Bitcoin Wallet using Breez Spark SDK

Self-custodial Bitcoin and Lightning wallet for AI agents. Send and receive sats via Lightning Network, Spark, or on-chain Bitcoin. Use when: checking bitcoin balance, sending/receiving payments, generating Lightning invoices, managing wallet operations. Requires the BreezClaw plugin and a Breez API key.

MIT-0 · Free to use, modify, and redistribute. No attribution required.

⭐ 4 · 1.6k · 1 current installs · 1 all-time installs

by@robertclarkson

MIT-0

Security Scan

VirusTotal

Benign

View report →

OpenClaw

Suspicious

medium confidence

ℹ

Purpose & Capability

The name/description match the SKILL.md: it's a Breez SDK-based self-custodial wallet. Requesting a Breez API key is expected. However the registry metadata declares no primary credential or required env vars while the instructions explicitly require a Breez API key/config change — an inconsistency between declared metadata and the actual configuration steps.

Instruction Scope

SKILL.md instructs the user to clone a third-party GitHub repo into ~/.openclaw/extensions, run npm install and npm run build, edit ~/.openclaw/openclaw.json to add a breezApiKey, and restart the gateway. It documents a wallet_backup tool that retrieves the wallet mnemonic (sensitive). While most steps are plausible for a plugin, they grant the plugin persistent access to wallet files (~/.openclaw/breezclaw/) and the ability to expose mnemonic data if misused. The instructions do not require code review, pinning to a commit, or guidance to store secrets securely.

Install Mechanism

There is no formal install spec in the registry, but SKILL.md tells users to git clone a GitHub repo and run npm install/build. Running npm install on arbitrary repository code can execute arbitrary install/build scripts and pull untrusted dependencies. The repo URL is a third‑party source (onesandzeros-nz) and the instruction does not pin a commit or provide integrity checks.

Credentials

Registry metadata lists no required env vars or primary credential, yet the instructions require a Breez API key to be placed in ~/.openclaw/openclaw.json. That mismatch is an omission in metadata. Additionally, the skill exposes a wallet_backup capability to retrieve mnemonic data — access to that secret is proportionally high for a plugin and must be protected; instructions do not prescribe secure storage or limiting exposure of the API key or mnemonic.

ℹ

Persistence & Privilege

The skill is not marked always:true (good). Enabling the plugin via openclaw.json and installing it creates a persistent plugin on the agent that can be invoked by the model (disable-model-invocation is false). This is expected for a wallet plugin, but combined with the installation of external code and the ability to retrieve mnemonics, it increases the blast radius if the plugin is malicious or contains vulnerabilities.

What to consider before installing

Before installing: (1) verify and inspect the GitHub repo (review the code/build scripts) — do not blindly run npm install. (2) Prefer pinning to a specific commit or release and check repository reputation. (3) Store the Breez API key securely (consider using environment variables or a secrets manager rather than a plaintext openclaw.json), and limit who/what can read that config file. (4) Treat mnemonic retrieval (wallet_backup) as highly sensitive — only enable that functionality after code review and only with explicit, auditable user consent. (5) If you do not trust or cannot audit the repo, do not install it; consider using an audited/official wallet plugin instead. Finally, consider restricting autonomous invocation of this plugin or requiring manual confirmation for any spend operations.

Like a lobster shell, security has layers — review code before you run it.

Current versionv1.0.0

Download zip

latestvk97fdkjeh5wka5y9pjhzs62na5809xkq

License

MIT-0

Free to use, modify, and redistribute. No attribution required.

Termshttps://spdx.org/licenses/MIT-0.html

SKILL.md

BreezClaw

Self-custodial Bitcoin and Lightning wallet for AI agents. Powered by Breez SDK Spark.

Install

# Clone plugin
cd ~/.openclaw/extensions
git clone https://github.com/onesandzeros-nz/BreezClaw.git breezclaw

# Install dependencies and build
cd breezclaw
npm install
npm run build

Configure

1. Get Breez API Key

2. Add to OpenClaw Config

Edit ~/.openclaw/openclaw.json:

{
  "plugins": {
    "entries": {
      "breezclaw": {
        "enabled": true,
        "config": {
          "breezApiKey": "YOUR_BREEZ_API_KEY",
          "network": "mainnet"
        }
      }
    }
  }
}

3. Restart

openclaw gateway restart

Tools

Tool	Description
`wallet_status`	Check wallet exists and connection state
`wallet_connect`	Connect or create wallet from mnemonic
`wallet_balance`	Get balance in sats and BTC
`wallet_receive`	Generate payment request
`wallet_prepare_send`	Prepare payment with fee estimate
`wallet_send`	Execute confirmed payment
`wallet_transactions`	List transaction history
`wallet_info`	Detailed wallet info
`wallet_backup`	Retrieve mnemonic (sensitive!)
`wallet_disconnect`	Clean disconnect

Receive Methods

spark — Reusable Spark address (default)
spark_invoice — Spark invoice with amount
lightning — BOLT11 invoice
bitcoin — On-chain address

Payment Flow

Always two-step:

wallet_prepare_send → Show fees
User confirms → wallet_send(confirmed=true)

Security

Never expose mnemonic unless explicitly requested
Always show fees before sending
Require explicit confirmation for sends
Wallet data: ~/.openclaw/breezclaw/

Examples

"What's my balance?" → wallet_balance

"Invoice for 1000 sats" → wallet_receive(method="lightning", amount_sats=1000)

"Send 500 sats to user@wallet.com" → resolve LNURL → wallet_prepare_send → confirm → wallet_send

Files

1 total

Select a file

Select a file to preview.

Comments

Loading comments…