{ "schemaVersion": "1.0", "item": { "slug": "safe-skills", "name": "Safe Skills", "source": "tencent", "type": "skill", "category": "安全合规", "sourceUrl": "https://clawhub.ai/glitch003/safe-skills", "canonicalUrl": "https://clawhub.ai/glitch003/safe-skills", "targetPlatform": "OpenClaw" }, "install": { "downloadMode": "redirect", "downloadUrl": "/downloads/safe-skills", "sourceDownloadUrl": "https://wry-manatee-359.convex.site/api/v1/download?slug=safe-skills", "sourcePlatform": "tencent", "targetPlatform": "OpenClaw", "installMethod": "Manual import", "extraction": "Extract archive", "prerequisites": [ "OpenClaw" ], "packageFormat": "ZIP package", "includedAssets": [ "SKILL.md" ], "primaryDoc": "SKILL.md", "quickSetup": [ "Download the package from Yavira.", "Extract the archive and review SKILL.md first.", "Import or place the package into your OpenClaw setup." ], "agentAssist": { "summary": "Hand the extracted package to your coding agent with a concrete install brief instead of figuring it out manually.", "steps": [ "Download the package from Yavira.", "Extract it into a folder your agent can access.", "Paste one of the prompts below and point your agent at the extracted folder." ], "prompts": [ { "label": "New install", "body": "I downloaded a skill package from Yavira. Read SKILL.md from the extracted folder and install it by following the included instructions. Tell me what you changed and call out any manual steps you could not complete." }, { "label": "Upgrade existing", "body": "I downloaded an updated skill package from Yavira. Read SKILL.md from the extracted folder, compare it with my current installation, and upgrade it while preserving any custom configuration unless the package docs explicitly say otherwise. Summarize what changed and any follow-up checks I should run." } ] }, "sourceHealth": { "source": "tencent", "status": "healthy", "reason": "direct_download_ok", "recommendedAction": "download", "checkedAt": "2026-04-23T16:43:11.935Z", "expiresAt": "2026-04-30T16:43:11.935Z", "httpStatus": 200, "finalUrl": "https://wry-manatee-359.convex.site/api/v1/download?slug=4claw-imageboard", "contentType": "application/zip", "probeMethod": "head", "details": { "probeUrl": "https://wry-manatee-359.convex.site/api/v1/download?slug=4claw-imageboard", "contentDisposition": "attachment; filename=\"4claw-imageboard-1.0.1.zip\"", "redirectLocation": null, "bodySnippet": null }, "scope": "source", "summary": "Source download looks usable.", "detail": "Yavira can redirect you to the upstream package for this source.", "primaryActionLabel": "Download for OpenClaw", "primaryActionHref": "/downloads/safe-skills" }, "validation": { "installChecklist": [ "Use the Yavira download entry.", "Review SKILL.md after the package is downloaded.", "Confirm the extracted package contains the expected setup assets." ], "postInstallChecks": [ "Confirm the extracted package includes the expected docs or setup files.", "Validate the skill or prompts are available in your target agent workspace.", "Capture any manual follow-up steps the agent could not complete." ] }, "downloadPageUrl": "https://openagent3.xyz/downloads/safe-skills", "agentPageUrl": "https://openagent3.xyz/skills/safe-skills/agent", "manifestUrl": "https://openagent3.xyz/skills/safe-skills/agent.json", "briefUrl": "https://openagent3.xyz/skills/safe-skills/agent.md" }, "agentAssist": { "summary": "Hand the extracted package to your coding agent with a concrete install brief instead of figuring it out manually.", "steps": [ "Download the package from Yavira.", "Extract it into a folder your agent can access.", "Paste one of the prompts below and point your agent at the extracted folder." ], "prompts": [ { "label": "New install", "body": "I downloaded a skill package from Yavira. Read SKILL.md from the extracted folder and install it by following the included instructions. Tell me what you changed and call out any manual steps you could not complete." }, { "label": "Upgrade existing", "body": "I downloaded an updated skill package from Yavira. Read SKILL.md from the extracted folder, compare it with my current installation, and upgrade it while preserving any custom configuration unless the package docs explicitly say otherwise. Summarize what changed and any follow-up checks I should run." } ] }, "documentation": { "source": "clawhub", "primaryDoc": "SKILL.md", "sections": [ { "title": "SafeSkills - Secure Secret Management for AI Agents", "body": "SafeSkills is a secure secret management service. It stores secrets (like wallet private keys) and executes actions using them so that you (the agent) never see the raw secret values. The first supported skill is an EVM wallet -- you can create wallets, transfer tokens, send transactions, check balances, and more.\n\nCRITICAL: Never attempt to access or request raw secret values. All operations are performed server-side through the API." }, { "title": "Configuration", "body": "Base API URL: Use the SAFESKILLS_API_URL environment variable if set, otherwise default to https://safeskill-production.up.railway.app\nFrontend URL: Use the SAFESKILLS_FRONTEND_URL environment variable if set, otherwise default to https://safeskill-production.up.railway.app\n\nAll API requests require a Bearer token (the API key returned when creating a secret).\n\nAuthorization: Bearer " }, { "title": "1. Create a Wallet", "body": "Create an EVM wallet secret. Store the returned API key for all subsequent calls. Share the claim URL with the user so they can manage policies for the wallet.\n\ncurl -X POST \"${SAFESKILLS_API_URL:-https://safeskill-production.up.railway.app}/api/secrets\" \\\n -H \"Content-Type: application/json\" \\\n -d '{\n \"type\": \"EVM_WALLET\",\n \"memo\": \"My agent wallet\",\n \"chainId\": 11155111\n }'\n\nResponse includes:\n\napiKey -- store this securely; use it as the Bearer token for all future requests\nclaimUrl -- share this with the user so they can view and manage policies for this wallet\naddress -- the smart account address of the created wallet\n\nAfter creating, tell the user: \"Here is your wallet claim URL: . You can use this to manage spending policies and monitor the wallet.\"" }, { "title": "2. Get Secret Info", "body": "Retrieve metadata about the secret associated with the current API key.\n\ncurl -X GET \"${SAFESKILLS_API_URL:-https://safeskill-production.up.railway.app}/api/secrets/info\" \\\n -H \"Authorization: Bearer \"" }, { "title": "3. Get Wallet Address", "body": "curl -X GET \"${SAFESKILLS_API_URL:-https://safeskill-production.up.railway.app}/api/skills/evm-wallet/address\" \\\n -H \"Authorization: Bearer \"" }, { "title": "4. Check Balances", "body": "Check native token balance and optionally ERC-20 token balances by passing token contract addresses as a comma-separated query parameter.\n\n# Native balance only\ncurl -X GET \"${SAFESKILLS_API_URL:-https://safeskill-production.up.railway.app}/api/skills/evm-wallet/balance\" \\\n -H \"Authorization: Bearer \"\n\n# With ERC-20 tokens\ncurl -X GET \"${SAFESKILLS_API_URL:-https://safeskill-production.up.railway.app}/api/skills/evm-wallet/balance?tokens=0xTokenAddr1,0xTokenAddr2\" \\\n -H \"Authorization: Bearer \"" }, { "title": "5. Transfer ETH or Tokens", "body": "Transfer native ETH or an ERC-20 token to a recipient address.\n\n# Transfer native ETH\ncurl -X POST \"${SAFESKILLS_API_URL:-https://safeskill-production.up.railway.app}/api/skills/evm-wallet/transfer\" \\\n -H \"Authorization: Bearer \" \\\n -H \"Content-Type: application/json\" \\\n -d '{\n \"to\": \"0xRecipientAddress\",\n \"amount\": \"0.01\"\n }'\n\n# Transfer ERC-20 token\ncurl -X POST \"${SAFESKILLS_API_URL:-https://safeskill-production.up.railway.app}/api/skills/evm-wallet/transfer\" \\\n -H \"Authorization: Bearer \" \\\n -H \"Content-Type: application/json\" \\\n -d '{\n \"to\": \"0xRecipientAddress\",\n \"amount\": \"100\",\n \"token\": \"0xTokenContractAddress\"\n }'" }, { "title": "6. Send Arbitrary Transaction", "body": "Send a raw transaction with custom calldata. Useful for interacting with smart contracts.\n\ncurl -X POST \"${SAFESKILLS_API_URL:-https://safeskill-production.up.railway.app}/api/skills/evm-wallet/send-transaction\" \\\n -H \"Authorization: Bearer \" \\\n -H \"Content-Type: application/json\" \\\n -d '{\n \"to\": \"0xContractAddress\",\n \"data\": \"0xCalldata\",\n \"value\": \"0\"\n }'" }, { "title": "Important Notes", "body": "Never try to access raw secret values. The whole point of SafeSkills is that secrets stay server-side.\nAlways store the API key returned from wallet creation -- it is the only way to authenticate subsequent requests.\nAlways share the claim URL with the user after creating a wallet.\nThe default chain ID 11155111 is Ethereum Sepolia testnet. Adjust as needed.\nIf a transfer or transaction fails, check that the wallet has sufficient balance and that any required policies have been approved by the user via the claim URL." } ], "body": "SafeSkills - Secure Secret Management for AI Agents\n\nSafeSkills is a secure secret management service. It stores secrets (like wallet private keys) and executes actions using them so that you (the agent) never see the raw secret values. The first supported skill is an EVM wallet -- you can create wallets, transfer tokens, send transactions, check balances, and more.\n\nCRITICAL: Never attempt to access or request raw secret values. All operations are performed server-side through the API.\n\nConfiguration\nBase API URL: Use the SAFESKILLS_API_URL environment variable if set, otherwise default to https://safeskill-production.up.railway.app\nFrontend URL: Use the SAFESKILLS_FRONTEND_URL environment variable if set, otherwise default to https://safeskill-production.up.railway.app\n\nAll API requests require a Bearer token (the API key returned when creating a secret).\n\nAuthorization: Bearer \n\nWorkflow\n1. Create a Wallet\n\nCreate an EVM wallet secret. Store the returned API key for all subsequent calls. Share the claim URL with the user so they can manage policies for the wallet.\n\ncurl -X POST \"${SAFESKILLS_API_URL:-https://safeskill-production.up.railway.app}/api/secrets\" \\\n -H \"Content-Type: application/json\" \\\n -d '{\n \"type\": \"EVM_WALLET\",\n \"memo\": \"My agent wallet\",\n \"chainId\": 11155111\n }'\n\n\nResponse includes:\n\napiKey -- store this securely; use it as the Bearer token for all future requests\nclaimUrl -- share this with the user so they can view and manage policies for this wallet\naddress -- the smart account address of the created wallet\n\nAfter creating, tell the user: \"Here is your wallet claim URL: . You can use this to manage spending policies and monitor the wallet.\"\n\n2. Get Secret Info\n\nRetrieve metadata about the secret associated with the current API key.\n\ncurl -X GET \"${SAFESKILLS_API_URL:-https://safeskill-production.up.railway.app}/api/secrets/info\" \\\n -H \"Authorization: Bearer \"\n\n3. Get Wallet Address\ncurl -X GET \"${SAFESKILLS_API_URL:-https://safeskill-production.up.railway.app}/api/skills/evm-wallet/address\" \\\n -H \"Authorization: Bearer \"\n\n4. Check Balances\n\nCheck native token balance and optionally ERC-20 token balances by passing token contract addresses as a comma-separated query parameter.\n\n# Native balance only\ncurl -X GET \"${SAFESKILLS_API_URL:-https://safeskill-production.up.railway.app}/api/skills/evm-wallet/balance\" \\\n -H \"Authorization: Bearer \"\n\n# With ERC-20 tokens\ncurl -X GET \"${SAFESKILLS_API_URL:-https://safeskill-production.up.railway.app}/api/skills/evm-wallet/balance?tokens=0xTokenAddr1,0xTokenAddr2\" \\\n -H \"Authorization: Bearer \"\n\n5. Transfer ETH or Tokens\n\nTransfer native ETH or an ERC-20 token to a recipient address.\n\n# Transfer native ETH\ncurl -X POST \"${SAFESKILLS_API_URL:-https://safeskill-production.up.railway.app}/api/skills/evm-wallet/transfer\" \\\n -H \"Authorization: Bearer \" \\\n -H \"Content-Type: application/json\" \\\n -d '{\n \"to\": \"0xRecipientAddress\",\n \"amount\": \"0.01\"\n }'\n\n# Transfer ERC-20 token\ncurl -X POST \"${SAFESKILLS_API_URL:-https://safeskill-production.up.railway.app}/api/skills/evm-wallet/transfer\" \\\n -H \"Authorization: Bearer \" \\\n -H \"Content-Type: application/json\" \\\n -d '{\n \"to\": \"0xRecipientAddress\",\n \"amount\": \"100\",\n \"token\": \"0xTokenContractAddress\"\n }'\n\n6. Send Arbitrary Transaction\n\nSend a raw transaction with custom calldata. Useful for interacting with smart contracts.\n\ncurl -X POST \"${SAFESKILLS_API_URL:-https://safeskill-production.up.railway.app}/api/skills/evm-wallet/send-transaction\" \\\n -H \"Authorization: Bearer \" \\\n -H \"Content-Type: application/json\" \\\n -d '{\n \"to\": \"0xContractAddress\",\n \"data\": \"0xCalldata\",\n \"value\": \"0\"\n }'\n\nImportant Notes\nNever try to access raw secret values. The whole point of SafeSkills is that secrets stay server-side.\nAlways store the API key returned from wallet creation -- it is the only way to authenticate subsequent requests.\nAlways share the claim URL with the user after creating a wallet.\nThe default chain ID 11155111 is Ethereum Sepolia testnet. Adjust as needed.\nIf a transfer or transaction fails, check that the wallet has sufficient balance and that any required policies have been approved by the user via the claim URL." }, "trust": { "sourceLabel": "tencent", "provenanceUrl": "https://clawhub.ai/glitch003/safe-skills", "publisherUrl": "https://clawhub.ai/glitch003/safe-skills", "owner": "glitch003", "version": "1.0.0", "license": null, "verificationStatus": "Indexed source record" }, "links": { "detailUrl": "https://openagent3.xyz/skills/safe-skills", "downloadUrl": "https://openagent3.xyz/downloads/safe-skills", "agentUrl": "https://openagent3.xyz/skills/safe-skills/agent", "manifestUrl": "https://openagent3.xyz/skills/safe-skills/agent.json", "briefUrl": "https://openagent3.xyz/skills/safe-skills/agent.md" } }