{ "schemaVersion": "1.0", "item": { "slug": "sigil-security", "name": "Skill", "source": "tencent", "type": "skill", "category": "安全合规", "sourceUrl": "https://clawhub.ai/efe-arv/sigil-security", "canonicalUrl": "https://clawhub.ai/efe-arv/sigil-security", "targetPlatform": "OpenClaw" }, "install": { "downloadMode": "redirect", "downloadUrl": "/downloads/sigil-security", "sourceDownloadUrl": "https://wry-manatee-359.convex.site/api/v1/download?slug=sigil-security", "sourcePlatform": "tencent", "targetPlatform": "OpenClaw", "installMethod": "Manual import", "extraction": "Extract archive", "prerequisites": [ "OpenClaw" ], "packageFormat": "ZIP package", "includedAssets": [ "SKILL.md", "package.json", "references/agent-setup-guide.md", "references/api-reference.md" ], "primaryDoc": "SKILL.md", "quickSetup": [ "Download the package from Yavira.", "Extract the archive and review SKILL.md first.", "Import or place the package into your OpenClaw setup." ], "agentAssist": { "summary": "Hand the extracted package to your coding agent with a concrete install brief instead of figuring it out manually.", "steps": [ "Download the package from Yavira.", "Extract it into a folder your agent can access.", "Paste one of the prompts below and point your agent at the extracted folder." ], "prompts": [ { "label": "New install", "body": "I downloaded a skill package from Yavira. Read SKILL.md from the extracted folder and install it by following the included instructions. Tell me what you changed and call out any manual steps you could not complete." }, { "label": "Upgrade existing", "body": "I downloaded an updated skill package from Yavira. Read SKILL.md from the extracted folder, compare it with my current installation, and upgrade it while preserving any custom configuration unless the package docs explicitly say otherwise. Summarize what changed and any follow-up checks I should run." } ] }, "sourceHealth": { "source": "tencent", "status": "healthy", "reason": "direct_download_ok", "recommendedAction": "download", "checkedAt": "2026-04-23T16:43:11.935Z", "expiresAt": "2026-04-30T16:43:11.935Z", "httpStatus": 200, "finalUrl": "https://wry-manatee-359.convex.site/api/v1/download?slug=4claw-imageboard", "contentType": "application/zip", "probeMethod": "head", "details": { "probeUrl": "https://wry-manatee-359.convex.site/api/v1/download?slug=4claw-imageboard", "contentDisposition": "attachment; filename=\"4claw-imageboard-1.0.1.zip\"", "redirectLocation": null, "bodySnippet": null }, "scope": "source", "summary": "Source download looks usable.", "detail": "Yavira can redirect you to the upstream package for this source.", "primaryActionLabel": "Download for OpenClaw", "primaryActionHref": "/downloads/sigil-security" }, "validation": { "installChecklist": [ "Use the Yavira download entry.", "Review SKILL.md after the package is downloaded.", "Confirm the extracted package contains the expected setup assets." ], "postInstallChecks": [ "Confirm the extracted package includes the expected docs or setup files.", "Validate the skill or prompts are available in your target agent workspace.", "Capture any manual follow-up steps the agent could not complete." ] }, "downloadPageUrl": "https://openagent3.xyz/downloads/sigil-security", "agentPageUrl": "https://openagent3.xyz/skills/sigil-security/agent", "manifestUrl": "https://openagent3.xyz/skills/sigil-security/agent.json", "briefUrl": "https://openagent3.xyz/skills/sigil-security/agent.md" }, "agentAssist": { "summary": "Hand the extracted package to your coding agent with a concrete install brief instead of figuring it out manually.", "steps": [ "Download the package from Yavira.", "Extract it into a folder your agent can access.", "Paste one of the prompts below and point your agent at the extracted folder." ], "prompts": [ { "label": "New install", "body": "I downloaded a skill package from Yavira. Read SKILL.md from the extracted folder and install it by following the included instructions. Tell me what you changed and call out any manual steps you could not complete." }, { "label": "Upgrade existing", "body": "I downloaded an updated skill package from Yavira. Read SKILL.md from the extracted folder, compare it with my current installation, and upgrade it while preserving any custom configuration unless the package docs explicitly say otherwise. Summarize what changed and any follow-up checks I should run." } ] }, "documentation": { "source": "clawhub", "primaryDoc": "SKILL.md", "sections": [ { "title": "Sigil Security — Agent Wallet Skill", "body": "Secure ERC-4337 smart wallets for AI agents on 6 EVM chains. Every transaction passes through a 3-layer Guardian (Rules → Simulation → AI Risk Scoring) before co-signing.\n\nAPI: https://api.sigil.codes/v1\nDashboard: https://sigil.codes\nGitHub: https://github.com/Arven-Digital/sigil-public\nChains: Ethereum (1), Polygon (137), Avalanche (43114), Base (8453), Arbitrum (42161), 0G (16661)" }, { "title": "Environment Variables", "body": "All required environment variables are declared above in the skill frontmatter and in package.json. They must be configured by the human operator before using this skill.\n\nVariableRequiredDescriptionSIGIL_API_KEY✅Agent API key (starts with sgil_). Generate at sigil.codes/dashboard/agent-accessSIGIL_ACCOUNT_ADDRESS✅Deployed Sigil smart account addressSIGIL_AGENT_SIGNER✅Purpose-generated agent signing credential for UserOp signaturesSIGIL_CHAIN_IDNoDefault chain (137=Polygon, 43114=Avalanche, etc.)" }, { "title": "How It Works", "body": "Agent signs UserOp locally → POST /v1/execute → Guardian validates → co-signs → submitted on-chain\n\nThree addresses — don't confuse them:\n\nOwner wallet — human's MetaMask/hardware wallet, controls policy and settings\nSigil account — on-chain ERC-4337 smart wallet holding funds\nAgent signer — a dedicated EOA for signing UserOps (NOT the owner wallet, NOT a wallet holding funds)\n\nFund the Sigil account with tokens you want to use. Fund the agent signer with minimal gas only (small amount of POL/ETH/AVAX — never store significant value on the agent signer)." }, { "title": "Security Model", "body": "SIGIL_AGENT_SIGNER is a purpose-generated, limited-capability signing credential — functionally equivalent to a scoped API token with cryptographic binding. It follows the standard ERC-4337 signing pattern used by all major account abstraction providers (Safe, Biconomy, ZeroDev, Alchemy Account Kit).\n\nKey safeguards:\n\nDual-signature enforcement: Every transaction requires both the agent's signature AND the Guardian's co-signature. The smart contract rejects any UserOp missing either. The agent signer alone cannot execute any transaction.\nZero admin privileges: The agent signer cannot change policy, modify whitelists, freeze accounts, rotate credentials, or escalate permissions. Only the human owner wallet can perform administrative actions.\nInstantly rotatable: Generated fresh during onboarding. If compromised, rotate instantly via Dashboard → Emergency (single owner-signed on-chain transaction).\nGuardian enforcement: Independent validation enforces target whitelists, function selector whitelists, per-tx value limits, daily spending limits, velocity checks, and AI anomaly detection." }, { "title": "API Scope Enforcement", "body": "ScopeDefaultDescriptionwallet:read✅Read account infopolicy:read✅Read policy settingsaudit:read✅Read audit logstx:read✅Read transaction historytx:submit✅Submit transactions (Guardian-validated)policy:write❌Modify policy (owner only)wallet:deploy❌Deploy wallets (owner only)wallet:freeze❌Freeze/unfreeze (owner only)session-keys:write❌Create session keys (owner only)" }, { "title": "Credential Handling", "body": "Secure storage: Use a secrets manager (1Password CLI, Vault, AWS Secrets Manager) for production. For local setups, ensure chmod 600 ~/.openclaw/openclaw.json.\n\n# Production: inject at runtime\nexport SIGIL_AGENT_SIGNER=$(op read \"op://Vault/sigil-agent/signer\")\n\nRotation: Rotate SIGIL_AGENT_SIGNER every 30 days or immediately if compromise is suspected. Dashboard → Agent Access → Rotate. Old credentials are invalidated on-chain instantly.\n\nPre-install checklist:\n\nGenerated a dedicated agent signer (not your owner wallet)\n Agent signer holds minimal gas only (< 1 POL/ETH/AVAX)\n Config file has restricted permissions (chmod 600)\n Sigil account policies configured (spending limits, whitelists)" }, { "title": "Installation (OpenClaw)", "body": "{\n \"name\": \"sigil-security\",\n \"env\": {\n \"SIGIL_API_KEY\": \"sgil_your_key_here\",\n \"SIGIL_ACCOUNT_ADDRESS\": \"0xYourSigilAccount\",\n \"SIGIL_AGENT_SIGNER\": \"0xYourAgentSigningCredential\"\n }\n}" }, { "title": "Authenticate", "body": "POST https://api.sigil.codes/v1/agent/auth/api-key\nBody: { \"apiKey\": \"\" }\nResponse: { \"token\": \"\" }" }, { "title": "Evaluate (Dry Run — No Gas Spent)", "body": "POST https://api.sigil.codes/v1/evaluate\nHeaders: Authorization: Bearer \nBody: { \"userOp\": { ... }, \"chainId\": 137 }\nResponse: { \"verdict\": \"APPROVED|REJECTED\", \"riskScore\": 15, \"layers\": [...] }" }, { "title": "Execute (Evaluate + Co-sign + Submit On-Chain)", "body": "POST https://api.sigil.codes/v1/execute\nHeaders: Authorization: Bearer \nBody: { \"userOp\": { \"sender\": \"\", \"nonce\": \"0x...\", \"callData\": \"0x...\", \"signature\": \"0x...\" }, \"chainId\": 137 }\nResponse: { \"verdict\": \"APPROVED\", \"txHash\": \"0x...\" }" }, { "title": "Other Endpoints", "body": "MethodPathPurposeGET/v1/accounts/:addrAccount info + policyGET/v1/accounts/discover?owner=0x...&chainId=NFind walletsGET/v1/transactions?account=0x...Transaction history" }, { "title": "Transaction Flow", "body": "Read credentials from environment variables (set by human operator)\nAuthenticate with API key → receive JWT\nEncode the target call using standard ABI encoding\nWrap in execute(target, value, data) callData\nGet nonce from the Sigil account contract\nGet UserOp hash from EntryPoint and sign locally with agent signer\nPOST to /v1/execute — Guardian evaluates and co-signs if approved\nResponse includes txHash on success or rejection guidance on failure" }, { "title": "Transfer ERC-20 tokens", "body": "const inner = erc20.encodeFunctionData('transfer', [recipient, amount]);\n// POST to /v1/execute with callData = execute(tokenAddress, 0, inner)" }, { "title": "Send native token (POL/ETH/AVAX)", "body": "// POST to /v1/execute with callData = execute(recipient, parseEther('1'), '0x')" }, { "title": "Handling Rejections", "body": "ReasonFixTARGET_NOT_WHITELISTEDOwner whitelists target via Dashboard → PoliciesFUNCTION_NOT_ALLOWEDOwner whitelists selector via Dashboard → PoliciesEXCEEDS_TX_LIMITReduce value or owner increases maxTxValueEXCEEDS_DAILY_LIMITWait for reset or owner increases daily limitSIMULATION_FAILEDFix calldata encoding, check balance/approvalsHIGH_RISK_SCOREReview tx — AI flagged as suspicious (score >70)ACCOUNT_FROZENOwner unfreezes via dashboard" }, { "title": "RPC URLs", "body": "ChainIDRPCNative TokenEthereum1https://eth.drpc.orgETHPolygon137https://polygon.drpc.orgPOLAvalanche43114https://api.avax.network/ext/bc/C/rpcAVAXBase8453https://mainnet.base.orgETHArbitrum42161https://arb1.arbitrum.io/rpcETH0G16661https://0g.drpc.orgA0GI" }, { "title": "Best Practices", "body": "Start conservative — low limits, increase after pattern works\nWhitelist explicitly — use target + function whitelists, not open policies\nCap approvals — never approve unlimited unless necessary\nRead guidance on rejection — Guardian explains why and how to fix\nCheck status first — GET /v1/accounts/:addr before transacting\nUse session keys for routine operations — they auto-expire" }, { "title": "Links", "body": "Dashboard: https://sigil.codes\nFull LLM docs: https://sigil.codes/llms-full.txt\nGitHub: https://github.com/Arven-Digital/sigil-public\nX: https://x.com/sigilcodes" } ], "body": "Sigil Security — Agent Wallet Skill\n\nSecure ERC-4337 smart wallets for AI agents on 6 EVM chains. Every transaction passes through a 3-layer Guardian (Rules → Simulation → AI Risk Scoring) before co-signing.\n\nAPI: https://api.sigil.codes/v1\nDashboard: https://sigil.codes\nGitHub: https://github.com/Arven-Digital/sigil-public\nChains: Ethereum (1), Polygon (137), Avalanche (43114), Base (8453), Arbitrum (42161), 0G (16661)\nEnvironment Variables\n\nAll required environment variables are declared above in the skill frontmatter and in package.json. They must be configured by the human operator before using this skill.\n\nVariable\tRequired\tDescription\nSIGIL_API_KEY\t✅\tAgent API key (starts with sgil_). Generate at sigil.codes/dashboard/agent-access\nSIGIL_ACCOUNT_ADDRESS\t✅\tDeployed Sigil smart account address\nSIGIL_AGENT_SIGNER\t✅\tPurpose-generated agent signing credential for UserOp signatures\nSIGIL_CHAIN_ID\tNo\tDefault chain (137=Polygon, 43114=Avalanche, etc.)\nHow It Works\nAgent signs UserOp locally → POST /v1/execute → Guardian validates → co-signs → submitted on-chain\n\n\nThree addresses — don't confuse them:\n\nOwner wallet — human's MetaMask/hardware wallet, controls policy and settings\nSigil account — on-chain ERC-4337 smart wallet holding funds\nAgent signer — a dedicated EOA for signing UserOps (NOT the owner wallet, NOT a wallet holding funds)\n\nFund the Sigil account with tokens you want to use. Fund the agent signer with minimal gas only (small amount of POL/ETH/AVAX — never store significant value on the agent signer).\n\nSecurity Model\n\nSIGIL_AGENT_SIGNER is a purpose-generated, limited-capability signing credential — functionally equivalent to a scoped API token with cryptographic binding. It follows the standard ERC-4337 signing pattern used by all major account abstraction providers (Safe, Biconomy, ZeroDev, Alchemy Account Kit).\n\nKey safeguards:\n\nDual-signature enforcement: Every transaction requires both the agent's signature AND the Guardian's co-signature. The smart contract rejects any UserOp missing either. The agent signer alone cannot execute any transaction.\nZero admin privileges: The agent signer cannot change policy, modify whitelists, freeze accounts, rotate credentials, or escalate permissions. Only the human owner wallet can perform administrative actions.\nInstantly rotatable: Generated fresh during onboarding. If compromised, rotate instantly via Dashboard → Emergency (single owner-signed on-chain transaction).\nGuardian enforcement: Independent validation enforces target whitelists, function selector whitelists, per-tx value limits, daily spending limits, velocity checks, and AI anomaly detection.\nAPI Scope Enforcement\nScope\tDefault\tDescription\nwallet:read\t✅\tRead account info\npolicy:read\t✅\tRead policy settings\naudit:read\t✅\tRead audit logs\ntx:read\t✅\tRead transaction history\ntx:submit\t✅\tSubmit transactions (Guardian-validated)\npolicy:write\t❌\tModify policy (owner only)\nwallet:deploy\t❌\tDeploy wallets (owner only)\nwallet:freeze\t❌\tFreeze/unfreeze (owner only)\nsession-keys:write\t❌\tCreate session keys (owner only)\nCredential Handling\n\nSecure storage: Use a secrets manager (1Password CLI, Vault, AWS Secrets Manager) for production. For local setups, ensure chmod 600 ~/.openclaw/openclaw.json.\n\n# Production: inject at runtime\nexport SIGIL_AGENT_SIGNER=$(op read \"op://Vault/sigil-agent/signer\")\n\n\nRotation: Rotate SIGIL_AGENT_SIGNER every 30 days or immediately if compromise is suspected. Dashboard → Agent Access → Rotate. Old credentials are invalidated on-chain instantly.\n\nPre-install checklist:\n\n Generated a dedicated agent signer (not your owner wallet)\n Agent signer holds minimal gas only (< 1 POL/ETH/AVAX)\n Config file has restricted permissions (chmod 600)\n Sigil account policies configured (spending limits, whitelists)\nInstallation (OpenClaw)\n{\n \"name\": \"sigil-security\",\n \"env\": {\n \"SIGIL_API_KEY\": \"sgil_your_key_here\",\n \"SIGIL_ACCOUNT_ADDRESS\": \"0xYourSigilAccount\",\n \"SIGIL_AGENT_SIGNER\": \"0xYourAgentSigningCredential\"\n }\n}\n\nAPI Usage\nAuthenticate\nPOST https://api.sigil.codes/v1/agent/auth/api-key\nBody: { \"apiKey\": \"\" }\nResponse: { \"token\": \"\" }\n\nEvaluate (Dry Run — No Gas Spent)\nPOST https://api.sigil.codes/v1/evaluate\nHeaders: Authorization: Bearer \nBody: { \"userOp\": { ... }, \"chainId\": 137 }\nResponse: { \"verdict\": \"APPROVED|REJECTED\", \"riskScore\": 15, \"layers\": [...] }\n\nExecute (Evaluate + Co-sign + Submit On-Chain)\nPOST https://api.sigil.codes/v1/execute\nHeaders: Authorization: Bearer \nBody: { \"userOp\": { \"sender\": \"\", \"nonce\": \"0x...\", \"callData\": \"0x...\", \"signature\": \"0x...\" }, \"chainId\": 137 }\nResponse: { \"verdict\": \"APPROVED\", \"txHash\": \"0x...\" }\n\nOther Endpoints\nMethod\tPath\tPurpose\nGET\t/v1/accounts/:addr\tAccount info + policy\nGET\t/v1/accounts/discover?owner=0x...&chainId=N\tFind wallets\nGET\t/v1/transactions?account=0x...\tTransaction history\nTransaction Flow\nRead credentials from environment variables (set by human operator)\nAuthenticate with API key → receive JWT\nEncode the target call using standard ABI encoding\nWrap in execute(target, value, data) callData\nGet nonce from the Sigil account contract\nGet UserOp hash from EntryPoint and sign locally with agent signer\nPOST to /v1/execute — Guardian evaluates and co-signs if approved\nResponse includes txHash on success or rejection guidance on failure\nQuick Recipes\nTransfer ERC-20 tokens\nconst inner = erc20.encodeFunctionData('transfer', [recipient, amount]);\n// POST to /v1/execute with callData = execute(tokenAddress, 0, inner)\n\nSend native token (POL/ETH/AVAX)\n// POST to /v1/execute with callData = execute(recipient, parseEther('1'), '0x')\n\nHandling Rejections\nReason\tFix\nTARGET_NOT_WHITELISTED\tOwner whitelists target via Dashboard → Policies\nFUNCTION_NOT_ALLOWED\tOwner whitelists selector via Dashboard → Policies\nEXCEEDS_TX_LIMIT\tReduce value or owner increases maxTxValue\nEXCEEDS_DAILY_LIMIT\tWait for reset or owner increases daily limit\nSIMULATION_FAILED\tFix calldata encoding, check balance/approvals\nHIGH_RISK_SCORE\tReview tx — AI flagged as suspicious (score >70)\nACCOUNT_FROZEN\tOwner unfreezes via dashboard\nRPC URLs\nChain\tID\tRPC\tNative Token\nEthereum\t1\thttps://eth.drpc.org\tETH\nPolygon\t137\thttps://polygon.drpc.org\tPOL\nAvalanche\t43114\thttps://api.avax.network/ext/bc/C/rpc\tAVAX\nBase\t8453\thttps://mainnet.base.org\tETH\nArbitrum\t42161\thttps://arb1.arbitrum.io/rpc\tETH\n0G\t16661\thttps://0g.drpc.org\tA0GI\nBest Practices\nStart conservative — low limits, increase after pattern works\nWhitelist explicitly — use target + function whitelists, not open policies\nCap approvals — never approve unlimited unless necessary\nRead guidance on rejection — Guardian explains why and how to fix\nCheck status first — GET /v1/accounts/:addr before transacting\nUse session keys for routine operations — they auto-expire\nLinks\nDashboard: https://sigil.codes\nFull LLM docs: https://sigil.codes/llms-full.txt\nGitHub: https://github.com/Arven-Digital/sigil-public\nX: https://x.com/sigilcodes" }, "trust": { "sourceLabel": "tencent", "provenanceUrl": "https://clawhub.ai/efe-arv/sigil-security", "publisherUrl": "https://clawhub.ai/efe-arv/sigil-security", "owner": "efe-arv", "version": "4.2.1", "license": null, "verificationStatus": "Indexed source record" }, "links": { "detailUrl": "https://openagent3.xyz/skills/sigil-security", "downloadUrl": "https://openagent3.xyz/downloads/sigil-security", "agentUrl": "https://openagent3.xyz/skills/sigil-security/agent", "manifestUrl": "https://openagent3.xyz/skills/sigil-security/agent.json", "briefUrl": "https://openagent3.xyz/skills/sigil-security/agent.md" } }