← All skills

Tencent SkillHub · Security & Compliance

Skill

Secure AI agent wallets via Sigil Protocol. 3-layer Guardian validation on 6 EVM chains.

skill openclawclawhub Free

0 Downloads

0 Stars

0 Installs

0 Score

High Signal

Secure AI agent wallets via Sigil Protocol. 3-layer Guardian validation on 6 EVM chains.

⬇ 0 downloads ★ 0 stars Unverified but indexed

Install for OpenClaw

Quick setup

Download the package from Yavira.
Extract the archive and review SKILL.md first.
Import or place the package into your OpenClaw setup.

Requirements

Target platform: OpenClaw
Install method: Manual import
Extraction: Extract archive
Prerequisites: OpenClaw
Primary doc: SKILL.md

Package facts

Download mode: Yavira redirect
Package format: ZIP package
Source platform: Tencent SkillHub
What's included: SKILL.md, package.json, references/agent-setup-guide.md, references/api-reference.md

Validation

Use the Yavira download entry.
Review SKILL.md after the package is downloaded.
Confirm the extracted package contains the expected setup assets.

Install with your agent

Agent handoff

Hand the extracted package to your coding agent with a concrete install brief instead of figuring it out manually.

Download the package from Yavira.
Extract it into a folder your agent can access.
Paste one of the prompts below and point your agent at the extracted folder.

New install

I downloaded a skill package from Yavira. Read SKILL.md from the extracted folder and install it by following the included instructions. Tell me what you changed and call out any manual steps you could not complete.

Upgrade existing

I downloaded an updated skill package from Yavira. Read SKILL.md from the extracted folder, compare it with my current installation, and upgrade it while preserving any custom configuration unless the package docs explicitly say otherwise. Summarize what changed and any follow-up checks I should run.

Open Send to Agent page Open JSON manifest Open Markdown brief

Trust & source

Release facts

Source: Tencent SkillHub
Verification: Indexed source record
Version: 4.2.1

Provenance

Publisher: efe-arv
Source page: View original listing
Canonical URL: Open canonical page

Documentation

ClawHub primary doc Primary doc: SKILL.md 18 sections Open source page

Sigil Security — Agent Wallet Skill

Secure ERC-4337 smart wallets for AI agents on 6 EVM chains. Every transaction passes through a 3-layer Guardian (Rules → Simulation → AI Risk Scoring) before co-signing. API: https://api.sigil.codes/v1 Dashboard: https://sigil.codes GitHub: https://github.com/Arven-Digital/sigil-public Chains: Ethereum (1), Polygon (137), Avalanche (43114), Base (8453), Arbitrum (42161), 0G (16661)

Environment Variables

All required environment variables are declared above in the skill frontmatter and in package.json. They must be configured by the human operator before using this skill. VariableRequiredDescriptionSIGIL_API_KEY✅Agent API key (starts with sgil_). Generate at sigil.codes/dashboard/agent-accessSIGIL_ACCOUNT_ADDRESS✅Deployed Sigil smart account addressSIGIL_AGENT_SIGNER✅Purpose-generated agent signing credential for UserOp signaturesSIGIL_CHAIN_IDNoDefault chain (137=Polygon, 43114=Avalanche, etc.)

How It Works

Agent signs UserOp locally → POST /v1/execute → Guardian validates → co-signs → submitted on-chain Three addresses — don't confuse them: Owner wallet — human's MetaMask/hardware wallet, controls policy and settings Sigil account — on-chain ERC-4337 smart wallet holding funds Agent signer — a dedicated EOA for signing UserOps (NOT the owner wallet, NOT a wallet holding funds) Fund the Sigil account with tokens you want to use. Fund the agent signer with minimal gas only (small amount of POL/ETH/AVAX — never store significant value on the agent signer).

Security Model

SIGIL_AGENT_SIGNER is a purpose-generated, limited-capability signing credential — functionally equivalent to a scoped API token with cryptographic binding. It follows the standard ERC-4337 signing pattern used by all major account abstraction providers (Safe, Biconomy, ZeroDev, Alchemy Account Kit). Key safeguards: Dual-signature enforcement: Every transaction requires both the agent's signature AND the Guardian's co-signature. The smart contract rejects any UserOp missing either. The agent signer alone cannot execute any transaction. Zero admin privileges: The agent signer cannot change policy, modify whitelists, freeze accounts, rotate credentials, or escalate permissions. Only the human owner wallet can perform administrative actions. Instantly rotatable: Generated fresh during onboarding. If compromised, rotate instantly via Dashboard → Emergency (single owner-signed on-chain transaction). Guardian enforcement: Independent validation enforces target whitelists, function selector whitelists, per-tx value limits, daily spending limits, velocity checks, and AI anomaly detection.

API Scope Enforcement

ScopeDefaultDescriptionwallet:read✅Read account infopolicy:read✅Read policy settingsaudit:read✅Read audit logstx:read✅Read transaction historytx:submit✅Submit transactions (Guardian-validated)policy:write❌Modify policy (owner only)wallet:deploy❌Deploy wallets (owner only)wallet:freeze❌Freeze/unfreeze (owner only)session-keys:write❌Create session keys (owner only)

Credential Handling

Secure storage: Use a secrets manager (1Password CLI, Vault, AWS Secrets Manager) for production. For local setups, ensure chmod 600 ~/.openclaw/openclaw.json. # Production: inject at runtime export SIGIL_AGENT_SIGNER=$(op read "op://Vault/sigil-agent/signer") Rotation: Rotate SIGIL_AGENT_SIGNER every 30 days or immediately if compromise is suspected. Dashboard → Agent Access → Rotate. Old credentials are invalidated on-chain instantly. Pre-install checklist: Generated a dedicated agent signer (not your owner wallet) Agent signer holds minimal gas only (< 1 POL/ETH/AVAX) Config file has restricted permissions (chmod 600) Sigil account policies configured (spending limits, whitelists)

Installation (OpenClaw)

{ "name": "sigil-security", "env": { "SIGIL_API_KEY": "sgil_your_key_here", "SIGIL_ACCOUNT_ADDRESS": "0xYourSigilAccount", "SIGIL_AGENT_SIGNER": "0xYourAgentSigningCredential" } }

Authenticate

POST https://api.sigil.codes/v1/agent/auth/api-key Body: { "apiKey": "<SIGIL_API_KEY>" } Response: { "token": "<JWT>" }

Evaluate (Dry Run — No Gas Spent)

POST https://api.sigil.codes/v1/evaluate Headers: Authorization: Bearer <JWT> Body: { "userOp": { ... }, "chainId": 137 } Response: { "verdict": "APPROVED|REJECTED", "riskScore": 15, "layers": [...] }

Execute (Evaluate + Co-sign + Submit On-Chain)

POST https://api.sigil.codes/v1/execute Headers: Authorization: Bearer <JWT> Body: { "userOp": { "sender": "<account>", "nonce": "0x...", "callData": "0x...", "signature": "0x..." }, "chainId": 137 } Response: { "verdict": "APPROVED", "txHash": "0x..." }

Other Endpoints

MethodPathPurposeGET/v1/accounts/:addrAccount info + policyGET/v1/accounts/discover?owner=0x...&chainId=NFind walletsGET/v1/transactions?account=0x...Transaction history

Transaction Flow

Read credentials from environment variables (set by human operator) Authenticate with API key → receive JWT Encode the target call using standard ABI encoding Wrap in execute(target, value, data) callData Get nonce from the Sigil account contract Get UserOp hash from EntryPoint and sign locally with agent signer POST to /v1/execute — Guardian evaluates and co-signs if approved Response includes txHash on success or rejection guidance on failure

Transfer ERC-20 tokens

const inner = erc20.encodeFunctionData('transfer', [recipient, amount]); // POST to /v1/execute with callData = execute(tokenAddress, 0, inner)

Send native token (POL/ETH/AVAX)

// POST to /v1/execute with callData = execute(recipient, parseEther('1'), '0x')

Handling Rejections

ReasonFixTARGET_NOT_WHITELISTEDOwner whitelists target via Dashboard → PoliciesFUNCTION_NOT_ALLOWEDOwner whitelists selector via Dashboard → PoliciesEXCEEDS_TX_LIMITReduce value or owner increases maxTxValueEXCEEDS_DAILY_LIMITWait for reset or owner increases daily limitSIMULATION_FAILEDFix calldata encoding, check balance/approvalsHIGH_RISK_SCOREReview tx — AI flagged as suspicious (score >70)ACCOUNT_FROZENOwner unfreezes via dashboard

RPC URLs

ChainIDRPCNative TokenEthereum1https://eth.drpc.orgETHPolygon137https://polygon.drpc.orgPOLAvalanche43114https://api.avax.network/ext/bc/C/rpcAVAXBase8453https://mainnet.base.orgETHArbitrum42161https://arb1.arbitrum.io/rpcETH0G16661https://0g.drpc.orgA0GI

Best Practices

Start conservative — low limits, increase after pattern works Whitelist explicitly — use target + function whitelists, not open policies Cap approvals — never approve unlimited unless necessary Read guidance on rejection — Guardian explains why and how to fix Check status first — GET /v1/accounts/:addr before transacting Use session keys for routine operations — they auto-expire

Links

Dashboard: https://sigil.codes Full LLM docs: https://sigil.codes/llms-full.txt GitHub: https://github.com/Arven-Digital/sigil-public X: https://x.com/sigilcodes

Category context

Identity, auth, scanning, governance, audit, and operational guardrails.

Source: Tencent SkillHub

Largest current source with strong distribution and engagement signals.

Package contents

Included in package

3 Docs1 Config

SKILL.md Primary doc
references/agent-setup-guide.md Docs
references/api-reference.md Docs
package.json Config