ClawHub

Monolith — Crypto Wallet

v0.1.10

Secure crypto wallet for AI agents. Hardware-isolated keys (Apple Secure Enclave), ERC-4337 smart wallet, on-chain spending caps, default-deny policy engine.

4· 745· 9 versions· 2 current· 2 all-time· Updated 6h ago· MIT-0
byslavique@slaviquee

Security Scans

VirusTotalBenignClawScanBenignStatic analysisBenign

Install

openclaw skills install monolith

Monolith — Crypto Wallet Skill

Secure crypto wallet for OpenClaw agents. Monolith combines hardware-isolated keys (Apple Secure Enclave), on-chain spending controls, and policy-gated approvals so agents can transact safely without exposing private keys.

Commands

CommandWhat it doesRequires daemon?
send <to> <amount> [token] [chainId]Send ETH or USDCYes
swap <amountETH> [tokenOut] [chainId]Swap ETH for tokens via Uniswap (Routing API with on-chain fallback)Yes
balance <address> [chainId]Check ETH and stablecoin balancesNo (read-only)
capabilitiesShow current limits, budgets, gas statusYes
decode <target> <calldata> <value>Decode a tx intent into human-readable summaryYes
panicEmergency freeze — instant, no Touch IDYes
statusCheck daemon health and wallet infoYes
identity [query|register]ERC-8004 identity operationsPartially
setupRun setup wizard, show wallet status and configYes
policyShow current spending policyYes
policy update '<json>'Update spending policy (Touch ID required)Yes
allowlist <add|remove> <address> [label]Add or remove address from allowlist (Touch ID required)Yes
audit-logShow the daemon audit logYes

Security Model

  • The skill is untrusted. It only builds intents: {target, calldata, value}.
  • The skill NEVER sets nonce, gas, chainId, fees, or signatures.
  • The signing daemon (local macOS process) enforces all policy.
  • Transactions within policy limits execute automatically (autopilot).
  • Transactions that exceed limits or use unknown calldata require human approval via 8-digit code.
  • Token approvals (approve, permit, etc.) ALWAYS require explicit approval.

What requires approval?

  • Transfers over per-tx or daily spending caps
  • Transfers to non-allowlisted addresses
  • Token approvals (approve, permit, setApprovalForAll)
  • Unknown calldata (default-deny policy)
  • Swaps above slippage limits

What works on autopilot?

  • ETH and USDC transfers within limits to allowlisted addresses
  • Swaps on allowlisted DEXes (Uniswap) within slippage limits
  • DeFi deposits/withdrawals on allowlisted protocols (Aave)
  • Balance checks, status queries, decode requests

Setup

  1. Install Monolith from ClawHub: clawhub install monolith
  2. Start a new OpenClaw session so the skill is loaded.
  3. Install local macOS components from the install entries:
    • MonolithDaemon-v0.1.5.pkg (admin/root install)
    • MonolithCompanion.app.zip (extract app to /Applications and open once)
  4. Start daemon first, then companion. If companion was opened before daemon, restart companion after daemon is running.
  5. Run monolith setup to verify daemon/companion connectivity and wallet status.
  6. Fund the wallet address with ETH on your chosen chain.
  7. Start transacting.

First-Install Notes (OpenClaw bot/operator)

  • Approval flows (Touch ID + notifications) require an active logged-in macOS GUI session.
  • Headless-only SSH sessions cannot complete biometric/notification approval steps.
  • monolith setup is the canonical health check before attempting send, swap, policy, or allowlist commands.

Error Handling

  • If the daemon is not running, all signing commands will fail with a clear error
  • If gas is low, the daemon will refuse transactions — fund the wallet with more ETH
  • If the wallet is frozen, no outbound transactions are possible until unfrozen (requires Touch ID + 10min delay)
  • Rate-limited by Pimlico? The daemon uses exponential backoff automatically

Approval Flow

When a transaction exceeds policy limits or uses unknown calldata, the daemon returns HTTP 202 with a reason, summary, and expiration. The agent should:

  1. Present the approval reason and summary to the user.
  2. Ask the user for the 8-digit approval code (displayed by the daemon's native macOS dialog).
  3. Re-call /sign with the same intent plus the approvalCode field to confirm.

No separate approval script is needed -- the same send or swap command is re-invoked with the approval code passed through the daemon.

Swap Routing

Uses Uniswap Routing API when available; falls back to on-chain V3 fee-tier probing (tries 3000, 500, 10000 bps tiers, picks best quote). The fallback ensures swap intents can still be built when the API is down or returns unexpected results.

Chains

  • Ethereum Mainnet (chainId 1)
  • Base (chainId 8453)

Version tags

basevk97b7sfh70dqv339v6z6dkhrg581t9zkcryptovk97b7sfh70dqv339v6z6dkhrg581t9zkdefivk97b7sfh70dqv339v6z6dkhrg581t9zkerc4337vk97b7sfh70dqv339v6z6dkhrg581t9zkethereumvk97b7sfh70dqv339v6z6dkhrg581t9zklatestvk97b7sfh70dqv339v6z6dkhrg581t9zkwalletvk97b7sfh70dqv339v6z6dkhrg581t9zkweb3vk97b7sfh70dqv339v6z6dkhrg581t9zk

Runtime requirements

OSmacOS
BinsMonolithDaemon