Sage Wallet
v1.0.0Interact with the Sage Chia blockchain wallet via RPC. Use for XCH transactions, CAT tokens, NFTs, DIDs, offers, options, coin management, and wallet configuration. Supports cross-platform setups (Mac/Linux/Windows) with configurable RPC endpoints and SSL certificates. Invoke with /sage commands or natural language like "send XCH", "check my NFTs", "create an offer", "mint a CAT token".
⭐ 1· 1.6k·0 current·0 all-time
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Benign
high confidencePurpose & Capability
Name/description (Sage Chia wallet RPC) matches the included scripts and sub-skills. Config management and an mTLS RPC helper are expected for this purpose; listed endpoints and sub-skills correspond to wallet operations (XCH, CATs, NFTs, DIDs, offers, etc.). There are no unrelated credentials or binaries requested.
Instruction Scope
SKILL.md and the scripts instruct the agent to read and write a local config file and to read client certificate and key files (platform-specific defaults under user home or APPDATA). These actions are necessary for mTLS RPC calls and wallet operations, but they are sensitive: the skill exposes endpoints that can return mnemonics and perform transfers (e.g., get_secret_key/login/send_xch). The instructions do not attempt to read unrelated system files or call external endpoints beyond the configured RPC URL.
Install Mechanism
No install spec is provided (instruction-only with bundled scripts). That is low-risk compared to arbitrary downloads; the included shell scripts are plain and sourceable. No external archives or obscure URLs are used.
Credentials
The skill requests no environment variables in registry metadata, but its scripts will read configuration (SAGE_CONFIG_DIR/SAGE_CONFIG_FILE if set) and default to user-local cert/key locations (home or APPDATA). Access to wallet cert, key, and the ability to call RPC endpoints is necessary for the stated functionality. These are sensitive assets (private keys, mnemonics); their presence is proportionate to a wallet RPC skill but requires user caution.
Persistence & Privilege
Skill has no 'always: true' flag and is user-invocable. It does not attempt to modify other skills or system-wide agent settings. It writes/reads only its own config file under user config directories; that is expected behavior for a skill that manages wallet config.
Assessment
This skill appears to be what it claims: a local RPC client for the Sage/Chia wallet. Before installing or using it, consider: 1) The scripts require access to your wallet client certificate and private key (files under your home or APPDATA). Those files enable authenticated RPC calls — if misused they can be used to move funds or reveal mnemonics. 2) The sub-skill 'sage-auth' exposes endpoints such as get_secret_key and login; do not run those commands unless you trust the skill and the environment. 3) Keep rpc_url pointed at a local or trusted node (default is https://127.0.0.1:9257). Do not point the skill to remote or unknown RPC endpoints. 4) Prefer running tests in dry mode first (scripts support --live flags) and verify cert/key file paths before running live operations. 5) Because the repository/source is unknown, prefer obtaining this skill from a trusted source (official Sage or verified registry entry), inspect code locally, and avoid enabling auto-login or saving secrets unless necessary. If you need further checks, provide the omitted sub-skill files for a deeper review or confirm checksum/signature from a trusted upstream repository.Like a lobster shell, security has layers — review code before you run it.
latestvk979jygy7vx57e2hm0t66sxyh5805s6a
License
MIT-0
Free to use, modify, and redistribute. No attribution required.