ClawHub

WAIaaS Wallet

Self-hosted crypto wallet daemon for AI agents. Send transactions, manage DeFi positions, enforce spending limits — without exposing private keys to agents....

MIT-0 · Free to use, modify, and redistribute. No attribution required.
0 · 24 · 0 current installs · 0 all-time installs
by유민호(Minho Yoo)@minhoyoo-iotrust
MIT-0
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Benign
medium confidence
Purpose & Capability
The name/description (self‑hosted wallet daemon) aligns with required binary ('waiaas'), the single required env var (WAIAAS_SESSION_TOKEN), and the documented CLI commands. Nothing requested appears unrelated to the stated wallet/daemon purpose.
Instruction Scope
SKILL.md only instructs installing and running the waiaas CLI/daemon, initializing data/config, setting a session token in an env var, and connecting via MCP; it does not instruct reading unrelated host files or exfiltrating arbitrary data. It appropriately emphasizes not hardcoding tokens and using the Admin UI for policy control.
Install Mechanism
Install uses an npm package (@waiaas/cli) to create the 'waiaas' binary — a typical approach for CLIs but carries the usual npm risk: package contents will run on your machine. The SKILL.md references a GitHub repo in the label, but the install actually pulls from the npm registry; verify the package publisher and source before installing.
Credentials
Only one environment variable (WAIAAS_SESSION_TOKEN) is required, which is appropriate for a session-based local daemon. This token is sensitive: the skill legitimately needs it, but granting it to the daemon gives that process the ability to sign and send transactions — ensure token scope/expiry and use least privilege.
Persistence & Privilege
The skill does not request always:true or system‑wide configuration changes. It installs a CLI (global npm install is suggested), which is normal for this use case. The agent is allowed to invoke the MCP — expected for skills.
Assessment
This skill appears to do what it says, but you must trust the CLI/daemon you install. Before installing: (1) verify the npm package owner and the upstream source (GitHub repo) and inspect the code if possible; (2) avoid running global installs as root; prefer a user-level or containerized install; (3) use short‑lived, limited session tokens and revoke them after use; (4) run the daemon on an isolated host or VM if you want stronger separation; (5) confirm Admin UI is bound to localhost and protected; and (6) consider auditing network activity of the daemon after startup. If you cannot verify the package source or review the code, treat the install as higher risk.

Like a lobster shell, security has layers — review code before you run it.

Current versionv1.0.1
Download zip
latestvk976eb7wg2d4b9kqp8yjt7rp29831nka

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Runtime requirements

🔐 Clawdis
Binswaiaas
EnvWAIAAS_SESSION_TOKEN

Install

Install WAIaaS CLI (source: https://github.com/minhoyoo-iotrust/WAIaaS)
Bins: waiaas
npm i -g @waiaas/cli

SKILL.md

WAIaaS Wallet — Self-Hosted Wallet for AI Agents

Your private keys should never live inside your agent process. If your agent is compromised, the attacker gets the keys. WAIaaS separates key custody into an isolated daemon with a policy engine that limits what any agent session can do.

What is WAIaaS?

WAIaaS (Wallet-as-a-Service for AI Agents) is a self-hosted local daemon that manages crypto wallets on behalf of AI agents. Unlike cloud wallet services (Coinbase CDP, Privy, Circle), WAIaaS runs entirely on your machine — no third-party API keys, no custodial risk.

Why use WAIaaS instead of raw keypairs?

ApproachKey exposureSpending limitsHuman approvalKill switch
Raw keypair in agentAgent process holds keyNoneNoneKill process
Cloud WaaS (CDP, Privy)Third-party holds keyVariesVariesAPI call
WAIaaSIsolated daemon holds keyPer-token, per-tx, cumulativeSIWE/SIWS/WalletConnectInstant via Admin UI

Key features

  • Self-hosted: Local daemon, no third-party dependency
  • Policy engine: Default-deny, token whitelist, per-token spending limits, cumulative caps
  • Owner approval: High-value transactions require human signature (SIWE/SIWS/WalletConnect/D'CENT)
  • Multi-chain: EVM (Ethereum, Base, Arbitrum, Polygon, Optimism) + Solana in one daemon
  • 59+ MCP tools: Wallet ops, DeFi (swap/lend/stake/bridge/perp), NFT, x402, ERC-4337, ERC-8004
  • Kill switch: Instantly freeze any wallet from Admin UI or API
  • RPC proxy: Use as --rpc-url for Forge, Hardhat, ethers.js — every tx goes through policy engine

Quick Start

1. Install and start the daemon

npm install -g @waiaas/cli
waiaas init                        # Create data directory + config.toml
waiaas start                       # Start daemon (sets master password on first run)
waiaas quickset --mode mainnet     # Create wallets + MCP sessions in one step

The quickset command creates Solana + EVM wallets automatically, issues MCP session tokens, and outputs a ready-to-use MCP config snippet.

For testing, use waiaas quickset --mode testnet to create Solana Devnet + EVM Sepolia wallets.

2. Configure spending policies (recommended before connecting agents)

Set up spending limits and token whitelists via Admin UI at http://127.0.0.1:3100/admin. WAIaaS uses default-deny policy — agents cannot transact until policies are configured. This ensures human oversight before any agent gains financial capabilities.

3. Connect MCP server

Pass the session token via environment variable (do not hardcode tokens in config files):

# Set session token as environment variable
export WAIAAS_SESSION_TOKEN="<session-token-from-quickset>"

# Then configure OpenClaw MCP
openclaw config set mcpServers.waiaas.command "npx"
openclaw config set mcpServers.waiaas.args '["@waiaas/mcp"]'
openclaw config set mcpServers.waiaas.env.WAIAAS_SESSION_TOKEN "\${WAIAAS_SESSION_TOKEN}"

Or auto-register with all wallets:

waiaas mcp setup --all

Security note: Store session tokens in environment variables or a secrets manager, not in plaintext config files. Session tokens are time-limited JWTs and can be revoked from the Admin UI at any time.

Available MCP Tools (59+)

Wallet Management

  • connect_info — Self-discovery: wallets, policies, capabilities. Call this first.
  • get_balance — Wallet balance (native + USD)
  • get_address — Public address
  • get_assets — All held assets (native + tokens)
  • get_wallet_info — Chain, address, environment, networks
  • get_tokens — Registered tokens for a network
  • resolve_asset — Resolve CAIP-19 asset ID to metadata

Transactions

  • send_token — Send native (SOL/ETH) or tokens (ERC-20/SPL)
  • call_contract — Call whitelisted smart contracts
  • approve_token — Approve spender (requires APPROVED_SPENDERS policy)
  • send_batch — Atomic multi-instruction transaction (Solana)
  • sign_transaction — Sign without broadcasting
  • sign_message — Personal sign or EIP-712 typed data
  • simulate_transaction — Dry-run with policy evaluation, no side effects
  • encode_calldata — Encode EVM function call to hex

Transaction History

  • list_transactions — Outgoing transaction history (paginated)
  • get_transaction — Single transaction details
  • list_incoming_transactions — Incoming transfers (paginated, filterable)
  • get_incoming_summary — Period-based incoming summary (daily/weekly/monthly)

DeFi (via Action Providers)

  • Swap: Jupiter (Solana), 0x (EVM), DCent Aggregator
  • Bridge: LI.FI cross-chain, Across Protocol
  • Lending: Aave V3 (EVM), Kamino (Solana)
  • Staking: Lido (ETH), Jito (SOL)
  • Yield: Pendle yield trading
  • Perp: Drift (Solana), Hyperliquid (10 tools)
  • Prediction: Polymarket (8 tools)

NFT

  • list_nfts — List owned NFTs (ERC-721/1155/Metaplex)
  • get_nft_metadata — NFT metadata and attributes
  • transfer_nft — Transfer NFT (requires approval tier)

Advanced

  • x402_fetch — HTTP 402 automatic payment
  • wc_connect / wc_status / wc_disconnect — WalletConnect pairing
  • build_userop / sign_userop — ERC-4337 Account Abstraction
  • erc8004_* — ERC-8004 Trustless Agent identity
  • erc8128_* — ERC-8128 Signed HTTP Requests
  • get_rpc_proxy_url — EVM RPC proxy for Forge/Hardhat/ethers.js
  • list_credentials / list_offchain_actions — Credential vault and off-chain history

Example Workflows

Check balance and send tokens

You: What's my wallet balance?
Agent: [calls connect_info, then get_balance]
> Your wallet holds 2.5 ETH ($4,250) and 1,000 USDC on Base.

You: Send 100 USDC to 0xAlice...
Agent: [calls simulate_transaction first, then send_token]
> Simulated: 100 USDC transfer, fee ~$0.02, policy tier AUTO_SIGN.
> Transaction sent! TX: 0xabc... (confirmed in 2s)

DeFi operations

You: Swap 500 USDC for ETH on Base
Agent: [calls action_0x_swap_quote, then action_0x_swap_execute]
> Swapped 500 USDC → 0.29 ETH via 0x aggregator. TX: 0xdef...

You: Supply 1 ETH to Aave on Arbitrum
Agent: [calls action_aave_supply]
> Supplied 1 ETH to Aave V3 on Arbitrum. Current APY: 2.1%. TX: 0xghi...

x402 automatic payment

You: Fetch the premium API at https://api.example.com/data
Agent: [calls x402_fetch — auto-pays if 402 response]
> Paid 0.01 USDC via x402. Response: { "data": ... }

Security Model

WAIaaS enforces a 3-layer security model:

  1. Session authentication: Agents use time-limited JWT session tokens. No master password exposure.
  2. Policy engine: Default-deny. Configure ALLOWED_TOKENS, CONTRACT_WHITELIST, SPENDING_LIMIT, RATE_LIMIT per wallet.
  3. Owner approval + Kill switch: High-value transactions require human signature. Instant wallet freeze via Admin UI.

Transaction tiers:

  • AUTO_SIGN — Within policy limits, auto-approved
  • TIME_DELAY — Delayed execution with notification
  • APPROVAL — Requires owner wallet signature (SIWE/SIWS/WalletConnect)
  • BLOCKED — Denied by policy

Links

Files

1 total
Select a file
Select a file to preview.

Comments

Loading comments…