Open Wallet

v1.0.4

Use https://tx.steer.fun to have a user execute a wallet action (send a transaction or sign a message) with their own wallet via a shareable URL. Use when an agent needs the user to approve/execute a JSON-RPC request (e.g. eth_sendTransaction, personal_sign, eth_signTypedData_v4, wallet_sendCalls) and return the result (tx hash/signature) back to the agent, optionally via redirect_url.

⭐ 0· 933·0 current·0 all-time

by@stephancill

MIT-0

Download zip

LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.

Security Scan

VirusTotal

Benign

View report →

OpenClaw

Benign

high confidence

✓

Purpose & Capability

Name/description (open a shareable tx.steer.fun link for user wallet actions) match the SKILL.md content. There are no required binaries, env vars, or install steps that would be unrelated to creating a URL and instructing the user to open it.

ℹ

Instruction Scope

SKILL.md confines the agent to building a URL, explaining params, and advising how to get the result back (manual copy or redirect_url). It does not instruct reading files, env vars, or system state. Caution: redirect_url/template modes can cause results (tx hashes or signatures) to be sent to third-party endpoints or embedded into messages; the agent should explicitly instruct users to verify the destination and the request contents before signing.

✓

Install Mechanism

No install spec and no code files — instruction-only. Nothing is written to disk and no external packages are pulled.

✓

Credentials

The skill requests no environment variables, credentials, or config paths. Declared requirements are minimal and appropriate for a URL-based, user-driven flow.

✓

Persistence & Privilege

always:false and no requests to modify agent/system configuration. The skill does not ask for persistent presence or elevated privileges.

Assessment

This skill is coherent and does what it says (builds tx.steer.fun links), but it still involves user signatures/transactions so treat it cautiously. Before using: (1) verify the domain (https://tx.steer.fun) is the intended service and trust it; (2) always present the request in plain language to the user (what contract, function, chain, and value) and get explicit consent before asking them to open the link; (3) be careful with redirect_url/template mode — it can send signatures or transaction hashes to third-party endpoints or embed them in messages (avoid sending sensitive results to unknown destinations); (4) prefer manual copy/paste when privacy is required or use a redirect_url under your control; (5) consider adding agent-side checks to display the full JSON-RPC payload and warn about transactions that transfer funds or grant approvals. If you need provenance or higher assurance, ask the skill author for a homepage/source and verify the service independently.

Like a lobster shell, security has layers — review code before you run it.

latestvk972yb6675s1jat4mn1q23bsdx80xt3z

License

MIT-0

Free to use, modify, and redistribute. No attribution required.

Termshttps://spdx.org/licenses/MIT-0.html

Open Wallet

License

Comments