Base Wallet
v1.5.0๐ Base Wallet - Crypto Identity for AI Agents. Create wallets, sign messages (SIWE), send transactions programmatically. No browser extensions, no human intervention. The foundation for autonomous Web3 agents.
โญ 2ยท 2.2kยท9 currentยท9 all-time
byJu Chun Ko@daaab
MIT-0
Download zip
LicenseMIT-0 ยท Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Benign
high confidencePurpose & Capability
Name/description (Base wallet, SIWE, transactions) match the included scripts and documentation. The three scripts implement wallet creation, balance checks, and BaseMail registration against api.basemail.ai โ all coherent with the declared purpose.
Instruction Scope
Runtime instructions and scripts operate within expected scope: creating wallets, optionally storing managed wallet files (~/.openclaw/wallets), logging to ~/.base-wallet/audit.log, checking balances via RPC, and calling BaseMail endpoints. Minor scope notes: the SKILL.md strongly recommends using environment variables (PRIVATE_KEY, MNEMONIC, WALLET_DIR) and also documents an opt-in file storage mode; these behaviors are explicit in the scripts (no unexpected file or system scanning).
Install Mechanism
There is no automated install spec (instruction-only install), which is lowest risk. package.json lists an ethers dependency and SKILL.md tells the user to npm install ethers; the skill will fail unless dependencies are installed. No remote downloads or obscure URLs are used.
Credentials
The scripts use PRIVATE_KEY, MNEMONIC, and optional WALLET_DIR โ all directly relevant to wallet management. However, the registry metadata declared no required env vars while the runtime explicitly reads these environment variables; this metadata omission is a minor inconsistency but not malicious.
Persistence & Privilege
always:false (normal). The skill persists optional managed wallet files under ~/.openclaw/wallets and writes an audit log to ~/.base-wallet/audit.log. These are expected for this type of tool but are persistent artifacts the user should consider and protect.
Assessment
This skill appears to do what it says: create wallets, sign SIWE messages, check balances, and register with BaseMail. Before installing: 1) inspect and run in a safe environment (container or isolated account); 2) run npm install (ethers) before using; 3) prefer the --env mode (set PRIVATE_KEY only in your process env) and avoid using --managed unless you accept storing keys on disk; 4) note the skill will create files in ~/.openclaw/wallets and ~/.base-wallet/audit.log โ protect or delete them as needed and add wallet files to .gitignore; 5) verify you trust https://api.basemail.ai before handing it a signing wallet; 6) if you will let an autonomous agent use this skill, be aware it can create and use keys programmatically โ limit autonomy if you don't want an agent transacting on-chain.Like a lobster shell, security has layers โ review code before you run it.
basevk975nq62hy36nn5qm6220136gh80py1sbasemailvk975nq62hy36nn5qm6220136gh80py1sethereumvk975nq62hy36nn5qm6220136gh80py1slatestvk97759hte4m10ykweembt0084580rdj2siwevk975nq62hy36nn5qm6220136gh80py1swalletvk975nq62hy36nn5qm6220136gh80py1s
License
MIT-0
Free to use, modify, and redistribute. No attribution required.