Secure crypto wallet for AI agents. Hardware-isolated keys (Apple Secure Enclave), ERC-4337 smart wallet, on-chain spending caps, default-deny policy engine.
Security Analysis
medium confidenceThe skill's code, runtime instructions, and install artifacts are internally consistent with a macOS-local crypto wallet that talks to a local signing daemon — nothing indicates obvious misdirection or hidden exfiltration, but installing a privileged .pkg and trusting a local signing daemon carries real risk and deserves careful review.
Name/description describe a macOS-local crypto wallet that delegates signing to a local daemon; the skill requires the MonolithDaemon binary and its scripts call a local Unix socket and public blockchain APIs — these requirements match the stated purpose. The included code (intent building, RPC/quoter calls, daemon client) is coherent with a wallet skill.
SKILL.md and scripts stay within wallet-related functionality: building {target, calldata, value} intents, querying balances, Uniswap quoting, ENS resolution, and calling local daemon endpoints (/sign, /policy, /capabilities). The runtime-bootstrap checks for binary, launch agents, and companion app paths but does not execute privileged commands automatically. Note: the skill will call localhost Unix socket endpoints that ultimately can trigger on-chain signing via the local daemon — this is expected but is a sensitive capability.
Install entries in SKILL.md point to GitHub release assets (.pkg and .app.zip) on a well-known host (github.com) which is reasonable; the macOS .pkg requires admin privileges to install. There is a minor inconsistency: registry metadata listed 'No install spec — instruction-only' while SKILL.md contains install download entries and source includes code files. Verify you intend to install the .pkg before proceeding.
The skill does not request credentials or secrets and declares no required env vars. It optionally reads override env vars (MONOLITH_SOCKET, MONOLITH_DAEMON_BIN, MONOLITH_DAEMON_PLIST, MONOLITH_COMPANION_APP) for configuration which are reasonable and not excessive for a local daemon client.
always:false and user-invocable:true — the skill is not force-included. The more important privilege is that the agent (when allowed to invoke skills) can call POST /sign on a local signing daemon — a powerful capability. This is coherent with a wallet skill but means you must trust the daemon binary and the skill's intent-building behavior; ensure policy limits and allowlists are set tightly.
Guidance
This skill appears to do what it says: it builds transaction intents and communicates with a local macOS daemon that performs signing and enforces policy. Before installing: 1) Treat the MonolithDaemon.pkg as a privileged install (requires admin) — verify the release via checksums/signatures and the GitHub project lineage. 2) Inspect or vet the daemon binary/source (the JS here talks only to the daemon; the daemon actually holds keys and does signing). 3) Limit exposure: use small balances and strict per-tx/daily caps and an allowlist before giving the agent autonomous invocation rights. 4) Note the registry vs SKILL.md inconsistency: manifest says instruction-only but the skill includes code and install entries — confirm you understand the full install flow. 5) If you will allow autonomous agent actions, prefer an interactive approval path (do not run headless) and keep tight policy settings. If you want, provide the daemon binary hash or a link to a signed release and I can point out what additional checks to perform.
Latest Release
v0.1.10
- Updated documentation formatting in SKILL.md for improved readability. - No functional changes to the skill's logic or commands. - Updated package files (package.json, package-lock.json) with this version bump.
Popular Skills
Published by @slaviquee on ClawHub
