ClawHub

Warden App

Use the Warden App (agentic wallet) via browser automation to execute crypto tasks (swap, bridge, deposit/withdraw, perps, portfolio/research) and to build an OpenClaw skill wrapper other agents can use. Use when you need to (1) navigate the Warden UI, (2) connect a wallet, (3) place trades/swaps, (4) check balances/positions, or (5) document repeatable Warden workflows safely (no key leakage, explicit confirmations).

MIT-0 · Free to use, modify, and redistribute. No attribution required.
1 · 1.6k · 2 current installs · 2 all-time installs
byAndrei@deiu
MIT-0
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Suspicious
medium confidence
Purpose & Capability
The declared purpose (browser-automated interactions with the Warden App UI) aligns with the SKILL.md content. However the skill requires a Chromium browser for automation but the registry metadata does not declare any required binaries or tools (Playwright/Puppeteer/selenium/etc.). The source/homepage is unknown which reduces provenance.
!
Instruction Scope
The SKILL.md instructs the agent to open user-provided app URLs, take snapshots, identify UI landmarks, and perform transactional actions that require wallet signing. It forbids requesting seed phrases and requires explicit user confirmation before executing transactions, which is good. But it also instructs updating and reading a local living doc (references/warden-ui-notes.md) and suggests creating scripts and modifying SKILL.md when building a wrapper — this expands scope to local file writes and code generation without describing safe guardrails. The instructions give the agent significant discretion (UI parsing, snapshots, creating scripts) which could be misused or lead to accidental leakage if not constrained.
Install Mechanism
This is instruction-only with no install spec or downloads, which is lower risk. That said, the skill presumes browser automation capability but does not specify what runtime/tool is expected — the absence of declared automation tooling is a gap but not an install risk itself.
Credentials
No environment variables, credentials, or config paths are requested (proportionate). Still, the workflow expects access to a logged-in browser wallet and to read/update a local references file; those operations could surface sensitive local data (addresses, session metadata, or transaction links). The skill does not request or justify any secrets, which is good, but the file-write/read guidance could enable accidental local data capture.
Persistence & Privilege
The skill does not request always-on presence and has normal invocation settings. However it instructs creating wrapper scripts and updating SKILL.md/references — actions that imply modifying skill artifacts or adding files. It's unclear whether the runtime environment will permit or restrict such file writes; that capability increases persistence/privilege risk if allowed without review.
What to consider before installing
This skill’s purpose matches its instructions, but several things need clarification before you install or run it: - Provenance: the source/homepage is unknown. Prefer skills with a verifiable source or audit trail. - Automation tooling: ask which browser automation tool and runtime the skill expects (Playwright/Puppeteer/selenium) and whether that tool will run in an isolated environment. - File writes: the skill tells agents to update references/warden-ui-notes.md and to create scripts — confirm whether the platform prevents unauthorized skill-file modifications or limits what can be written. Avoid allowing the agent to write arbitrary local files. - Transaction safety: the skill requires explicit user confirmation for transactions — always verify the agent’s transaction summary (chain, token, amount, slippage, fees) before saying “yes, execute.” Prefer using an external or hardware wallet for signing, not embedded keys managed by the agent. - No secrets: never provide seed phrases/private keys. If the skill asks for them despite the SKILL.md, treat that as malicious. If you still want to use this skill, request the owner/source contact, require a detailed runtime manifest (what binaries/tools it needs), and run it in a tightly sandboxed environment where browser sessions and file writes are controlled.

Like a lobster shell, security has layers — review code before you run it.

Current versionv0.1.1
Download zip
agentsvk976b7z88xq8c8t66tvknjm87x80d1hedefivk976b7z88xq8c8t66tvknjm87x80d1helatestvk97dev13mks51ds3rfcjb8n1f180dr6ewardenvk976b7z88xq8c8t66tvknjm87x80d1he

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

SKILL.md

Warden App

Automate common actions in the Warden App through a safe, repeatable workflow that other agents can follow.

Safety & constraints (non-negotiable)

  • Never request or store seed phrases / private keys.
  • Treat all onchain actions as high-risk: confirm chain, token, amount, slippage, fees before signing.
  • Prefer read-only actions unless the user explicitly authorizes execution (e.g., they say: "yes, execute").
  • Do not reveal any private info (local files, credentials, IPs, internal logs).
  • Public comms: do not claim any affiliation or relationship unless it is publicly disclosed and the user explicitly asks you to state it.

Workflow (UI automation)

0) Preconditions

  1. A Chromium browser is available (Chrome/Brave/Edge/Chromium). (Firefox not supported.)
  2. User is logged into the Warden App (and any required email/2FA is completed).
  3. Wallet connection method is clear:
    • embedded Warden wallet, or
    • external wallet (e.g., MetaMask/Rabby/etc.).

If any of the above is missing, stop and ask the user to do that step.

1) Open + stabilize the UI

  • Open the Warden App URL (user-provided).
  • Wait for the dashboard/home view to load.
  • Take a snapshot and identify:
    • current network
    • wallet/account label
    • balances overview / portfolio view

2) Read-only actions (default)

Use these first when the user asks “what do we have / what’s going on?”

  • Portfolio: balances, chains, token list
  • Positions (perps): open positions, PnL, leverage
  • Activity/history: recent swaps/trades, deposits/withdrawals
  • Rewards/points (if applicable): PUMPs / quests / referrals

3) Transactional actions (requires explicit approval each time)

Execution gate: Do not click the final confirm button unless the user explicitly replies with "yes, execute" (or an unambiguous equivalent).

Before clicking a final “Confirm/Swap/Trade” button, summarize:

  • chain + token in/out + amount
  • slippage + fees
  • expected execution (market/limit; leverage if perps)
  • what could go wrong (MEV, thin liquidity, liquidation)

Then proceed.

Supported action patterns:

  • Swap token A → token B
  • Deposit/withdraw to/from a protocol
  • Open/close perp position
  • Set stop / TP (if available)

4) Post-action verification

After execution:

  • confirm status (submitted/confirmed)
  • confirm updated balances/positions
  • capture transaction id/link if shown

Building the OpenClaw wrapper skill

When asked to "create a skill that allows other agents to use the Warden App":

  1. Record the minimal set of repeatable workflows (URLs + UI landmarks) in references/warden-ui-notes.md.
  2. Create small deterministic scripts only when they reduce errors (e.g., parsing a transaction summary or normalizing a confirmation checklist).
  3. Keep SKILL.md lean; put volatile UI selectors / screenshots / step-by-step clickpaths in references.

References

  • Read references/warden-ui-notes.md when you need the latest app URL(s), nav map, and known UI landmarks.

Files

2 total
Select a file
Select a file to preview.

Comments

Loading comments…