ClawHub

Agent Wallet

v1.0.7

The agent's wallet. Use this skill to safely create a wallet the agent can use for transfers, swaps, and any EVM chain transaction.

2· 2.1k·7 current·7 all-time
byChris Cassano@glitch003
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Suspicious
medium confidence
Purpose & Capability
Name/description match the instructions: SKILL.md documents creating and using a smart-account wallet via an external API for transfers, swaps, and arbitrary contract calls. However, the skill metadata declares no required env/credentials while the runtime instructions rely on an API URL env var (SAFESKILLS_API_URL) and produce a highly privileged API key (apiKey) at wallet creation; the mismatch between declared requirements and actual runtime needs is a concerning inconsistency. The skill's source/homepage is unknown, increasing provenance risk.
!
Instruction Scope
The instructions tell the agent to create wallets and then use a returned apiKey (Bearer token) to check balances, transfer funds, swap tokens, and send arbitrary calldata to contracts. That allows executing on-chain transactions and arbitrary contract interactions. The SKILL.md does not require reading unrelated files or system state, but it grants the agent the ability to move funds (subject to owner-set policies). Because the skill allows arbitrary txs and swaps, an agent invoking this skill autonomously can cause financial loss if policies are mis-set or the external service is malicious.
Install Mechanism
Instruction-only skill with no install spec or code files; nothing is written to disk and no additional packages are installed. Low technical installation risk.
!
Credentials
SKILL.md references SAFESKILLS_API_URL and SAFESKILLS_FRONTEND_URL and explains the need to store an apiKey (Bearer token) for ongoing operations, but the skill metadata lists no required env vars or primary credential. The apiKey issued by the external service is effectively a privileged credential that can authorize transfers and contract calls; that capability should be declared up-front. The absence of declared credential requirements plus the high privilege of the resulting apiKey is disproportionate and under-specified.
Persistence & Privilege
always:false (not force-included) and disable-model-invocation:false (agent may call autonomously). Autonomous invocation combined with a wallet that can transfer funds increases the blast radius if the agent is permitted to act without human-in-the-loop approval. This is not automatically disqualifying but is a meaningful risk factor and should be considered when granting the agent permissions.
What to consider before installing
Things to consider before installing: - Provenance: The skill has no source repo or homepage and defaults to an API hosted on a Railway app (https://safeskill-production.up.railway.app). Verify the author and the service before trusting it with funds. Ask for a public code repository, security audit, or a trustworthy vendor page. - Powerful credential: Creating a wallet yields an apiKey (Bearer token) that the agent will use to perform transfers, swaps, and arbitrary contract calls. That apiKey can move funds within whatever policies are configured. The skill metadata does not declare this requirement — treat the apiKey as a high-value secret. - Policies and human approval: Rely on strict, conservative policies (address/token/function allowlists, per-tx and daily spending limits) and enable explicit human approval for any transaction you would not expect automatically. Test thoroughly on a testnet wallet first. - Autonomous invocation risk: Because the agent can call the skill autonomously, do not allow it to hold real funds unless you are comfortable with the agent's decision-making boundaries. Prefer requiring manual approval for any non-trivial action. - Operational safeguards: If you proceed, rotate keys regularly, store the apiKey in a secure secrets store (not plaintext), restrict the API key scopes if possible, monitor transactions in real time, and limit the skill to minimal chains and tokens needed. - Alternatives: Consider self-hosting a wallet/back-end you control or using a well-known, audited custody/agent-wallet provider with clear source code and documentation. If you want to proceed safely, request the skill author for: (1) source code or deployment manifest, (2) a clear statement of exactly what privileges apiKey grants, and (3) instructions for scoping/rotating the apiKey and enabling mandatory human approvals.

Like a lobster shell, security has layers — review code before you run it.

latestvk973smgmhqamekrn4wnmdkyrs980axd4
2.1kdownloads
2stars
4versions
Updated 1mo ago
v1.0.7
MIT-0
Chris Cassano@glitch003
latest
Download

Agent Wallet

Use this skill to safely create a wallet the agent can use for transfers, swaps, and any EVM chain transaction without ever exposing private keys to the agent. Create a wallet, set spending policies, and your agent can transfer tokens, do swaps, and interact with smart contracts within the boundaries you define.

The agent never sees the private key. All transactions are executed server-side through a smart account. The wallet owner controls what the agent can do via configurable policies.

Configuration

  • Base API URL: Use the SAFESKILLS_API_URL environment variable if set, otherwise default to https://safeskill-production.up.railway.app
  • Frontend URL: Use the SAFESKILLS_FRONTEND_URL environment variable if set, otherwise default to https://safeskill-production.up.railway.app

All API requests require a Bearer token (the API key returned when creating a wallet).

Authorization: Bearer <API_KEY>

Quick Start

1. Create a Wallet

Create a new smart account wallet for your agent. This generates a private key server-side (you never see it), creates a ZeroDev smart account, and returns an API key for the agent plus a claim URL for the wallet owner.

curl -X POST "${SAFESKILLS_API_URL:-https://safeskill-production.up.railway.app}/api/secrets" \
  -H "Content-Type: application/json" \
  -d '{
    "type": "EVM_WALLET",
    "memo": "My agent wallet",
    "chainId": 84532
  }'

Response includes:

  • apiKey -- store this securely; use it as the Bearer token for all future requests
  • claimUrl -- share this with the user so they can claim the wallet and set policies
  • address -- the smart account address

After creating, tell the user:

"Here is your wallet claim URL: <claimUrl>. Use this to claim ownership, set spending policies, and monitor your agent's wallet activity."

2. Get Wallet Address

curl -X GET "${SAFESKILLS_API_URL:-https://safeskill-production.up.railway.app}/api/skills/evm-wallet/address" \
  -H "Authorization: Bearer <API_KEY>"

3. Check Balances

# Native balance only
curl -X GET "${SAFESKILLS_API_URL:-https://safeskill-production.up.railway.app}/api/skills/evm-wallet/balance" \
  -H "Authorization: Bearer <API_KEY>"

# With ERC-20 tokens
curl -X GET "${SAFESKILLS_API_URL:-https://safeskill-production.up.railway.app}/api/skills/evm-wallet/balance?tokens=0xTokenAddr1,0xTokenAddr2" \
  -H "Authorization: Bearer <API_KEY>"

4. Transfer ETH or Tokens

# Transfer native ETH
curl -X POST "${SAFESKILLS_API_URL:-https://safeskill-production.up.railway.app}/api/skills/evm-wallet/transfer" \
  -H "Authorization: Bearer <API_KEY>" \
  -H "Content-Type: application/json" \
  -d '{
    "to": "0xRecipientAddress",
    "amount": "0.01"
  }'

# Transfer ERC-20 token
curl -X POST "${SAFESKILLS_API_URL:-https://safeskill-production.up.railway.app}/api/skills/evm-wallet/transfer" \
  -H "Authorization: Bearer <API_KEY>" \
  -H "Content-Type: application/json" \
  -d '{
    "to": "0xRecipientAddress",
    "amount": "100",
    "token": "0xTokenContractAddress"
  }'

5. Swap Tokens

Swap one token for another using DEX liquidity (powered by 0x).

# Preview a swap (no execution, just pricing)
curl -X POST "${SAFESKILLS_API_URL:-https://safeskill-production.up.railway.app}/api/skills/evm-wallet/swap/preview" \
  -H "Authorization: Bearer <API_KEY>" \
  -H "Content-Type: application/json" \
  -d '{
    "sellToken": "0xEeeeeEeeeEeEeeEeEeEeeEEEeeeeEeeeeeeeEEeE",
    "buyToken": "0xA0b86991c6218b36c1d19D4a2e9Eb0cE3606eB48",
    "sellAmount": "0.1",
    "chainId": 1
  }'

# Execute a swap
curl -X POST "${SAFESKILLS_API_URL:-https://safeskill-production.up.railway.app}/api/skills/evm-wallet/swap/execute" \
  -H "Authorization: Bearer <API_KEY>" \
  -H "Content-Type: application/json" \
  -d '{
    "sellToken": "0xEeeeeEeeeEeEeeEeEeEeeEEEeeeeEeeeeeeeEEeE",
    "buyToken": "0xA0b86991c6218b36c1d19D4a2e9Eb0cE3606eB48",
    "sellAmount": "0.1",
    "chainId": 1,
    "slippageBps": 100
  }'
  • sellToken / buyToken: Token contract addresses. Use 0xEeeeeEeeeEeEeeEeEeEeeEEEeeeeEeeeeeeeEEeE for native ETH.
  • sellAmount: Human-readable amount to sell (e.g. "0.1" for 0.1 ETH).
  • chainId: The chain to swap on (1 = Ethereum, 137 = Polygon, 42161 = Arbitrum, 10 = Optimism, 8453 = Base, etc.).
  • slippageBps: Optional slippage tolerance in basis points (100 = 1%). Defaults to 100.

The preview endpoint returns expected buy amount, route info, and fees without executing. The execute endpoint performs the actual swap through the smart account, handling ERC20 approvals automatically.

6. Send Arbitrary Transaction

Interact with any smart contract by sending custom calldata.

curl -X POST "${SAFESKILLS_API_URL:-https://safeskill-production.up.railway.app}/api/skills/evm-wallet/send-transaction" \
  -H "Authorization: Bearer <API_KEY>" \
  -H "Content-Type: application/json" \
  -d '{
    "to": "0xContractAddress",
    "data": "0xCalldata",
    "value": "0"
  }'

Policies

The wallet owner controls what the agent can do by setting policies via the claim URL. If a transaction violates a policy, the API will reject it or require human approval via Telegram.

PolicyWhat it does
Address allowlistOnly allow transfers/calls to specific addresses
Token allowlistOnly allow transfers of specific ERC-20 tokens
Function allowlistOnly allow calling specific contract functions (by 4-byte selector)
Spending limit (per tx)Max USD value per transaction
Spending limit (daily)Max USD value per rolling 24 hours
Spending limit (weekly)Max USD value per rolling 7 days
Require approvalEvery transaction needs human approval via Telegram
Approval thresholdTransactions above a USD amount need human approval

If no policies are set, all actions are allowed by default. Once the owner claims the wallet and adds policies, the agent operates within those boundaries.

Important Notes

  • Never try to access raw secret values. The private key stays server-side -- that's the whole point.
  • Always store the API key from wallet creation -- it's the only way to authenticate.
  • Always share the claim URL with the user after creating a wallet.
  • The default chain ID is 84532 (Base Sepolia testnet). Adjust as needed.
  • If a transaction is rejected, it may be blocked by a policy. Tell the user to check their policy settings via the claim URL.
  • If a transaction requires approval, it will return status: "pending_approval". The wallet owner will receive a Telegram notification to approve or deny.

Comments

Loading comments...