Bank Skills

v1.0.1

Traditional banking via Wise API + on-chain token swaps on Base

⭐ 0· 937·0 current·0 all-time

by@singularityhacker

MIT-0

Security Scan

VirusTotal

Suspicious

View report →

OpenClaw

Suspicious

medium confidence

ℹ

Purpose & Capability

Name/description (Wise + on‑chain swaps on Base) matches the code: there are Wise client modules and separate wallet/sweeper modules for Base. Required credential (WISE_API_TOKEN) is appropriate for Wise operations; optional env vars (CLAWBANK_WALLET_PASSWORD, BASE_RPC_URL) are used for on‑chain features and are declared as optional in SKILL.md metadata. However, the README/SKILL.md implies an integrated flow (deposit → on‑chain swap) that is not a single atomic Wise→chain transfer—users should not assume Wise balances are automatically moved on‑chain without explicit instructions. Also the sweeper includes ClawBank‑specific hardcoded pool/hook parameters (domain‑specific behavior).

Instruction Scope

Runtime instructions and code read environment variables and create persistent files under ~/.clawbank (wallet.json, sweep.config, logs). The wallet module can export the private key (export_private_key is included as a tool in README/SKILL.md), which means the agent can produce the raw private key in responses if invoked. The SKILL.md claims the skill will not store API keys in code (true), but it does create and store an encrypted keystore and swap logs locally; those files are persistent and contain sensitive material (encrypted keystore, swap history). The code also depends on blockchain RPC and third‑party libraries (web3, uniswap decoder) which are executed at runtime.

ℹ

Install Mechanism

This is an instruction‑only skill (no install spec). The package contains Python source and a pyproject.toml declaring heavy dependencies (web3, eth-account, httpx, etc.), but there is no automated install step included in the metadata. That means runtime will require a Python environment with those packages already installed; absent that, runtime may fail. No direct downloads or obscure URLs are used, but missing dependency management increases friction and possible misconfiguration.

ℹ

Credentials

The only REQUIRED env var is WISE_API_TOKEN (appropriate for Wise API usage). The skill also reads optional env vars CLAWBANK_WALLET_PASSWORD and BASE_RPC_URL (declared as optional in SKILL.md). These are proportional to the on‑chain features. However, because the skill can export a wallet's private key and writes an encrypted keystore on disk, the combination of environment access and available tools increases the risk surface: a compromised agent session or careless use could leak the private key or reuse the wallet password elsewhere.

ℹ

Persistence & Privilege

The skill writes persistent files to the user's home (~/.clawbank): an encrypted keystore (wallet.json), sweep.config, and append logs. This persistence is expected for a wallet/sweeper, but it is a lasting footprint. always:false (not force‑installed) and it does not modify other skills' configs, which is appropriate, but users should be aware of the persistent keystore and logs created on first run.

What to consider before installing

Summary and recommendations before installing: - Understand the true capabilities: this skill will call the Wise API (requires WISE_API_TOKEN) and also create/manage an on‑chain wallet under ~/.clawbank for Base (encrypted keystore + sweep logs). These are separate surfaces—Wise API access does not magically move funds on‑chain without explicit transactions. - Sensitive artifacts created: the skill creates ~/.clawbank/wallet.json (encrypted keystore) and ~/.clawbank/sweep.config and append logs. It also exposes an export_private_key tool that will return the raw private key if invoked — do NOT call that unless you intend to reveal the key. - Least privilege for API tokens: give the Wise token the narrowest scope possible and enable Wise dashboard IP whitelisting and rotation. Treat WISE_API_TOKEN as sensitive. - Run in an isolated environment: because the skill executes network calls and interacts with wallets, run it on an isolated machine or container where you control dependencies rather than on a machine with other sensitive credentials. - Dependencies & runtime: pyproject lists heavy blockchain/network dependencies, but there is no install spec. Ensure Python >=3.10 and install dependencies (web3, eth‑account, httpx, etc.) in a virtualenv before running to avoid runtime errors. Note: code references an external uniswap_universal_router_decoder — verify availability. - Audit and limit actions: review code paths for any automated sweeping/buy operations and disable or require manual confirmation for expensive actions. Do not allow the agent to autonomously call buy_token or send_token unless you trust it and monitor transactions. - If you need only banking features: consider extracting or running only the Wise modules to avoid installing wallet/sweeper code. Confidence note: medium — the repository appears coherent with its stated purpose, but the combination of on‑chain wallet management, private‑key export, persistent artifacts, and missing automated dependency/install instructions raises enough concern that you should review and test the code in a controlled environment before using with real funds.

Like a lobster shell, security has layers — review code before you run it.

latestvk97cgr5865qzjk444jt82k26j98180k2

License

MIT-0

Free to use, modify, and redistribute. No attribution required.

Termshttps://spdx.org/licenses/MIT-0.html

Runtime requirements

🏦 Clawdis

Binspython

EnvWISE_API_TOKEN

Primary envWISE_API_TOKEN

SKILL.md

Bank Skill

Purpose

Gives AI agents traditional banking capabilities (via Wise API) and on-chain token operations (via Uniswap on Base). Agents can check balances, send money, retrieve account details, create Ethereum wallets, swap tokens, and send tokens—all through a single skill.

Prerequisites

For Banking (Wise API):

WISE_API_TOKEN environment variable (required)
Optional: WISE_PROFILE_ID (defaults to first available profile)

For Token Operations (Base Network):

Optional: CLAWBANK_WALLET_PASSWORD (wallet keystore password, defaults to "clawbank-default")
Optional: BASE_RPC_URL (Base RPC endpoint, defaults to https://mainnet.base.org)

Operations

Banking Operations (Wise API)

1. Check Balance

Purpose: Query Wise multi-currency balances for the configured profile.

Inputs:

action: "balance" (required)
currency: Currency code filter, e.g. "USD" (optional — returns all if omitted)

Outputs:

JSON array of balance objects, each with currency, amount, and reservedAmount

Usage:

echo '{"action": "balance"}' | ./run.sh
echo '{"action": "balance", "currency": "USD"}' | ./run.sh

Example output:

{
  "success": true,
  "balances": [
    {"currency": "USD", "amount": 1250.00, "reservedAmount": 0.00},
    {"currency": "EUR", "amount": 500.75, "reservedAmount": 10.00}
  ]
}

2. Get Receive Details

Purpose: Retrieve account number, routing number, IBAN, and related info so others can send you payments.

Inputs:

action: "receive-details" (required)
currency: Currency code, e.g. "USD" (optional — returns all if omitted)

Outputs:

JSON object with account holder name, account number, routing number (or IBAN/SWIFT for non-USD), and bank name

Usage:

echo '{"action": "receive-details"}' | ./run.sh
echo '{"action": "receive-details", "currency": "USD"}' | ./run.sh

Example output:

{
  "success": true,
  "details": [
    {
      "currency": "USD",
      "accountHolder": "Your Business Name",
      "accountNumber": "1234567890",
      "routingNumber": "026073150",
      "bankName": "Community Federal Savings Bank"
    }
  ]
}

3. Send Money

Purpose: Initiate a transfer from your Wise balance to a recipient.

Inputs:

action: "send" (required)
sourceCurrency: Source currency code, e.g. "USD" (required)
targetCurrency: Target currency code, e.g. "EUR" (required)
amount: Amount to send as a number (required)
recipientName: Full name of the recipient (required)
recipientAccount: Recipient account number or IBAN (required)

Additional fields for USD ACH transfers:

recipientRoutingNumber: 9-digit ABA routing number (required)
recipientCountry: Two-letter country code, e.g. "US" (required)
recipientAddress: Street address (required)
recipientCity: City (required)
recipientState: State code, e.g. "NY" (required)
recipientPostCode: ZIP/postal code (required)
recipientAccountType: "CHECKING" or "SAVINGS" (optional, defaults to "CHECKING")

Outputs:

JSON object with transfer ID, status, and confirmation details

USD ACH Transfer Example:

echo '{
  "action": "send",
  "sourceCurrency": "USD",
  "targetCurrency": "USD",
  "amount": 100.00,
  "recipientName": "John Smith",
  "recipientAccount": "123456789",
  "recipientRoutingNumber": "111000025",
  "recipientCountry": "US",
  "recipientAddress": "123 Main St",
  "recipientCity": "New York",
  "recipientState": "NY",
  "recipientPostCode": "10001",
  "recipientAccountType": "CHECKING"
}' | ./run.sh

EUR IBAN Transfer Example (simpler):

echo '{
  "action": "send",
  "sourceCurrency": "USD",
  "targetCurrency": "EUR",
  "amount": 100.00,
  "recipientName": "Jane Doe",
  "recipientAccount": "DE89370400440532013000"
}' | ./run.sh

Example output:

{
  "success": true,
  "transfer": {
    "id": 12345678,
    "status": "processing",
    "sourceAmount": 100.00,
    "sourceCurrency": "USD",
    "targetAmount": 93.50,
    "targetCurrency": "EUR"
  }
}

Token Operations (Base Network)

4. Create Wallet

Purpose: Generate a new Ethereum wallet for token operations on Base.

Inputs:

action: "create-wallet" (required)

Outputs:

Wallet address (keystore saved to ~/.clawbank/wallet.json)

Usage:

echo '{"action": "create-wallet"}' | ./run.sh

5. Get Wallet

Purpose: Get current wallet address and ETH balance on Base.

Inputs:

action: "get-wallet" (required)

Outputs:

Wallet address and ETH balance

Usage:

echo '{"action": "get-wallet"}' | ./run.sh

6. Set Target Token

Purpose: Set the target token address for swaps.

Inputs:

action: "set-target-token" (required)
tokenAddress: ERC-20 contract address on Base (required)

Usage:

echo '{"action": "set-target-token", "tokenAddress": "0x833589fCD6eDb6E08f4c7C32D4f71b54bdA02913"}' | ./run.sh

7. Get Sweep Config

Purpose: View current target token and swap history.

Inputs:

action: "get-sweep-config" (required)

Usage:

echo '{"action": "get-sweep-config"}' | ./run.sh

8. Get Token Balance

Purpose: Check ERC-20 token balance for the wallet.

Inputs:

action: "get-token-balance" (required)
tokenAddress: ERC-20 contract address (required)

Usage:

echo '{"action": "get-token-balance", "tokenAddress": "0x833589fCD6eDb6E08f4c7C32D4f71b54bdA02913"}' | ./run.sh

9. Buy Token

Purpose: Swap ETH for any token on Base via Uniswap (universal V3+V4 support).

Inputs:

action: "buy-token" (required)
amountEth: Amount of ETH to swap (required)

Outputs:

Transaction hash, amount in, amount out, status

Usage:

echo '{"action": "buy-token", "amountEth": 0.001}' | ./run.sh

Supported tokens: Any ERC-20 with WETH liquidity on Base (USDC, DAI, WBTC, ClawBank, etc.)

10. Send Token

Purpose: Send ERC-20 tokens or native ETH from the wallet.

Inputs:

action: "send-token" (required)
tokenAddress: ERC-20 contract address, or "ETH" for native ETH (required)
toAddress: Recipient wallet address (required)
amount: Amount to send in token units (required)

Usage:

echo '{"action": "send-token", "tokenAddress": "0x833589fCD6eDb6E08f4c7C32D4f71b54bdA02913", "toAddress": "0x...", "amount": 5.0}' | ./run.sh

11. Export Private Key

Purpose: Export wallet's private key for recovery or import.

Inputs:

action: "export-private-key" (required)

Outputs:

Private key (hex string) and wallet address

Usage:

echo '{"action": "export-private-key"}' | ./run.sh

Failure Modes

Banking Operations:

Missing WISE_API_TOKEN: Returns {"success": false, "error": "WISE_API_TOKEN environment variable is not set"}. Set the token and retry.
Invalid API token: Returns {"success": false, "error": "Authentication failed — check your WISE_API_TOKEN"}.
Insufficient funds: Returns {"success": false, "error": "Insufficient funds in USD balance"}. Check balance before retrying.
Invalid recipient details: Returns {"success": false, "error": "Invalid recipient account details"}.

Token Operations:

No wallet: Returns {"success": false, "error": "Wallet does not exist. Call create-wallet first"}.
Insufficient ETH: Returns {"success": false, "error": "Insufficient balance. Have X ETH, need Y + 0.001 for gas"}.
No target token set: Returns {"success": false, "error": "No target token set. Call set-target-token first"}.
No liquidity pool: Returns {"success": false, "error": "No liquidity pool found for [token]"}.
Unknown action: Returns {"success": false, "error": "Unknown action: <action>"}. See Operations section for valid actions.

When to Use

Banking: Check balances, send international transfers, share account details for receiving payments

Token Operations: Create wallets, swap tokens on Base (any token with Uniswap liquidity), send tokens, track balances

When Not to Use

Do not use Wise for crypto on/off-ramps (Wise restricts crypto)
Do not use with accounts holding significant funds (R&D only)
Token operations require Base network access and ETH for gas

Technical Details

Token Swap Implementation:

Hybrid V3+V4 routing (tries V3 first, falls back to V4 for tokens with hooks)
Supports any token with WETH liquidity on Base
Automatic fee tier detection (0.05%, 0.3%, 1%)
Gas costs: ~250k (V3) or ~450k (V4)

Security:

Wallet keystore encrypted with password
Private keys never logged or exposed
All transactions signed locally
No external API calls for token operations (direct blockchain interaction)

Files

28 total

Select a file

Select a file to preview.

Comments

Loading comments…