ClawHub

ClawPurse

Local Neutaro chain wallet for managing NTMPI tokens, supporting balance checks, transfers, transaction history, staking, and allowlist enforcement.

MIT-0 · Free to use, modify, and redistribute. No attribution required.
2 · 458 · 1 current installs · 1 all-time installs
by@mhue-ai
MIT-0
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Suspicious
medium confidence
Purpose & Capability
Name/description, code files (wallet, keystore, staking, security), and SKILL.md capabilities (balance, send, staking, allowlist) are consistent — the codebase matches the stated wallet purpose.
Instruction Scope
SKILL.md instructs the agent/person to run npm install / build / npm link and to use CLAWPURSE_PASSWORD (env var) and to read/write local files (~/.clawpurse/keystore.enc, receipts, allowlist). Those actions are appropriate for a local wallet but the runtime instructions reference an env var that isn't declared in registry metadata. The instructions also suggest backing up and exporting mnemonics (sensitive operations) and recommend not logging them — this is expected but high-risk if an agent is allowed to act autonomously.
Install Mechanism
No install spec was provided in registry metadata, but SKILL.md requires running npm install, building, and npm link. The code bundle is present in the skill. Lack of an explicit install spec in the registry is an omission (it means manual installation is required and there is no automated sandboxing or declared binaries).
!
Credentials
Registry metadata lists no required environment variables or primary credential, yet SKILL.md and the programmatic examples rely on CLAWPURSE_PASSWORD (and implicitly on local keystore files). A wallet skill that manages mnemonics/keys should declare required secrets/credentials up front; the omission is disproportionate and may mislead users about the sensitive data the skill will handle.
Persistence & Privilege
always is false and model invocation is allowed (default). The skill writes and reads its own keystore and receipts in ~/.clawpurse which is expected for a local wallet. Nothing indicates it modifies other skills or system-wide agent settings.
Scan Findings in Context
[no-findings] expected: Static pre-scan reported no injection signals. This is not proof of safety — the package contains source handling private keys and network RPCs, which merits manual code review.
What to consider before installing
This package is largely coherent with its stated purpose (a local Neutaro wallet) and contains full source and docs. However: (1) it handles sensitive secrets (mnemonic, keystore) and will read/write ~/.clawpurse — only install if you understand and accept local key storage risks; (2) SKILL.md uses CLAWPURSE_PASSWORD but the registry metadata does not declare any required env vars or credentials — treat this as an omission and plan to set the env var securely if you use it; (3) there is no automated install spec in the registry though SKILL.md asks you to run npm install/build/npm link — review package.json scripts and audit the code before running install/build steps; (4) if you intend to let an agent call this autonomously, enable allowlist enforcement, restrict agent permissions, and consider using hardware wallets or keeping funds in a separate account with strict limits to reduce blast radius. If you want to proceed: review src/keystore.ts and src/security.ts to confirm encryption/key handling, test locally in an isolated environment, and avoid placing large balances under an agent-controlled key until you are confident in the code and guardrails.

Like a lobster shell, security has layers — review code before you run it.

Current versionv2.0.2
Download zip
latestvk97fsc3gqkad9b2k0x40qy7h8582cr84

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

SKILL.md

ClawPurse Skill

Local Timpi/NTMPI wallet for agentic AI, automation scripts, and individual users on the Neutaro chain.

Overview

ClawPurse provides cryptocurrency wallet functionality for AI agents (including OpenClaw), automation pipelines, and human operators—enabling autonomous or manual handling of NTMPI tokens on the Neutaro blockchain.

Capabilities

  • Check wallet balance – Query current NTMPI holdings
  • Send tokens – Transfer NTMPI to any Neutaro address
  • Receive tokens – Get wallet address for incoming payments
  • View transaction history – List recent send/receive activity
  • Verify chain status – Check connectivity to Neutaro network
  • Stake tokens – Delegate NTMPI to validators for rewards (v2.0)
  • Manage delegations – View, redelegate, and unstake tokens (v2.0)

Installation

# In the ClawPurse directory
npm install && npm run build && npm link

This makes the clawpurse CLI available globally.

Setup

A wallet must be initialized before first use:

clawpurse init --password <secure-password>

Important: Back up the mnemonic shown during init immediately!

Environment

Set CLAWPURSE_PASSWORD to avoid passing password on every command:

export CLAWPURSE_PASSWORD=<password>

Commands

Status Check

clawpurse status

Returns chain connection status, chain ID, and current block height.

Balance

clawpurse balance

Returns current NTMPI balance.

Address

clawpurse address

Returns the wallet's Neutaro address.

Send

clawpurse send <to-address> <amount> [--memo "text"] [--yes]

Sends NTMPI to the specified address. Use --yes to skip confirmation for amounts > 100 NTMPI.

History

clawpurse history [--limit N]

Shows recent transactions.

Allowlist Management

clawpurse allowlist list              # View trusted destinations
clawpurse allowlist add <addr>        # Add destination
clawpurse allowlist remove <addr>     # Remove destination

Staking (v2.0)

clawpurse validators                  # List active validators
clawpurse delegations                 # View current delegations
clawpurse stake <validator> <amount>  # Delegate tokens
clawpurse unstake <validator> <amount> --yes  # Undelegate (22-day unbonding)
clawpurse redelegate <from> <to> <amount>     # Move stake between validators
clawpurse unbonding                   # Show pending unbonding

Staking for agents:

1. Run: clawpurse validators
2. Select validator with good uptime and reasonable commission
3. Run: clawpurse stake <validator> <amount> --yes
4. Monitor with: clawpurse delegations
5. Rewards auto-deposit to liquid balance on Neutaro

Safety Features

  • Max send limit: 1000 NTMPI per transaction (configurable)
  • Confirmation required: Above 100 NTMPI
  • Address validation: Only neutaro1... addresses accepted
  • Destination allowlist: Optional enforcement of trusted recipients
  • Encrypted keystore: AES-256-GCM with scrypt key derivation

Agent Usage Patterns

Check Balance Before Operations

Before any payment task, run:
clawpurse balance

Parse the output to get available funds.

Making Payments

1. Verify recipient is in allowlist (or use --override-allowlist)
2. Run: clawpurse send <address> <amount> --memo "reason" --yes
3. Capture the tx hash from output
4. Share tx hash with recipient for verification

Receiving Payments

1. Run: clawpurse address
2. Share the address with the sender
3. After expected payment, run: clawpurse balance
4. Or query chain directly to verify specific tx

Programmatic API

For advanced integrations, import ClawPurse functions directly:

import {
  loadKeystore,
  getBalance,
  send,
  getChainInfo,
} from 'clawpurse';

// Load wallet
const { wallet, address } = await loadKeystore(process.env.CLAWPURSE_PASSWORD);

// Check balance
const balance = await getBalance(address);
console.log(balance.primary.displayAmount);

// Send tokens
const result = await send(wallet, address, 'neutaro1...', '10.5', {
  memo: 'Service payment',
  skipConfirmation: true,
});
console.log(`Sent! TxHash: ${result.txHash}`);

Security Notes

  • Never expose the mnemonic in logs or outputs
  • Use environment variables for the password, not command-line args in scripts
  • Enable allowlist enforcement to prevent sends to unknown addresses
  • Monitor receipts at ~/.clawpurse/receipts.json for audit

Files

PathPurpose
~/.clawpurse/keystore.encEncrypted wallet (mode 0600)
~/.clawpurse/receipts.jsonTransaction receipts
~/.clawpurse/allowlist.jsonTrusted destinations

Documentation

Troubleshooting

IssueSolution
"Wallet not found"Run clawpurse init first
"Status: DISCONNECTED"Check network; RPC may be down
"Amount exceeds limit"Adjust maxSendAmount in config
"Destination blocked"Add to allowlist or use --override-allowlist

Files

43 total
Select a file
Select a file to preview.

Comments

Loading comments…