aawp
> AAWP (AI Agent Wallet Protocol) — the only crypto wallet protocol built exclusively for AI Agents on EVM-compatible blockchains. Not for humans. The signer is the AI Agent itself, cryptographically bound at wallet creation. Supports wallet lifecycle management, token transfers,
Install caution
Risk: High
Source: OpenClaw Master Skills
Path: skills/aawp/SKILL.md
Review flags: credential or secret references, filesystem/home-directory access, network access or external URLs, shell command snippets. These are review signals, not definitive security judgments; inspect before installing.
Required permissions
- • Environment variables / secrets
- • Shell commands
- • Network/API usage
- • Filesystem/home access
Permissions are inferred from SKILL.md text only. They are review prompts, not guarantees about runtime behavior.
Risk flags explained
Mentions tokens, API keys, passwords, or private-key style environment variables.
Mentions filesystem writes, deletes, home-directory paths, or config/key locations.
Mentions external URLs, network APIs, downloads, or HTTP client usage.
Contains shell command snippets. Review commands before copy/paste or agent execution.
Score explanation
Trust
- • Trust starts at 90 before review-signal penalties and metadata bonuses.
- • Risk-signal penalty: -53 from 4 detected flag(s).
- • Metadata bonus: +5 from author/version/description fields.
Utility
- • Utility starts at 55 and rewards clear descriptions, runnable examples, and explicit setup needs.
- • Description present: yes.
- • Command examples detected: 14.
- • Environment variables detected: 4.
Momentum
- • Momentum starts at 45 and uses public repo activity signals.
- • Recent commit activity: latest repo update was 6 day(s) ago.
- • Recent commit volume: 6 commit(s) in the lookback window (+18).
- • Source has strong public adoption: 2049 stars.
- • Fork activity suggests reuse: 309 forks.
Overall
- • Overall score weights trust 45%, utility 35%, and momentum 20%.
Detected signals
Env vars
- • AAWP_AI_TOKEN
- • AAWP_GAS_KEY
- • AAWP_GUARDIAN_KEY
- • API
Commands
- • node scripts/dca.js
- • node scripts/deploy-clanker.js
- • node scripts/deploy-clanker.js --dry-run
- • node scripts/limit-order.js
- • node scripts/nft.js
- • node scripts/portfolio.js
- • node scripts/price-alert.js
- • node scripts/wallet-manager.js
- • node scripts/wallet-manager.js --chain base balance
- • node scripts/wallet-manager.js --chain base create
- • node scripts/wallet-manager.js --chain base quote ETH USDC 0.001
- • node scripts/wallet-manager.js --chain base swap ETH USDC 0.001
URLs
- • https://...
- • https://github.com/aawp-ai/aawp\
Provenance & evidence
SkillRadar makes each review traceable back to the exact source path, source blob SHA, scanner version, and text-only policy that produced the report.
Evidence snippets
…e: AAWP_SKILL description: \"Override skill root directory path\" required: false - name: AAWP_AI_TOKEN description: \"Daemon auth token (auto-generated at startup, not user-supplied)\" require…
…manager.js --chain base revoke <token> <spender> ``` ### Contract Interaction ```bash # Write (sends tx) wallet-manager.js --chain base call <contract> "transfer(address,uint256)" 0xT…
…operations. Built from Rust via napi-rs. Hash recorded in aawp-core.node.hash. source: \"https://github.com/aawp-ai/aawp\" verification: \"On-chain factory approveBinary(hash) \u2014 only…
…reum · Base · BNB Chain · Polygon · Optimism · Arbitrum --- ## Architecture Overview ``` ┌─────────────────────────────────────────────────┐ │ AI Agent (OpenClaw) │ │ ┌───────────────┐ ┌──────────────────────┐ │ │ │ wallet-manager│───▶│ Signing Daemon │ │ │ │
Watch this skill
Get alerted when this skill adds credential requirements, shell commands, external domains, remote installer patterns, or risk-level changes.
Join watchlist betaMethodology note
SkillRadar scans SKILL.md as hostile text only. It does not execute commands, install packages, or load third-party skills.