{ "schemaVersion": "1.0", "item": { "slug": "agentwallet", "name": "Vincent - Wallet", "source": "tencent", "type": "skill", "category": "AI 智能", "sourceUrl": "https://clawhub.ai/glitch003/agentwallet", "canonicalUrl": "https://clawhub.ai/glitch003/agentwallet", "targetPlatform": "OpenClaw" }, "install": { "downloadMode": "redirect", "downloadUrl": "/downloads/agentwallet", "sourceDownloadUrl": "https://wry-manatee-359.convex.site/api/v1/download?slug=agentwallet", "sourcePlatform": "tencent", "targetPlatform": "OpenClaw", "installMethod": "Manual import", "extraction": "Extract archive", "prerequisites": [ "OpenClaw" ], "packageFormat": "ZIP package", "includedAssets": [ "SKILL.md" ], "primaryDoc": "SKILL.md", "quickSetup": [ "Download the package from Yavira.", "Extract the archive and review SKILL.md first.", "Import or place the package into your OpenClaw setup." ], "agentAssist": { "summary": "Hand the extracted package to your coding agent with a concrete install brief instead of figuring it out manually.", "steps": [ "Download the package from Yavira.", "Extract it into a folder your agent can access.", "Paste one of the prompts below and point your agent at the extracted folder." ], "prompts": [ { "label": "New install", "body": "I downloaded a skill package from Yavira. Read SKILL.md from the extracted folder and install it by following the included instructions. Tell me what you changed and call out any manual steps you could not complete." }, { "label": "Upgrade existing", "body": "I downloaded an updated skill package from Yavira. Read SKILL.md from the extracted folder, compare it with my current installation, and upgrade it while preserving any custom configuration unless the package docs explicitly say otherwise. Summarize what changed and any follow-up checks I should run." } ] }, "sourceHealth": { "source": "tencent", "status": "healthy", "reason": "direct_download_ok", "recommendedAction": "download", "checkedAt": "2026-04-30T16:55:25.780Z", "expiresAt": "2026-05-07T16:55:25.780Z", "httpStatus": 200, "finalUrl": "https://wry-manatee-359.convex.site/api/v1/download?slug=network", "contentType": "application/zip", "probeMethod": "head", "details": { "probeUrl": "https://wry-manatee-359.convex.site/api/v1/download?slug=network", "contentDisposition": "attachment; filename=\"network-1.0.0.zip\"", "redirectLocation": null, "bodySnippet": null }, "scope": "source", "summary": "Source download looks usable.", "detail": "Yavira can redirect you to the upstream package for this source.", "primaryActionLabel": "Download for OpenClaw", "primaryActionHref": "/downloads/agentwallet" }, "validation": { "installChecklist": [ "Use the Yavira download entry.", "Review SKILL.md after the package is downloaded.", "Confirm the extracted package contains the expected setup assets." ], "postInstallChecks": [ "Confirm the extracted package includes the expected docs or setup files.", "Validate the skill or prompts are available in your target agent workspace.", "Capture any manual follow-up steps the agent could not complete." ] }, "downloadPageUrl": "https://openagent3.xyz/downloads/agentwallet", "agentPageUrl": "https://openagent3.xyz/skills/agentwallet/agent", "manifestUrl": "https://openagent3.xyz/skills/agentwallet/agent.json", "briefUrl": "https://openagent3.xyz/skills/agentwallet/agent.md" }, "agentAssist": { "summary": "Hand the extracted package to your coding agent with a concrete install brief instead of figuring it out manually.", "steps": [ "Download the package from Yavira.", "Extract it into a folder your agent can access.", "Paste one of the prompts below and point your agent at the extracted folder." ], "prompts": [ { "label": "New install", "body": "I downloaded a skill package from Yavira. Read SKILL.md from the extracted folder and install it by following the included instructions. Tell me what you changed and call out any manual steps you could not complete." }, { "label": "Upgrade existing", "body": "I downloaded an updated skill package from Yavira. Read SKILL.md from the extracted folder, compare it with my current installation, and upgrade it while preserving any custom configuration unless the package docs explicitly say otherwise. Summarize what changed and any follow-up checks I should run." } ] }, "documentation": { "source": "clawhub", "primaryDoc": "SKILL.md", "sections": [ { "title": "Vincent - A wallet for agents", "body": "Use this skill to safely create a wallet the agent can use for transfers, swaps, and any EVM chain transaction without ever exposing private keys to the agent. Create a wallet, set spending policies, and your agent can transfer tokens, do swaps, and interact with smart contracts within the boundaries you define.\n\nThe agent never sees the private key. All transactions are executed server-side through a ZeroDev smart account. The agent receives a scoped API key that can only perform actions permitted by the wallet owner's policies. The private key never leaves the Vincent server.\n\nAll commands use the @vincentai/cli package. API keys are stored and resolved automatically — you never handle raw keys or file paths." }, { "title": "Security Model", "body": "This skill is designed for autonomous agent operation with human oversight via server-side controls. Understanding this model is important:\n\nNo environment variables are required because this skill uses agent-first onboarding: the agent creates its own wallet at runtime by calling the Vincent API, which returns a scoped API key. There is no pre-existing credential to configure. The CLI stores the returned API key automatically during wallet creation. The config paths where the key is persisted (${OPENCLAW_STATE_DIR:-$HOME/.openclaw}/credentials/agentwallet/ or ./agentwallet/) are declared in this skill's metadata.\n\nThe agent's API key is not a private key. It is a scoped Bearer token that can only execute transactions within the policies set by the wallet owner. The Vincent server enforces all policies server-side — the agent cannot bypass them regardless of what it sends. If a transaction violates a policy, the server rejects it. If a transaction requires approval, the server holds it and notifies the wallet owner via Telegram for out-of-band human approval.\n\nModel invocation is intentionally enabled. The purpose of this skill is to give AI agents autonomous wallet capabilities. The agent is expected to invoke wallet actions (transfers, swaps, contract calls) on its own, within the boundaries the human operator defines. The human controls what the agent can do through policies (spending limits, address allowlists, token allowlists, function allowlists, approval thresholds) — not by gating individual invocations. The stored key is scoped and policy-constrained — even if another process reads it, it can only perform actions the wallet owner's policies allow, and the owner can revoke it instantly.\n\nAll API calls go exclusively to heyvincent.ai over HTTPS/TLS. No other endpoints, services, or external hosts are contacted. The agent does not read, collect, or transmit any data beyond what is needed for wallet operations.\n\nVincent is open source and audited. The server-side code that enforces policies, manages private keys, and executes transactions is publicly auditable at github.com/HeyVincent-ai/Vincent. The Vincent backend undergoes continuous security audits covering key management, policy enforcement, transaction signing, and API authentication. You can verify how policy enforcement works, how private keys are stored, how the scoped API key is validated, and how revocation is handled — nothing is opaque. If you want to self-host Vincent rather than trust the hosted service, the repository includes deployment instructions.\n\nKey lifecycle:\n\nCreation: The agent runs secret create — the CLI stores the API key automatically and returns a keyId and claimUrl.\nClaim: The human operator uses the claim URL to take ownership and configure policies.\nRevocation: The wallet owner can revoke the agent's API key at any time from https://heyvincent.ai. Revoked keys are rejected immediately by the server.\nRe-linking: If the agent loses its API key, the wallet owner generates a one-time re-link token and the agent exchanges it for a new key via secret relink.\nRotation: The wallet owner can revoke the current key and issue a re-link token to rotate credentials at any time." }, { "title": "Which Secret Type to Use", "body": "TypeUse CaseNetworkGasEVM_WALLETTransfers, swaps, DeFi, contract callsAny EVM chainSponsored (free)RAW_SIGNERRaw message signing for special protocolsAny (Ethereum + Solana)You pay\n\nChoose EVM_WALLET (default) for:\n\nSending ETH or tokens\nSwapping tokens on DEXs\nInteracting with smart contracts\nAny standard EVM transaction\n\nChoose RAW_SIGNER only when you need:\n\nRaw ECDSA/Ed25519 signatures for protocols that don't work with smart accounts\nTo sign transaction hashes you'll broadcast yourself\nSolana signatures" }, { "title": "1. Check for Existing Keys", "body": "Before creating a new wallet, check if one already exists:\n\nnpx @vincentai/cli@latest secret list --type EVM_WALLET\n\nIf a key is returned, use its id as the --key-id for all subsequent commands. If no keys exist, create a new wallet." }, { "title": "2. Create a Wallet", "body": "npx @vincentai/cli@latest secret create --type EVM_WALLET --memo \"My agent wallet\" --chain-id 84532\n\nReturns keyId (use for all future commands), claimUrl (share with the user), and address.\n\nAfter creating, tell the user:\n\n\"Here is your wallet claim URL: . Use this to claim ownership, set spending policies, and monitor your agent's wallet activity at https://heyvincent.ai.\"" }, { "title": "3. Get Wallet Address", "body": "npx @vincentai/cli@latest wallet address --key-id " }, { "title": "4. Check Balances", "body": "# All balances across all supported chains\nnpx @vincentai/cli@latest wallet balances --key-id \n\n# Filter to specific chains\nnpx @vincentai/cli@latest wallet balances --key-id --chain-ids 1,137,42161\n\nReturns all ERC-20 tokens and native balances with symbols, decimals, logos, and USD values." }, { "title": "5. Transfer ETH or Tokens", "body": "# Transfer native ETH\nnpx @vincentai/cli@latest wallet transfer --key-id --to 0xRecipient --amount 0.01\n\n# Transfer ERC-20 token\nnpx @vincentai/cli@latest wallet transfer --key-id --to 0xRecipient --amount 100 --token 0xTokenAddress\n\nIf the transaction violates a policy, the server returns an error explaining which policy was triggered. If the transaction requires human approval (based on the approval threshold policy), the server returns status: \"pending_approval\" and the wallet owner receives a Telegram notification to approve or deny." }, { "title": "6. Swap Tokens", "body": "Swap one token for another using DEX liquidity (powered by 0x).\n\n# Preview a swap (no execution, just pricing)\nnpx @vincentai/cli@latest wallet swap preview --key-id \\\n --sell-token 0xEeeeeEeeeEeEeeEeEeEeeEEEeeeeEeeeeeeeEEeE \\\n --buy-token 0xA0b86991c6218b36c1d19D4a2e9Eb0cE3606eB48 \\\n --sell-amount 0.1 --chain-id 1\n\n# Execute a swap\nnpx @vincentai/cli@latest wallet swap execute --key-id \\\n --sell-token 0xEeeeeEeeeEeEeeEeEeEeeEEEeeeeEeeeeeeeEEeE \\\n --buy-token 0xA0b86991c6218b36c1d19D4a2e9Eb0cE3606eB48 \\\n --sell-amount 0.1 --chain-id 1 --slippage 100\n\nUse 0xEeeeeEeeeEeEeeEeEeEeeEEEeeeeEeeeeeeeEEeE for native ETH.\n--sell-amount: Human-readable amount (e.g. 0.1 for 0.1 ETH).\n--chain-id: 1 = Ethereum, 137 = Polygon, 42161 = Arbitrum, 10 = Optimism, 8453 = Base, etc.\n--slippage: Slippage tolerance in basis points (100 = 1%). Defaults to 100. Execute only.\n\nThe preview returns expected buy amount, route info, and fees without executing. Execute performs the actual swap, handling ERC20 approvals automatically." }, { "title": "7. Send Arbitrary Transaction", "body": "Interact with any smart contract by sending custom calldata.\n\nnpx @vincentai/cli@latest wallet send-tx --key-id --to 0xContract --data 0xCalldata --value 0" }, { "title": "8. Transfer Between Your Secrets", "body": "Transfer funds between Vincent secrets you own (e.g., from one EVM wallet to another, or to a Polymarket wallet). Vincent verifies you own both secrets and handles any token conversion or cross-chain bridging automatically.\n\n# Preview (get quote without executing)\nnpx @vincentai/cli@latest wallet transfer-between preview --key-id \\\n --to-secret-id --from-chain 8453 --to-chain 8453 \\\n --token-in ETH --amount 0.1 --token-out ETH\n\n# Execute\nnpx @vincentai/cli@latest wallet transfer-between execute --key-id \\\n --to-secret-id --from-chain 8453 --to-chain 8453 \\\n --token-in ETH --amount 0.1 --token-out ETH --slippage 100\n\n# Check cross-chain transfer status\nnpx @vincentai/cli@latest wallet transfer-between status --key-id --relay-id \n\nBehavior:\n\nSame token + same chain: Executes as a direct transfer (gas sponsored).\nDifferent token or chain: Uses a relay service for atomic swap + bridge.\nThe destination secret can be an EVM_WALLET or POLYMARKET_WALLET.\nThe server verifies you own both the source and destination secrets — transfers to secrets you don't own are rejected.\nTransfers are subject to the same server-side policies as regular transfers (spending limits, approval thresholds, etc.)." }, { "title": "Output Format", "body": "CLI commands return JSON to stdout. Successful responses include the relevant data:\n\n{\n \"address\": \"0x...\",\n \"balances\": [\n {\n \"token\": \"ETH\",\n \"balance\": \"0.5\",\n \"usdValue\": \"1250.00\"\n }\n ]\n}\n\nTransaction commands return:\n\n{\n \"transactionHash\": \"0x...\",\n \"status\": \"confirmed\"\n}\n\nFor transactions requiring human approval:\n\n{\n \"status\": \"pending_approval\",\n \"message\": \"Transaction requires owner approval via Telegram\"\n}" }, { "title": "Error Handling", "body": "ErrorCauseResolution401 UnauthorizedInvalid or missing API keyCheck that the key-id is correct; re-link if needed403 Policy ViolationTransaction blocked by server-side policyUser must adjust policies at heyvincent.ai400 Insufficient BalanceNot enough tokens for the transferCheck balances before transferring429 Rate LimitedToo many requestsWait and retry with backoffpending_approvalTransaction exceeds approval thresholdUser will receive Telegram notification to approve/denyKey not foundAPI key was revoked or never createdRe-link with a new token from the wallet owner\n\nIf a transaction is rejected, inform the user to check their policy settings at https://heyvincent.ai." }, { "title": "Policies (Server-Side Enforcement)", "body": "The wallet owner controls what the agent can do by setting policies via the claim URL at https://heyvincent.ai. All policies are enforced server-side by the Vincent API — the agent cannot bypass or modify them. If a transaction violates a policy, the API rejects it. If a transaction triggers an approval threshold, the API holds it and sends the wallet owner a Telegram notification for out-of-band human approval. The policy enforcement logic is open source and auditable at github.com/HeyVincent-ai/Vincent.\n\nPolicyWhat it doesAddress allowlistOnly allow transfers/calls to specific addressesToken allowlistOnly allow transfers of specific ERC-20 tokensFunction allowlistOnly allow calling specific contract functions (by 4-byte selector)Spending limit (per tx)Max USD value per transactionSpending limit (daily)Max USD value per rolling 24 hoursSpending limit (weekly)Max USD value per rolling 7 daysRequire approvalEvery transaction needs human approval via TelegramApproval thresholdTransactions above a USD amount need human approval via Telegram\n\nBefore the wallet is claimed, the agent can operate without policy restrictions. This is by design: agent-first onboarding allows the agent to begin accumulating and managing funds immediately. Once the human operator claims the wallet via the claim URL, they can add any combination of policies to constrain the agent's behavior. The wallet owner can also revoke the agent's API key entirely at any time." }, { "title": "Re-linking (Recovering API Access)", "body": "If the agent loses its API key, the wallet owner can generate a re-link token from the frontend. The agent then exchanges this token for a new API key.\n\nHow it works:\n\nThe user generates a re-link token from the wallet detail page at https://heyvincent.ai\nThe user gives the token to the agent (e.g. by pasting it in chat)\nThe agent runs the relink command:\n\nnpx @vincentai/cli@latest secret relink --token \n\nThe CLI exchanges the token for a new API key, stores it automatically, and returns the new keyId. Use this keyId for all subsequent commands.\n\nImportant: Re-link tokens are one-time use and expire after 10 minutes." }, { "title": "Important Notes", "body": "No gas needed. A paymaster is fully set up — all transaction gas fees are sponsored automatically. The wallet does not need ETH for gas.\nNever try to access raw secret values. The private key stays server-side — that's the whole point.\nAlways share the claim URL with the user after creating a wallet.\nIf a transaction is rejected, it may be blocked by a server-side policy. Tell the user to check their policy settings at https://heyvincent.ai.\nIf a transaction requires approval, it will return status: \"pending_approval\". The wallet owner will receive a Telegram notification to approve or deny." }, { "title": "Raw Signer (Advanced)", "body": "For raw ECDSA/Ed25519 signing when smart accounts won't work." }, { "title": "Create a Raw Signer", "body": "npx @vincentai/cli@latest secret create --type RAW_SIGNER --memo \"My raw signer\"\n\nResponse includes both Ethereum (secp256k1) and Solana (ed25519) addresses derived from the same seed." }, { "title": "Get Addresses", "body": "npx @vincentai/cli@latest raw-signer addresses --key-id \n\nReturns ethAddress and solanaAddress." }, { "title": "Sign a Message", "body": "npx @vincentai/cli@latest raw-signer sign --key-id --message 0x --curve ethereum\n\n--message: Hex-encoded bytes to sign (must start with 0x)\n--curve: ethereum for secp256k1 ECDSA, solana for ed25519\n\nReturns a hex-encoded signature. For Ethereum, this is r || s || v (65 bytes). For Solana, it's a 64-byte ed25519 signature." } ], "body": "Vincent - A wallet for agents\n\nUse this skill to safely create a wallet the agent can use for transfers, swaps, and any EVM chain transaction without ever exposing private keys to the agent. Create a wallet, set spending policies, and your agent can transfer tokens, do swaps, and interact with smart contracts within the boundaries you define.\n\nThe agent never sees the private key. All transactions are executed server-side through a ZeroDev smart account. The agent receives a scoped API key that can only perform actions permitted by the wallet owner's policies. The private key never leaves the Vincent server.\n\nAll commands use the @vincentai/cli package. API keys are stored and resolved automatically — you never handle raw keys or file paths.\n\nSecurity Model\n\nThis skill is designed for autonomous agent operation with human oversight via server-side controls. Understanding this model is important:\n\nNo environment variables are required because this skill uses agent-first onboarding: the agent creates its own wallet at runtime by calling the Vincent API, which returns a scoped API key. There is no pre-existing credential to configure. The CLI stores the returned API key automatically during wallet creation. The config paths where the key is persisted (${OPENCLAW_STATE_DIR:-$HOME/.openclaw}/credentials/agentwallet/ or ./agentwallet/) are declared in this skill's metadata.\n\nThe agent's API key is not a private key. It is a scoped Bearer token that can only execute transactions within the policies set by the wallet owner. The Vincent server enforces all policies server-side — the agent cannot bypass them regardless of what it sends. If a transaction violates a policy, the server rejects it. If a transaction requires approval, the server holds it and notifies the wallet owner via Telegram for out-of-band human approval.\n\nModel invocation is intentionally enabled. The purpose of this skill is to give AI agents autonomous wallet capabilities. The agent is expected to invoke wallet actions (transfers, swaps, contract calls) on its own, within the boundaries the human operator defines. The human controls what the agent can do through policies (spending limits, address allowlists, token allowlists, function allowlists, approval thresholds) — not by gating individual invocations. The stored key is scoped and policy-constrained — even if another process reads it, it can only perform actions the wallet owner's policies allow, and the owner can revoke it instantly.\n\nAll API calls go exclusively to heyvincent.ai over HTTPS/TLS. No other endpoints, services, or external hosts are contacted. The agent does not read, collect, or transmit any data beyond what is needed for wallet operations.\n\nVincent is open source and audited. The server-side code that enforces policies, manages private keys, and executes transactions is publicly auditable at github.com/HeyVincent-ai/Vincent. The Vincent backend undergoes continuous security audits covering key management, policy enforcement, transaction signing, and API authentication. You can verify how policy enforcement works, how private keys are stored, how the scoped API key is validated, and how revocation is handled — nothing is opaque. If you want to self-host Vincent rather than trust the hosted service, the repository includes deployment instructions.\n\nKey lifecycle:\n\nCreation: The agent runs secret create — the CLI stores the API key automatically and returns a keyId and claimUrl.\nClaim: The human operator uses the claim URL to take ownership and configure policies.\nRevocation: The wallet owner can revoke the agent's API key at any time from https://heyvincent.ai. Revoked keys are rejected immediately by the server.\nRe-linking: If the agent loses its API key, the wallet owner generates a one-time re-link token and the agent exchanges it for a new key via secret relink.\nRotation: The wallet owner can revoke the current key and issue a re-link token to rotate credentials at any time.\nWhich Secret Type to Use\nType\tUse Case\tNetwork\tGas\nEVM_WALLET\tTransfers, swaps, DeFi, contract calls\tAny EVM chain\tSponsored (free)\nRAW_SIGNER\tRaw message signing for special protocols\tAny (Ethereum + Solana)\tYou pay\n\nChoose EVM_WALLET (default) for:\n\nSending ETH or tokens\nSwapping tokens on DEXs\nInteracting with smart contracts\nAny standard EVM transaction\n\nChoose RAW_SIGNER only when you need:\n\nRaw ECDSA/Ed25519 signatures for protocols that don't work with smart accounts\nTo sign transaction hashes you'll broadcast yourself\nSolana signatures\nQuick Start\n1. Check for Existing Keys\n\nBefore creating a new wallet, check if one already exists:\n\nnpx @vincentai/cli@latest secret list --type EVM_WALLET\n\n\nIf a key is returned, use its id as the --key-id for all subsequent commands. If no keys exist, create a new wallet.\n\n2. Create a Wallet\nnpx @vincentai/cli@latest secret create --type EVM_WALLET --memo \"My agent wallet\" --chain-id 84532\n\n\nReturns keyId (use for all future commands), claimUrl (share with the user), and address.\n\nAfter creating, tell the user:\n\n\"Here is your wallet claim URL: . Use this to claim ownership, set spending policies, and monitor your agent's wallet activity at https://heyvincent.ai.\"\n\n3. Get Wallet Address\nnpx @vincentai/cli@latest wallet address --key-id \n\n4. Check Balances\n# All balances across all supported chains\nnpx @vincentai/cli@latest wallet balances --key-id \n\n# Filter to specific chains\nnpx @vincentai/cli@latest wallet balances --key-id --chain-ids 1,137,42161\n\n\nReturns all ERC-20 tokens and native balances with symbols, decimals, logos, and USD values.\n\n5. Transfer ETH or Tokens\n# Transfer native ETH\nnpx @vincentai/cli@latest wallet transfer --key-id --to 0xRecipient --amount 0.01\n\n# Transfer ERC-20 token\nnpx @vincentai/cli@latest wallet transfer --key-id --to 0xRecipient --amount 100 --token 0xTokenAddress\n\n\nIf the transaction violates a policy, the server returns an error explaining which policy was triggered. If the transaction requires human approval (based on the approval threshold policy), the server returns status: \"pending_approval\" and the wallet owner receives a Telegram notification to approve or deny.\n\n6. Swap Tokens\n\nSwap one token for another using DEX liquidity (powered by 0x).\n\n# Preview a swap (no execution, just pricing)\nnpx @vincentai/cli@latest wallet swap preview --key-id \\\n --sell-token 0xEeeeeEeeeEeEeeEeEeEeeEEEeeeeEeeeeeeeEEeE \\\n --buy-token 0xA0b86991c6218b36c1d19D4a2e9Eb0cE3606eB48 \\\n --sell-amount 0.1 --chain-id 1\n\n# Execute a swap\nnpx @vincentai/cli@latest wallet swap execute --key-id \\\n --sell-token 0xEeeeeEeeeEeEeeEeEeEeeEEEeeeeEeeeeeeeEEeE \\\n --buy-token 0xA0b86991c6218b36c1d19D4a2e9Eb0cE3606eB48 \\\n --sell-amount 0.1 --chain-id 1 --slippage 100\n\nUse 0xEeeeeEeeeEeEeeEeEeEeeEEEeeeeEeeeeeeeEEeE for native ETH.\n--sell-amount: Human-readable amount (e.g. 0.1 for 0.1 ETH).\n--chain-id: 1 = Ethereum, 137 = Polygon, 42161 = Arbitrum, 10 = Optimism, 8453 = Base, etc.\n--slippage: Slippage tolerance in basis points (100 = 1%). Defaults to 100. Execute only.\n\nThe preview returns expected buy amount, route info, and fees without executing. Execute performs the actual swap, handling ERC20 approvals automatically.\n\n7. Send Arbitrary Transaction\n\nInteract with any smart contract by sending custom calldata.\n\nnpx @vincentai/cli@latest wallet send-tx --key-id --to 0xContract --data 0xCalldata --value 0\n\n8. Transfer Between Your Secrets\n\nTransfer funds between Vincent secrets you own (e.g., from one EVM wallet to another, or to a Polymarket wallet). Vincent verifies you own both secrets and handles any token conversion or cross-chain bridging automatically.\n\n# Preview (get quote without executing)\nnpx @vincentai/cli@latest wallet transfer-between preview --key-id \\\n --to-secret-id --from-chain 8453 --to-chain 8453 \\\n --token-in ETH --amount 0.1 --token-out ETH\n\n# Execute\nnpx @vincentai/cli@latest wallet transfer-between execute --key-id \\\n --to-secret-id --from-chain 8453 --to-chain 8453 \\\n --token-in ETH --amount 0.1 --token-out ETH --slippage 100\n\n# Check cross-chain transfer status\nnpx @vincentai/cli@latest wallet transfer-between status --key-id --relay-id \n\n\nBehavior:\n\nSame token + same chain: Executes as a direct transfer (gas sponsored).\nDifferent token or chain: Uses a relay service for atomic swap + bridge.\nThe destination secret can be an EVM_WALLET or POLYMARKET_WALLET.\nThe server verifies you own both the source and destination secrets — transfers to secrets you don't own are rejected.\nTransfers are subject to the same server-side policies as regular transfers (spending limits, approval thresholds, etc.).\nOutput Format\n\nCLI commands return JSON to stdout. Successful responses include the relevant data:\n\n{\n \"address\": \"0x...\",\n \"balances\": [\n {\n \"token\": \"ETH\",\n \"balance\": \"0.5\",\n \"usdValue\": \"1250.00\"\n }\n ]\n}\n\n\nTransaction commands return:\n\n{\n \"transactionHash\": \"0x...\",\n \"status\": \"confirmed\"\n}\n\n\nFor transactions requiring human approval:\n\n{\n \"status\": \"pending_approval\",\n \"message\": \"Transaction requires owner approval via Telegram\"\n}\n\nError Handling\nError\tCause\tResolution\n401 Unauthorized\tInvalid or missing API key\tCheck that the key-id is correct; re-link if needed\n403 Policy Violation\tTransaction blocked by server-side policy\tUser must adjust policies at heyvincent.ai\n400 Insufficient Balance\tNot enough tokens for the transfer\tCheck balances before transferring\n429 Rate Limited\tToo many requests\tWait and retry with backoff\npending_approval\tTransaction exceeds approval threshold\tUser will receive Telegram notification to approve/deny\nKey not found\tAPI key was revoked or never created\tRe-link with a new token from the wallet owner\n\nIf a transaction is rejected, inform the user to check their policy settings at https://heyvincent.ai.\n\nPolicies (Server-Side Enforcement)\n\nThe wallet owner controls what the agent can do by setting policies via the claim URL at https://heyvincent.ai. All policies are enforced server-side by the Vincent API — the agent cannot bypass or modify them. If a transaction violates a policy, the API rejects it. If a transaction triggers an approval threshold, the API holds it and sends the wallet owner a Telegram notification for out-of-band human approval. The policy enforcement logic is open source and auditable at github.com/HeyVincent-ai/Vincent.\n\nPolicy\tWhat it does\nAddress allowlist\tOnly allow transfers/calls to specific addresses\nToken allowlist\tOnly allow transfers of specific ERC-20 tokens\nFunction allowlist\tOnly allow calling specific contract functions (by 4-byte selector)\nSpending limit (per tx)\tMax USD value per transaction\nSpending limit (daily)\tMax USD value per rolling 24 hours\nSpending limit (weekly)\tMax USD value per rolling 7 days\nRequire approval\tEvery transaction needs human approval via Telegram\nApproval threshold\tTransactions above a USD amount need human approval via Telegram\n\nBefore the wallet is claimed, the agent can operate without policy restrictions. This is by design: agent-first onboarding allows the agent to begin accumulating and managing funds immediately. Once the human operator claims the wallet via the claim URL, they can add any combination of policies to constrain the agent's behavior. The wallet owner can also revoke the agent's API key entirely at any time.\n\nRe-linking (Recovering API Access)\n\nIf the agent loses its API key, the wallet owner can generate a re-link token from the frontend. The agent then exchanges this token for a new API key.\n\nHow it works:\n\nThe user generates a re-link token from the wallet detail page at https://heyvincent.ai\nThe user gives the token to the agent (e.g. by pasting it in chat)\nThe agent runs the relink command:\nnpx @vincentai/cli@latest secret relink --token \n\n\nThe CLI exchanges the token for a new API key, stores it automatically, and returns the new keyId. Use this keyId for all subsequent commands.\n\nImportant: Re-link tokens are one-time use and expire after 10 minutes.\n\nImportant Notes\nNo gas needed. A paymaster is fully set up — all transaction gas fees are sponsored automatically. The wallet does not need ETH for gas.\nNever try to access raw secret values. The private key stays server-side — that's the whole point.\nAlways share the claim URL with the user after creating a wallet.\nIf a transaction is rejected, it may be blocked by a server-side policy. Tell the user to check their policy settings at https://heyvincent.ai.\nIf a transaction requires approval, it will return status: \"pending_approval\". The wallet owner will receive a Telegram notification to approve or deny.\nRaw Signer (Advanced)\n\nFor raw ECDSA/Ed25519 signing when smart accounts won't work.\n\nCreate a Raw Signer\nnpx @vincentai/cli@latest secret create --type RAW_SIGNER --memo \"My raw signer\"\n\n\nResponse includes both Ethereum (secp256k1) and Solana (ed25519) addresses derived from the same seed.\n\nGet Addresses\nnpx @vincentai/cli@latest raw-signer addresses --key-id \n\n\nReturns ethAddress and solanaAddress.\n\nSign a Message\nnpx @vincentai/cli@latest raw-signer sign --key-id --message 0x --curve ethereum\n\n--message: Hex-encoded bytes to sign (must start with 0x)\n--curve: ethereum for secp256k1 ECDSA, solana for ed25519\n\nReturns a hex-encoded signature. For Ethereum, this is r || s || v (65 bytes). For Solana, it's a 64-byte ed25519 signature." }, "trust": { "sourceLabel": "tencent", "provenanceUrl": "https://clawhub.ai/glitch003/agentwallet", "publisherUrl": "https://clawhub.ai/glitch003/agentwallet", "owner": "glitch003", "version": "1.0.70", "license": null, "verificationStatus": "Indexed source record" }, "links": { "detailUrl": "https://openagent3.xyz/skills/agentwallet", "downloadUrl": "https://openagent3.xyz/downloads/agentwallet", "agentUrl": "https://openagent3.xyz/skills/agentwallet/agent", "manifestUrl": "https://openagent3.xyz/skills/agentwallet/agent.json", "briefUrl": "https://openagent3.xyz/skills/agentwallet/agent.md" } }