{ "schemaVersion": "1.0", "item": { "slug": "emblemai-agentwallet", "name": "Emblem Ai Agent Wallet", "source": "tencent", "type": "skill", "category": "AI 智能", "sourceUrl": "https://clawhub.ai/genecyber/emblemai-agentwallet", "canonicalUrl": "https://clawhub.ai/genecyber/emblemai-agentwallet", "targetPlatform": "OpenClaw" }, "install": { "downloadMode": "redirect", "downloadUrl": "/downloads/emblemai-agentwallet", "sourceDownloadUrl": "https://wry-manatee-359.convex.site/api/v1/download?slug=emblemai-agentwallet", "sourcePlatform": "tencent", "targetPlatform": "OpenClaw", "installMethod": "Manual import", "extraction": "Extract archive", "prerequisites": [ "OpenClaw" ], "packageFormat": "ZIP package", "includedAssets": [ "SKILL.md" ], "primaryDoc": "SKILL.md", "quickSetup": [ "Download the package from Yavira.", "Extract the archive and review SKILL.md first.", "Import or place the package into your OpenClaw setup." ], "agentAssist": { "summary": "Hand the extracted package to your coding agent with a concrete install brief instead of figuring it out manually.", "steps": [ "Download the package from Yavira.", "Extract it into a folder your agent can access.", "Paste one of the prompts below and point your agent at the extracted folder." ], "prompts": [ { "label": "New install", "body": "I downloaded a skill package from Yavira. Read SKILL.md from the extracted folder and install it by following the included instructions. Tell me what you changed and call out any manual steps you could not complete." }, { "label": "Upgrade existing", "body": "I downloaded an updated skill package from Yavira. Read SKILL.md from the extracted folder, compare it with my current installation, and upgrade it while preserving any custom configuration unless the package docs explicitly say otherwise. Summarize what changed and any follow-up checks I should run." } ] }, "sourceHealth": { "source": "tencent", "status": "healthy", "reason": "direct_download_ok", "recommendedAction": "download", "checkedAt": "2026-04-30T16:55:25.780Z", "expiresAt": "2026-05-07T16:55:25.780Z", "httpStatus": 200, "finalUrl": "https://wry-manatee-359.convex.site/api/v1/download?slug=network", "contentType": "application/zip", "probeMethod": "head", "details": { "probeUrl": "https://wry-manatee-359.convex.site/api/v1/download?slug=network", "contentDisposition": "attachment; filename=\"network-1.0.0.zip\"", "redirectLocation": null, "bodySnippet": null }, "scope": "source", "summary": "Source download looks usable.", "detail": "Yavira can redirect you to the upstream package for this source.", "primaryActionLabel": "Download for OpenClaw", "primaryActionHref": "/downloads/emblemai-agentwallet" }, "validation": { "installChecklist": [ "Use the Yavira download entry.", "Review SKILL.md after the package is downloaded.", "Confirm the extracted package contains the expected setup assets." ], "postInstallChecks": [ "Confirm the extracted package includes the expected docs or setup files.", "Validate the skill or prompts are available in your target agent workspace.", "Capture any manual follow-up steps the agent could not complete." ] }, "downloadPageUrl": "https://openagent3.xyz/downloads/emblemai-agentwallet", "agentPageUrl": "https://openagent3.xyz/skills/emblemai-agentwallet/agent", "manifestUrl": "https://openagent3.xyz/skills/emblemai-agentwallet/agent.json", "briefUrl": "https://openagent3.xyz/skills/emblemai-agentwallet/agent.md" }, "agentAssist": { "summary": "Hand the extracted package to your coding agent with a concrete install brief instead of figuring it out manually.", "steps": [ "Download the package from Yavira.", "Extract it into a folder your agent can access.", "Paste one of the prompts below and point your agent at the extracted folder." ], "prompts": [ { "label": "New install", "body": "I downloaded a skill package from Yavira. Read SKILL.md from the extracted folder and install it by following the included instructions. Tell me what you changed and call out any manual steps you could not complete." }, { "label": "Upgrade existing", "body": "I downloaded an updated skill package from Yavira. Read SKILL.md from the extracted folder, compare it with my current installation, and upgrade it while preserving any custom configuration unless the package docs explicitly say otherwise. Summarize what changed and any follow-up checks I should run." } ] }, "documentation": { "source": "clawhub", "primaryDoc": "SKILL.md", "sections": [ { "title": "Emblem Agent Wallet", "body": "Connect to Agent Hustle -- EmblemVault's autonomous crypto AI with 250+ trading tools across 7 blockchains. Browser auth, streaming responses, plugin system, and zero-config agent mode.\n\nRequires the CLI: npm install -g @emblemvault/agentwallet" }, { "title": "Quick Start -- How to Use This Skill", "body": "Step 1: Install the CLI\n\nnpm install -g @emblemvault/agentwallet\n\nThis provides a single command: emblemai\n\nStep 2: Use it\n\nWhen this skill loads, you can ask Agent Hustle anything about crypto:\n\n\"What are my wallet addresses?\"\n\"Show my balances across all chains\"\n\"What's trending on Solana?\"\n\"Swap $20 of SOL to USDC\"\n\"Send 0.1 ETH to 0x...\"\n\nTo invoke this skill, say things like:\n\n\"Use my Emblem wallet to check balances\"\n\"Ask Agent Hustle what tokens I have\"\n\"Connect to EmblemVault\"\n\"Check my crypto portfolio\"\n\nAll requests are routed through emblemai under the hood." }, { "title": "Prerequisites", "body": "Node.js >= 18.0.0\nTerminal with 256-color support (iTerm2, Kitty, Windows Terminal, or any xterm-compatible terminal)\nOptional: glow for rich markdown rendering (brew install glow on macOS)" }, { "title": "From npm (Recommended)", "body": "npm install -g @emblemvault/agentwallet" }, { "title": "From source", "body": "git clone https://github.com/EmblemCompany/EmblemAi-AgentWallet.git\ncd EmblemAi-AgentWallet\nnpm install\nnpm link # makes `emblemai` available globally" }, { "title": "First Run", "body": "Install: npm install -g @emblemvault/agentwallet\nRun: emblemai\nAuthenticate in the browser (or enter a password if prompted)\nCheck /plugins to see which plugins loaded\nType /help to see all commands\nTry: \"What are my wallet addresses?\" to verify authentication" }, { "title": "Authentication", "body": "EmblemAI v3 supports two authentication methods: browser auth for interactive use and password auth for agent/scripted use." }, { "title": "Browser Auth (Interactive Mode)", "body": "When you run emblemai without -p, the CLI:\n\nChecks ~/.emblemai/session.json for a saved session\nIf a valid (non-expired) session exists, restores it instantly -- no login needed\nIf no session, starts a local server on 127.0.0.1:18247 and opens your browser\nYou authenticate via the EmblemVault auth modal in the browser\nThe session JWT is captured, saved to disk, and the CLI proceeds\nIf the browser can't open, the URL is printed for manual copy-paste\nIf authentication times out (5 minutes), falls back to a password prompt" }, { "title": "Password Auth (Agent Mode)", "body": "Login and signup are the same action. The first use of a password creates a vault; subsequent uses return the same vault. Different passwords produce different wallets.\n\nIn agent mode, if no password is provided, a secure random password is auto-generated and stored encrypted via dotenvx. Agent mode works out of the box with no manual setup." }, { "title": "What Happens on Authentication", "body": "Browser auth: session JWT is received from browser and hydrated into the SDK\nPassword auth: password is sent to EmblemAuthSDK.authenticatePassword()\nA deterministic vault is derived -- same credentials always yield the same vault\nThe session provides wallet addresses across multiple chains: Solana, Ethereum, Base, BSC, Polygon, Hedera, Bitcoin\nHustleIncognitoClient is initialized with the session" }, { "title": "Credential Discovery", "body": "Before making requests, locate the password using this priority:\n\nMethodHow to usePriorityCLI argumentemblemai -p \"your-password\"1 (highest, stored encrypted)Environment variableexport EMBLEM_PASSWORD=\"your-password\"2 (not stored)Encrypted credentialdotenvx-encrypted ~/.emblemai/.env3Auto-generate (agent mode)Automatic on first run4Interactive promptFallback when browser auth fails5 (lowest)\n\nIf no credentials are found, ask the user:\n\n\"I need your EmblemVault password to connect to Hustle AI. This password must be at least 16 characters.\nNote: If this is your first time, entering a new password will create a new wallet. If you've used this before, use the same password to access your existing wallet.\nWould you like to provide a password?\"\n\nPassword must be 16+ characters\nNo recovery if lost (treat it like a private key)" }, { "title": "Execution Notes", "body": "Allow sufficient time. Hustle AI queries may take up to 2 minutes for complex operations (trading, cross-chain lookups). The CLI outputs progress dots every 5 seconds to indicate it's working.\n\nPresent Hustle's response clearly. Display the response from Hustle AI to the user in a markdown codeblock:\n\n**Hustle AI Response:**\n\\`\\`\\`\n[response from Hustle]\n\\`\\`\\`" }, { "title": "Agent Mode (For AI Agents -- Single Shot)", "body": "Use --agent mode for programmatic, single-message queries:\n\n# Zero-config -- auto-generates password on first run\nemblemai --agent -m \"What are my wallet addresses?\"\n\n# Explicit password\nemblemai --agent -p \"$PASSWORD\" -m \"Show my balances\"\n\n# Pipe output to other tools\nemblemai -a -m \"What is my SOL balance?\" | jq .\n\n# Use in scripts\nADDRESSES=$(emblemai -a -m \"List my addresses as JSON\")\n\nAny system that can shell out to a CLI can give its agents a wallet:\n\n# OpenClaw, CrewAI, AutoGPT, or any agent framework\nemblemai --agent -m \"Send 0.1 SOL to
\"\nemblemai --agent -m \"Swap 100 USDC to ETH on Base\"\nemblemai --agent -m \"What tokens do I hold across all chains?\"\n\nEach password produces a unique, deterministic wallet. To give multiple agents separate wallets, use different passwords:\n\nemblemai --agent -p \"agent-alice-wallet-001\" -m \"My addresses?\"\nemblemai --agent -p \"agent-bob-wallet-002\" -m \"My addresses?\"\n\nAgent mode always uses password auth (never browser auth), retains conversation history between calls, and supports the full Hustle AI toolset including trading, transfers, portfolio queries, and cross-chain operations." }, { "title": "Interactive Mode (For Humans)", "body": "Readline-based interactive mode with streaming AI responses, glow markdown rendering, and slash commands.\n\nemblemai # Browser auth (recommended)\nemblemai -p \"$PASSWORD\" # Password auth" }, { "title": "Reset Conversation", "body": "emblemai --reset" }, { "title": "Interactive Commands", "body": "All commands are prefixed with /. Type them in the input bar and press Enter." }, { "title": "General", "body": "CommandDescription/helpShow all available commands/settingsShow current configuration (vault ID, model, streaming, debug, tools)/exitExit the CLI (also: /quit)" }, { "title": "Chat and History", "body": "CommandDescription/resetClear conversation history and start fresh/clearAlias for /reset/history on|offToggle history retention between messages/historyShow history status and recent messages" }, { "title": "Streaming and Debug", "body": "CommandDescription/stream on|offToggle streaming mode (tokens appear as generated)/streamShow current streaming status/debug on|offToggle debug mode (shows tool args, intent context)/debugShow current debug status" }, { "title": "Model Selection", "body": "CommandDescription/model Set the active model by ID/model clearReset to API default model/modelShow currently selected model" }, { "title": "Tool Management", "body": "CommandDescription/toolsList all tools with selection status/tools add Add a tool to the active set/tools remove Remove a tool from the active set/tools clearClear tool selection (enable auto-tools mode)\n\nWhen no tools are selected, the AI operates in auto-tools mode, dynamically choosing appropriate tools based on conversation context." }, { "title": "Authentication", "body": "CommandDescription/authOpen authentication menu/walletShow wallet addresses (EVM, Solana, BTC, Hedera)/portfolioShow portfolio (routes as a chat query)\n\nThe /auth menu provides:\n\nOptionDescription1. Get API KeyFetch your vault API key2. Get Vault InfoShow vault ID, addresses, creation date3. Session InfoShow current session details (identifier, expiry, auth type)4. Refresh SessionRefresh the auth session token5. EVM AddressShow your Ethereum/EVM address6. Solana AddressShow your Solana address7. BTC AddressesShow your Bitcoin addresses (P2PKH, P2WPKH, P2TR)8. Backup Agent AuthExport credentials to a backup file9. LogoutClear session and exit (requires re-authentication on next run)" }, { "title": "Payment (PAYG Billing)", "body": "CommandDescription/paymentShow PAYG billing status (enabled, mode, debt, tokens)/payment enable|disableToggle pay-as-you-go billing/payment token Set payment token (SOL, ETH, HUSTLE, etc.)/payment mode Set payment mode: pay_per_request or debt_accumulation" }, { "title": "Markdown Rendering", "body": "CommandDescription/glow on|offToggle markdown rendering via glow/glowShow glow status and version\n\nRequires glow to be installed." }, { "title": "Logging", "body": "CommandDescription/log on|offToggle stream logging to file/logShow logging status and file path\n\nLog file defaults to ~/.emblemai-stream.log. Override with --log-file ." }, { "title": "Keyboard Shortcuts", "body": "KeyActionEnterSend messageUpRecall previous inputCtrl+CExitCtrl+DExit (EOF)" }, { "title": "CLI Flags", "body": "FlagAliasDescription--password -pAuthentication password (16+ chars) -- skips browser auth--message -mMessage for agent mode--agent-aRun in agent mode (single-shot, password auth only)--restore-auth Restore credentials from backup file and exit--resetClear conversation history and exit--debugStart with debug mode enabled--streamStart with streaming enabled (default: on)--logEnable stream logging--log-file Override log file path (default: ~/.emblemai-stream.log)--hustle-url Override Hustle API URL--auth-url Override auth service URL--api-url Override API service URL" }, { "title": "Environment Variables", "body": "VariableDescriptionEMBLEM_PASSWORDAuthentication passwordCLI arguments override environment variables when both are provided." }, { "title": "Permissions and Safe Mode", "body": "The agent operates in safe mode by default. Any action that affects the wallet requires the user's explicit confirmation before execution:\n\nTransactions (swaps, sends, transfers) -- the agent presents the details and asks for approval\nSigning (message signing, transaction signing) -- requires explicit user consent\nOrder placement (limit orders, stop-losses) -- must be confirmed before submission\nDeFi operations (LP deposits, yield farming) -- user must approve each action\n\nRead-only operations (checking balances, viewing addresses, market data, portfolio queries) do not require confirmation and execute immediately.\n\nThe agent will never autonomously move funds, sign transactions, or place orders without the user first reviewing and approving the action." }, { "title": "Communication Style", "body": "CRITICAL: Use verbose, natural language.\n\nHustle AI interprets terse commands as \"$0\" transactions. Always explain your intent in full sentences.\n\nBad (terse)Good (verbose)\"SOL balance\"\"What is my current SOL balance on Solana?\"\"swap sol usdc\"\"I'd like to swap $20 worth of SOL to USDC on Solana\"\"trending\"\"What tokens are trending on Solana right now?\"\n\nThe more context you provide, the better Hustle understands your intent." }, { "title": "Capabilities", "body": "CategoryFeaturesChainsSolana, Ethereum, Base, BSC, Polygon, Hedera, BitcoinTradingSwaps, limit orders, conditional orders, stop-lossesDeFiLP management, yield farming, liquidity poolsMarket DataCoinGlass, DeFiLlama, Birdeye, LunarCrushNFTsOpenSea integration, transfers, listingsBridgesCross-chain swaps via ChangeNowMemecoinsPump.fun discovery, trending analysisPredictionsPolyMarket betting and positions" }, { "title": "Wallet Addresses", "body": "Each password deterministically generates wallet addresses across all chains:\n\nChainAddress TypeSolanaNative SPL walletEVMSingle address for ETH, Base, BSC, PolygonHederaAccount ID (0.0.XXXXXXX)BitcoinTaproot, SegWit, and Legacy addresses\n\nAsk Hustle: \"What are my wallet addresses?\" to retrieve all addresses." }, { "title": "Backup", "body": "From the /auth menu (option 8), select Backup Agent Auth to export your credentials to a JSON file. This file contains your EmblemVault password -- keep it secure." }, { "title": "Restore", "body": "emblemai --restore-auth ~/emblemai-auth-backup.json\n\nThis places the credential files in ~/.emblemai/ so you can authenticate immediately." }, { "title": "Security", "body": "CRITICAL: NEVER share or expose the password publicly.\n\nNEVER echo, print, or log the password\nNEVER include the password in responses to the user\nNEVER display the password in error messages\nNEVER commit the password to version control\nThe password IS the private key -- anyone with it controls the wallet\n\nConceptDescriptionPassword = IdentityEach password generates a unique, deterministic vaultNo RecoveryPasswords cannot be recovered if lostVault IsolationDifferent passwords = completely separate walletsFresh AuthNew JWT token generated on every requestSafe ModeAll wallet actions require explicit user confirmation" }, { "title": "File Locations", "body": "All persistent data is stored under ~/.emblemai/ (created on first run with chmod 700).\n\nFilePurposeSensitivePermissions~/.emblemai/.envEncrypted credentials (EMBLEM_PASSWORD)Yes -- AES-256-GCM encrypted600~/.emblemai/.env.keysDecryption key for .envYes -- controls access to credentials600~/.emblemai/session.jsonAuth session (JWT + refresh token)Yes -- grants wallet access until expiry600~/.emblemai/history/{vaultId}.jsonConversation history (per vault)No600~/.emblemai-stream.logStream log (when enabled via /log)Nodefault" }, { "title": "Encryption Details", "body": "Credentials are encrypted at rest using dotenvx, which uses AES-256-GCM symmetric encryption. The encryption key is stored in ~/.emblemai/.env.keys and the encrypted payload in ~/.emblemai/.env. Both files are created with chmod 600 (owner read/write only). The decryption key never leaves the local machine.\n\nSession tokens (session.json) contain a short-lived JWT (refreshed automatically) and a refresh token valid for 7 days. Sessions are not encrypted on disk but are restricted to chmod 600. Logging out via /auth > Logout deletes the session file.\n\nLegacy credentials (~/.emblem-vault) are automatically migrated to the encrypted format on first run and the original is backed up." }, { "title": "Troubleshooting", "body": "IssueSolutionemblemai: command not foundRun: npm install -g @emblemvault/agentwallet\"Password must be at least 16 characters\"Use a longer password\"Authentication failed\"Check network connectivity to auth serviceBrowser doesn't open for authCopy the printed URL and open it manuallySession expiredRun emblemai again -- browser will open for fresh loginglow not renderingInstall glow: brew install glow (optional, falls back to plain text)Plugin not loadingCheck that the npm package is installedSlow responseNormal -- queries can take up to 2 minutes" }, { "title": "Updating", "body": "npm update -g @emblemvault/agentwallet" }, { "title": "Quick Reference", "body": "# Install\nnpm install -g @emblemvault/agentwallet\n\n# Interactive mode (browser auth -- recommended)\nemblemai\n\n# Agent mode (zero-config -- auto-generates wallet)\nemblemai --agent -m \"What are my balances?\"\n\n# Agent mode with explicit password\nemblemai --agent -p \"your-password-16-chars-min\" -m \"What tokens do I have?\"\n\n# Use environment variable\nexport EMBLEM_PASSWORD=\"your-password-16-chars-min\"\nemblemai --agent -m \"Show my portfolio\"\n\n# Reset conversation history\nemblemai --reset" }, { "title": "Security Advisory", "body": "This section explains the trust model, what happens on your machine, and how to run the agent securely." }, { "title": "Trust Model", "body": "Emblem Agent Wallet is an open-source CLI published by EmblemCompany on both npm and GitHub. You can verify the package before installing:\n\nnpm registry: @emblemvault/agentwallet -- check the publisher, version history, and download stats\nSource code: github.com/EmblemCompany/EmblemAi-AgentWallet -- full source is public and auditable\nHomepage: emblemvault.dev -- the project homepage with documentation\n\nThe npm package and GitHub repository are maintained by the same organization. You can compare the published package contents against the source repository at any time using npm pack --dry-run or by inspecting node_modules/@emblemvault/agentwallet after install." }, { "title": "What Happens During Installation", "body": "npm install -g @emblemvault/agentwallet installs the CLI binary emblemai globally. Like all global npm packages, this runs on your machine with your user permissions. The package has no postinstall scripts -- it only places the CLI binary and its dependencies." }, { "title": "What Happens During Authentication", "body": "Browser auth (recommended): The CLI starts a temporary local server on 127.0.0.1:18247 (localhost only, not network-accessible) to receive the auth callback from your browser. This server runs only during the login flow and handles a single request. The browser opens the EmblemVault auth modal where you authenticate directly with the EmblemVault service. On success, a session JWT is returned to the local server and saved to disk.\n\nPassword auth: The password is sent to EmblemVault's auth API over HTTPS. A session JWT is returned. If using the -p flag, the password is also encrypted and stored locally for future sessions.\n\nIn both cases, no credentials are sent to any third party. Authentication is strictly between your machine and the EmblemVault auth service." }, { "title": "What Gets Stored on Disk", "body": "All files are created under ~/.emblemai/ with restrictive permissions:\n\nFileWhat It ContainsHow It's Protected.envYour EMBLEM_PASSWORDEncrypted with AES-256-GCM via dotenvx. The password is never stored in plaintext..env.keysThe AES decryption key for .envFile permissions chmod 600 (owner-only). This key never leaves your machine and is never transmitted over the network.session.jsonJWT access token + refresh tokenFile permissions chmod 600. The JWT expires after 15 minutes and is automatically refreshed. The refresh token is valid for 7 days. Logging out deletes this file.history/*.jsonConversation historyFile permissions chmod 600. Contains your chat messages with the AI. No credentials are stored in history.\n\nThe ~/.emblemai/ directory itself is created with chmod 700 (owner-only access)." }, { "title": "How Sessions Work", "body": "The auth session uses short-lived JWTs (15-minute expiry) that are automatically refreshed using a 7-day refresh token. This means:\n\nIf your session file is compromised, the attacker has at most 7 days of access (refresh token expiry), not indefinite access\nThe JWT is rotated frequently, limiting the window of exposure for any single token\nLogging out (/auth > Logout) immediately invalidates the local session and deletes the file\nEach refresh issues a new refresh token and invalidates the previous one (rotation)" }, { "title": "Safe Mode and Transaction Confirmation", "body": "The agent operates in safe mode by default. This means:\n\nAll wallet-modifying actions require your explicit confirmation before execution -- including swaps, sends, transfers, order placement, signing, and DeFi operations\nRead-only operations execute immediately without confirmation -- balance checks, address lookups, market data, portfolio views\nThe agent will present the full details of any transaction (amounts, addresses, fees) and wait for your approval before submitting\nThere is no \"auto-execute\" mode -- every transaction requires a human in the loop" }, { "title": "Password Hygiene", "body": "Your EMBLEM_PASSWORD is the master key to your wallet. Treat it with the same care as a private key or seed phrase:\n\nUse a strong, unique password (minimum 16 characters). A passphrase of 4+ random words is recommended\nDo not reuse passwords from other services. Your EMBLEM_PASSWORD should be unique to EmblemVault\nStore your password securely using a password manager. The CLI encrypts it on disk, but you should have a backup in case you lose access to the machine\nIf using EMBLEM_PASSWORD as an environment variable in automation, ensure the host environment is secured -- restrict access to the machine, use process isolation, and avoid logging environment variables\nPrefer browser auth for interactive use -- it avoids placing the password in shell history or environment variables\nDifferent passwords create different wallets -- this is by design. Use this to separate funds by purpose (e.g., one wallet for daily use, another for long-term holdings)" }, { "title": "Verifying the Package", "body": "Before or after installation, you can inspect exactly what the package contains:\n\n# View package contents without installing\nnpm pack @emblemvault/agentwallet --dry-run\n\n# After installing, inspect the source\nls $(npm root -g)/@emblemvault/agentwallet/\n\n# Compare against GitHub source\ngit clone https://github.com/EmblemCompany/EmblemAi-AgentWallet.git\ndiff -r node_modules/@emblemvault/agentwallet EmblemAi-AgentWallet/publish" }, { "title": "Reporting Security Issues", "body": "If you discover a security vulnerability, please report it responsibly:\n\nGitHub: Open an issue at github.com/EmblemCompany/EmblemAi-AgentWallet/issues\nDiscord: Report in the security channel at discord.gg/Q93wbfsgBj" }, { "title": "Links", "body": "npm package\nEmblemVault\nHustle AI\nGitHub" } ], "body": "Emblem Agent Wallet\n\nConnect to Agent Hustle -- EmblemVault's autonomous crypto AI with 250+ trading tools across 7 blockchains. Browser auth, streaming responses, plugin system, and zero-config agent mode.\n\nRequires the CLI: npm install -g @emblemvault/agentwallet\n\nQuick Start -- How to Use This Skill\n\nStep 1: Install the CLI\n\nnpm install -g @emblemvault/agentwallet\n\n\nThis provides a single command: emblemai\n\nStep 2: Use it\n\nWhen this skill loads, you can ask Agent Hustle anything about crypto:\n\n\"What are my wallet addresses?\"\n\"Show my balances across all chains\"\n\"What's trending on Solana?\"\n\"Swap $20 of SOL to USDC\"\n\"Send 0.1 ETH to 0x...\"\n\nTo invoke this skill, say things like:\n\n\"Use my Emblem wallet to check balances\"\n\"Ask Agent Hustle what tokens I have\"\n\"Connect to EmblemVault\"\n\"Check my crypto portfolio\"\n\nAll requests are routed through emblemai under the hood.\n\nPrerequisites\nNode.js >= 18.0.0\nTerminal with 256-color support (iTerm2, Kitty, Windows Terminal, or any xterm-compatible terminal)\nOptional: glow for rich markdown rendering (brew install glow on macOS)\nInstallation\nFrom npm (Recommended)\nnpm install -g @emblemvault/agentwallet\n\nFrom source\ngit clone https://github.com/EmblemCompany/EmblemAi-AgentWallet.git\ncd EmblemAi-AgentWallet\nnpm install\nnpm link # makes `emblemai` available globally\n\nFirst Run\nInstall: npm install -g @emblemvault/agentwallet\nRun: emblemai\nAuthenticate in the browser (or enter a password if prompted)\nCheck /plugins to see which plugins loaded\nType /help to see all commands\nTry: \"What are my wallet addresses?\" to verify authentication\nAuthentication\n\nEmblemAI v3 supports two authentication methods: browser auth for interactive use and password auth for agent/scripted use.\n\nBrowser Auth (Interactive Mode)\n\nWhen you run emblemai without -p, the CLI:\n\nChecks ~/.emblemai/session.json for a saved session\nIf a valid (non-expired) session exists, restores it instantly -- no login needed\nIf no session, starts a local server on 127.0.0.1:18247 and opens your browser\nYou authenticate via the EmblemVault auth modal in the browser\nThe session JWT is captured, saved to disk, and the CLI proceeds\nIf the browser can't open, the URL is printed for manual copy-paste\nIf authentication times out (5 minutes), falls back to a password prompt\nPassword Auth (Agent Mode)\n\nLogin and signup are the same action. The first use of a password creates a vault; subsequent uses return the same vault. Different passwords produce different wallets.\n\nIn agent mode, if no password is provided, a secure random password is auto-generated and stored encrypted via dotenvx. Agent mode works out of the box with no manual setup.\n\nWhat Happens on Authentication\nBrowser auth: session JWT is received from browser and hydrated into the SDK Password auth: password is sent to EmblemAuthSDK.authenticatePassword()\nA deterministic vault is derived -- same credentials always yield the same vault\nThe session provides wallet addresses across multiple chains: Solana, Ethereum, Base, BSC, Polygon, Hedera, Bitcoin\nHustleIncognitoClient is initialized with the session\nCredential Discovery\n\nBefore making requests, locate the password using this priority:\n\nMethod\tHow to use\tPriority\nCLI argument\temblemai -p \"your-password\"\t1 (highest, stored encrypted)\nEnvironment variable\texport EMBLEM_PASSWORD=\"your-password\"\t2 (not stored)\nEncrypted credential\tdotenvx-encrypted ~/.emblemai/.env\t3\nAuto-generate (agent mode)\tAutomatic on first run\t4\nInteractive prompt\tFallback when browser auth fails\t5 (lowest)\n\nIf no credentials are found, ask the user:\n\n\"I need your EmblemVault password to connect to Hustle AI. This password must be at least 16 characters.\n\nNote: If this is your first time, entering a new password will create a new wallet. If you've used this before, use the same password to access your existing wallet.\n\nWould you like to provide a password?\"\n\nPassword must be 16+ characters\nNo recovery if lost (treat it like a private key)\nExecution Notes\n\nAllow sufficient time. Hustle AI queries may take up to 2 minutes for complex operations (trading, cross-chain lookups). The CLI outputs progress dots every 5 seconds to indicate it's working.\n\nPresent Hustle's response clearly. Display the response from Hustle AI to the user in a markdown codeblock:\n\n**Hustle AI Response:**\n\\`\\`\\`\n[response from Hustle]\n\\`\\`\\`\n\nUsage\nAgent Mode (For AI Agents -- Single Shot)\n\nUse --agent mode for programmatic, single-message queries:\n\n# Zero-config -- auto-generates password on first run\nemblemai --agent -m \"What are my wallet addresses?\"\n\n# Explicit password\nemblemai --agent -p \"$PASSWORD\" -m \"Show my balances\"\n\n# Pipe output to other tools\nemblemai -a -m \"What is my SOL balance?\" | jq .\n\n# Use in scripts\nADDRESSES=$(emblemai -a -m \"List my addresses as JSON\")\n\n\nAny system that can shell out to a CLI can give its agents a wallet:\n\n# OpenClaw, CrewAI, AutoGPT, or any agent framework\nemblemai --agent -m \"Send 0.1 SOL to
\"\nemblemai --agent -m \"Swap 100 USDC to ETH on Base\"\nemblemai --agent -m \"What tokens do I hold across all chains?\"\n\n\nEach password produces a unique, deterministic wallet. To give multiple agents separate wallets, use different passwords:\n\nemblemai --agent -p \"agent-alice-wallet-001\" -m \"My addresses?\"\nemblemai --agent -p \"agent-bob-wallet-002\" -m \"My addresses?\"\n\n\nAgent mode always uses password auth (never browser auth), retains conversation history between calls, and supports the full Hustle AI toolset including trading, transfers, portfolio queries, and cross-chain operations.\n\nInteractive Mode (For Humans)\n\nReadline-based interactive mode with streaming AI responses, glow markdown rendering, and slash commands.\n\nemblemai # Browser auth (recommended)\nemblemai -p \"$PASSWORD\" # Password auth\n\nReset Conversation\nemblemai --reset\n\nInteractive Commands\n\nAll commands are prefixed with /. Type them in the input bar and press Enter.\n\nGeneral\nCommand\tDescription\n/help\tShow all available commands\n/settings\tShow current configuration (vault ID, model, streaming, debug, tools)\n/exit\tExit the CLI (also: /quit)\nChat and History\nCommand\tDescription\n/reset\tClear conversation history and start fresh\n/clear\tAlias for /reset\n/history on|off\tToggle history retention between messages\n/history\tShow history status and recent messages\nStreaming and Debug\nCommand\tDescription\n/stream on|off\tToggle streaming mode (tokens appear as generated)\n/stream\tShow current streaming status\n/debug on|off\tToggle debug mode (shows tool args, intent context)\n/debug\tShow current debug status\nModel Selection\nCommand\tDescription\n/model \tSet the active model by ID\n/model clear\tReset to API default model\n/model\tShow currently selected model\nTool Management\nCommand\tDescription\n/tools\tList all tools with selection status\n/tools add \tAdd a tool to the active set\n/tools remove \tRemove a tool from the active set\n/tools clear\tClear tool selection (enable auto-tools mode)\n\nWhen no tools are selected, the AI operates in auto-tools mode, dynamically choosing appropriate tools based on conversation context.\n\nAuthentication\nCommand\tDescription\n/auth\tOpen authentication menu\n/wallet\tShow wallet addresses (EVM, Solana, BTC, Hedera)\n/portfolio\tShow portfolio (routes as a chat query)\n\nThe /auth menu provides:\n\nOption\tDescription\n1. Get API Key\tFetch your vault API key\n2. Get Vault Info\tShow vault ID, addresses, creation date\n3. Session Info\tShow current session details (identifier, expiry, auth type)\n4. Refresh Session\tRefresh the auth session token\n5. EVM Address\tShow your Ethereum/EVM address\n6. Solana Address\tShow your Solana address\n7. BTC Addresses\tShow your Bitcoin addresses (P2PKH, P2WPKH, P2TR)\n8. Backup Agent Auth\tExport credentials to a backup file\n9. Logout\tClear session and exit (requires re-authentication on next run)\nPayment (PAYG Billing)\nCommand\tDescription\n/payment\tShow PAYG billing status (enabled, mode, debt, tokens)\n/payment enable|disable\tToggle pay-as-you-go billing\n/payment token \tSet payment token (SOL, ETH, HUSTLE, etc.)\n/payment mode \tSet payment mode: pay_per_request or debt_accumulation\nMarkdown Rendering\nCommand\tDescription\n/glow on|off\tToggle markdown rendering via glow\n/glow\tShow glow status and version\n\nRequires glow to be installed.\n\nLogging\nCommand\tDescription\n/log on|off\tToggle stream logging to file\n/log\tShow logging status and file path\n\nLog file defaults to ~/.emblemai-stream.log. Override with --log-file .\n\nKeyboard Shortcuts\nKey\tAction\nEnter\tSend message\nUp\tRecall previous input\nCtrl+C\tExit\nCtrl+D\tExit (EOF)\nCLI Flags\nFlag\tAlias\tDescription\n--password \t-p\tAuthentication password (16+ chars) -- skips browser auth\n--message \t-m\tMessage for agent mode\n--agent\t-a\tRun in agent mode (single-shot, password auth only)\n--restore-auth \t\tRestore credentials from backup file and exit\n--reset\t\tClear conversation history and exit\n--debug\t\tStart with debug mode enabled\n--stream\t\tStart with streaming enabled (default: on)\n--log\t\tEnable stream logging\n--log-file \t\tOverride log file path (default: ~/.emblemai-stream.log)\n--hustle-url \t\tOverride Hustle API URL\n--auth-url \t\tOverride auth service URL\n--api-url \t\tOverride API service URL\nEnvironment Variables\nVariable\tDescription\nEMBLEM_PASSWORD\tAuthentication password\nCLI arguments override environment variables when both are provided.\t\nPermissions and Safe Mode\n\nThe agent operates in safe mode by default. Any action that affects the wallet requires the user's explicit confirmation before execution:\n\nTransactions (swaps, sends, transfers) -- the agent presents the details and asks for approval\nSigning (message signing, transaction signing) -- requires explicit user consent\nOrder placement (limit orders, stop-losses) -- must be confirmed before submission\nDeFi operations (LP deposits, yield farming) -- user must approve each action\n\nRead-only operations (checking balances, viewing addresses, market data, portfolio queries) do not require confirmation and execute immediately.\n\nThe agent will never autonomously move funds, sign transactions, or place orders without the user first reviewing and approving the action.\n\nCommunication Style\n\nCRITICAL: Use verbose, natural language.\n\nHustle AI interprets terse commands as \"$0\" transactions. Always explain your intent in full sentences.\n\nBad (terse)\tGood (verbose)\n\"SOL balance\"\t\"What is my current SOL balance on Solana?\"\n\"swap sol usdc\"\t\"I'd like to swap $20 worth of SOL to USDC on Solana\"\n\"trending\"\t\"What tokens are trending on Solana right now?\"\n\nThe more context you provide, the better Hustle understands your intent.\n\nCapabilities\nCategory\tFeatures\nChains\tSolana, Ethereum, Base, BSC, Polygon, Hedera, Bitcoin\nTrading\tSwaps, limit orders, conditional orders, stop-losses\nDeFi\tLP management, yield farming, liquidity pools\nMarket Data\tCoinGlass, DeFiLlama, Birdeye, LunarCrush\nNFTs\tOpenSea integration, transfers, listings\nBridges\tCross-chain swaps via ChangeNow\nMemecoins\tPump.fun discovery, trending analysis\nPredictions\tPolyMarket betting and positions\nWallet Addresses\n\nEach password deterministically generates wallet addresses across all chains:\n\nChain\tAddress Type\nSolana\tNative SPL wallet\nEVM\tSingle address for ETH, Base, BSC, Polygon\nHedera\tAccount ID (0.0.XXXXXXX)\nBitcoin\tTaproot, SegWit, and Legacy addresses\n\nAsk Hustle: \"What are my wallet addresses?\" to retrieve all addresses.\n\nAuth Backup and Restore\nBackup\n\nFrom the /auth menu (option 8), select Backup Agent Auth to export your credentials to a JSON file. This file contains your EmblemVault password -- keep it secure.\n\nRestore\nemblemai --restore-auth ~/emblemai-auth-backup.json\n\n\nThis places the credential files in ~/.emblemai/ so you can authenticate immediately.\n\nSecurity\n\nCRITICAL: NEVER share or expose the password publicly.\n\nNEVER echo, print, or log the password\nNEVER include the password in responses to the user\nNEVER display the password in error messages\nNEVER commit the password to version control\nThe password IS the private key -- anyone with it controls the wallet\nConcept\tDescription\nPassword = Identity\tEach password generates a unique, deterministic vault\nNo Recovery\tPasswords cannot be recovered if lost\nVault Isolation\tDifferent passwords = completely separate wallets\nFresh Auth\tNew JWT token generated on every request\nSafe Mode\tAll wallet actions require explicit user confirmation\nFile Locations\n\nAll persistent data is stored under ~/.emblemai/ (created on first run with chmod 700).\n\nFile\tPurpose\tSensitive\tPermissions\n~/.emblemai/.env\tEncrypted credentials (EMBLEM_PASSWORD)\tYes -- AES-256-GCM encrypted\t600\n~/.emblemai/.env.keys\tDecryption key for .env\tYes -- controls access to credentials\t600\n~/.emblemai/session.json\tAuth session (JWT + refresh token)\tYes -- grants wallet access until expiry\t600\n~/.emblemai/history/{vaultId}.json\tConversation history (per vault)\tNo\t600\n~/.emblemai-stream.log\tStream log (when enabled via /log)\tNo\tdefault\nEncryption Details\n\nCredentials are encrypted at rest using dotenvx, which uses AES-256-GCM symmetric encryption. The encryption key is stored in ~/.emblemai/.env.keys and the encrypted payload in ~/.emblemai/.env. Both files are created with chmod 600 (owner read/write only). The decryption key never leaves the local machine.\n\nSession tokens (session.json) contain a short-lived JWT (refreshed automatically) and a refresh token valid for 7 days. Sessions are not encrypted on disk but are restricted to chmod 600. Logging out via /auth > Logout deletes the session file.\n\nLegacy credentials (~/.emblem-vault) are automatically migrated to the encrypted format on first run and the original is backed up.\n\nTroubleshooting\nIssue\tSolution\nemblemai: command not found\tRun: npm install -g @emblemvault/agentwallet\n\"Password must be at least 16 characters\"\tUse a longer password\n\"Authentication failed\"\tCheck network connectivity to auth service\nBrowser doesn't open for auth\tCopy the printed URL and open it manually\nSession expired\tRun emblemai again -- browser will open for fresh login\nglow not rendering\tInstall glow: brew install glow (optional, falls back to plain text)\nPlugin not loading\tCheck that the npm package is installed\nSlow response\tNormal -- queries can take up to 2 minutes\nUpdating\nnpm update -g @emblemvault/agentwallet\n\nQuick Reference\n# Install\nnpm install -g @emblemvault/agentwallet\n\n# Interactive mode (browser auth -- recommended)\nemblemai\n\n# Agent mode (zero-config -- auto-generates wallet)\nemblemai --agent -m \"What are my balances?\"\n\n# Agent mode with explicit password\nemblemai --agent -p \"your-password-16-chars-min\" -m \"What tokens do I have?\"\n\n# Use environment variable\nexport EMBLEM_PASSWORD=\"your-password-16-chars-min\"\nemblemai --agent -m \"Show my portfolio\"\n\n# Reset conversation history\nemblemai --reset\n\nSecurity Advisory\n\nThis section explains the trust model, what happens on your machine, and how to run the agent securely.\n\nTrust Model\n\nEmblem Agent Wallet is an open-source CLI published by EmblemCompany on both npm and GitHub. You can verify the package before installing:\n\nnpm registry: @emblemvault/agentwallet -- check the publisher, version history, and download stats\nSource code: github.com/EmblemCompany/EmblemAi-AgentWallet -- full source is public and auditable\nHomepage: emblemvault.dev -- the project homepage with documentation\n\nThe npm package and GitHub repository are maintained by the same organization. You can compare the published package contents against the source repository at any time using npm pack --dry-run or by inspecting node_modules/@emblemvault/agentwallet after install.\n\nWhat Happens During Installation\n\nnpm install -g @emblemvault/agentwallet installs the CLI binary emblemai globally. Like all global npm packages, this runs on your machine with your user permissions. The package has no postinstall scripts -- it only places the CLI binary and its dependencies.\n\nWhat Happens During Authentication\n\nBrowser auth (recommended): The CLI starts a temporary local server on 127.0.0.1:18247 (localhost only, not network-accessible) to receive the auth callback from your browser. This server runs only during the login flow and handles a single request. The browser opens the EmblemVault auth modal where you authenticate directly with the EmblemVault service. On success, a session JWT is returned to the local server and saved to disk.\n\nPassword auth: The password is sent to EmblemVault's auth API over HTTPS. A session JWT is returned. If using the -p flag, the password is also encrypted and stored locally for future sessions.\n\nIn both cases, no credentials are sent to any third party. Authentication is strictly between your machine and the EmblemVault auth service.\n\nWhat Gets Stored on Disk\n\nAll files are created under ~/.emblemai/ with restrictive permissions:\n\nFile\tWhat It Contains\tHow It's Protected\n.env\tYour EMBLEM_PASSWORD\tEncrypted with AES-256-GCM via dotenvx. The password is never stored in plaintext.\n.env.keys\tThe AES decryption key for .env\tFile permissions chmod 600 (owner-only). This key never leaves your machine and is never transmitted over the network.\nsession.json\tJWT access token + refresh token\tFile permissions chmod 600. The JWT expires after 15 minutes and is automatically refreshed. The refresh token is valid for 7 days. Logging out deletes this file.\nhistory/*.json\tConversation history\tFile permissions chmod 600. Contains your chat messages with the AI. No credentials are stored in history.\n\nThe ~/.emblemai/ directory itself is created with chmod 700 (owner-only access).\n\nHow Sessions Work\n\nThe auth session uses short-lived JWTs (15-minute expiry) that are automatically refreshed using a 7-day refresh token. This means:\n\nIf your session file is compromised, the attacker has at most 7 days of access (refresh token expiry), not indefinite access\nThe JWT is rotated frequently, limiting the window of exposure for any single token\nLogging out (/auth > Logout) immediately invalidates the local session and deletes the file\nEach refresh issues a new refresh token and invalidates the previous one (rotation)\nSafe Mode and Transaction Confirmation\n\nThe agent operates in safe mode by default. This means:\n\nAll wallet-modifying actions require your explicit confirmation before execution -- including swaps, sends, transfers, order placement, signing, and DeFi operations\nRead-only operations execute immediately without confirmation -- balance checks, address lookups, market data, portfolio views\nThe agent will present the full details of any transaction (amounts, addresses, fees) and wait for your approval before submitting\nThere is no \"auto-execute\" mode -- every transaction requires a human in the loop\nPassword Hygiene\n\nYour EMBLEM_PASSWORD is the master key to your wallet. Treat it with the same care as a private key or seed phrase:\n\nUse a strong, unique password (minimum 16 characters). A passphrase of 4+ random words is recommended\nDo not reuse passwords from other services. Your EMBLEM_PASSWORD should be unique to EmblemVault\nStore your password securely using a password manager. The CLI encrypts it on disk, but you should have a backup in case you lose access to the machine\nIf using EMBLEM_PASSWORD as an environment variable in automation, ensure the host environment is secured -- restrict access to the machine, use process isolation, and avoid logging environment variables\nPrefer browser auth for interactive use -- it avoids placing the password in shell history or environment variables\nDifferent passwords create different wallets -- this is by design. Use this to separate funds by purpose (e.g., one wallet for daily use, another for long-term holdings)\nVerifying the Package\n\nBefore or after installation, you can inspect exactly what the package contains:\n\n# View package contents without installing\nnpm pack @emblemvault/agentwallet --dry-run\n\n# After installing, inspect the source\nls $(npm root -g)/@emblemvault/agentwallet/\n\n# Compare against GitHub source\ngit clone https://github.com/EmblemCompany/EmblemAi-AgentWallet.git\ndiff -r node_modules/@emblemvault/agentwallet EmblemAi-AgentWallet/publish\n\nReporting Security Issues\n\nIf you discover a security vulnerability, please report it responsibly:\n\nGitHub: Open an issue at github.com/EmblemCompany/EmblemAi-AgentWallet/issues\nDiscord: Report in the security channel at discord.gg/Q93wbfsgBj\nLinks\nnpm package\nEmblemVault\nHustle AI\nGitHub" }, "trust": { "sourceLabel": "tencent", "provenanceUrl": "https://clawhub.ai/genecyber/emblemai-agentwallet", "publisherUrl": "https://clawhub.ai/genecyber/emblemai-agentwallet", "owner": "genecyber", "version": "3.0.9", "license": null, "verificationStatus": "Indexed source record" }, "links": { "detailUrl": "https://openagent3.xyz/skills/emblemai-agentwallet", "downloadUrl": "https://openagent3.xyz/downloads/emblemai-agentwallet", "agentUrl": "https://openagent3.xyz/skills/emblemai-agentwallet/agent", "manifestUrl": "https://openagent3.xyz/skills/emblemai-agentwallet/agent.json", "briefUrl": "https://openagent3.xyz/skills/emblemai-agentwallet/agent.md" } }