL.md as guidance only—do not paste your TEE_MASTER_KEY or other private keys into an agent prompt or public logs; (2) if you will run the API/TEE flows for testing, ensure DATABASE_URL, TEE_BASE_URL, and INTERNAL_HMAC_SECRET are configured securely in your environment (use secrets management); (3) be cautious when allowing autonomous agent actions that could call POST /sign-transaction — consider restricting model invocation or requiring user confirmation for signing actions; (4) review the referenced upstream repo (https://github.com/mokshyaprotocol/agent-tee-wallet) and your own deployment manifests before connecting to production services.Like a lobster shell, security has layers — review code before you run it.
latestvk974380dgsj0gn29bb4p1272jd83rw9b
License
MIT-0
Free to use, modify, and redistribute. No attribution required.