# Send Skill to your agent
Hand the extracted package to your coding agent with a concrete install brief instead of figuring it out manually.
## Fast path
- Download the package from Yavira.
- Extract it into a folder your agent can access.
- Paste one of the prompts below and point your agent at the extracted folder.
## Suggested prompts
### New install

```text
I downloaded a skill package from Yavira. Read SKILL.md from the extracted folder and install it by following the included instructions. Tell me what you changed and call out any manual steps you could not complete.
```
### Upgrade existing

```text
I downloaded an updated skill package from Yavira. Read SKILL.md from the extracted folder, compare it with my current installation, and upgrade it while preserving any custom configuration unless the package docs explicitly say otherwise. Summarize what changed and any follow-up checks I should run.
```
## Machine-readable fields
```json
{
  "schemaVersion": "1.0",
  "item": {
    "slug": "sigil-security",
    "name": "Skill",
    "source": "tencent",
    "type": "skill",
    "category": "安全合规",
    "sourceUrl": "https://clawhub.ai/efe-arv/sigil-security",
    "canonicalUrl": "https://clawhub.ai/efe-arv/sigil-security",
    "targetPlatform": "OpenClaw"
  },
  "install": {
    "downloadUrl": "/downloads/sigil-security",
    "sourceDownloadUrl": "https://wry-manatee-359.convex.site/api/v1/download?slug=sigil-security",
    "sourcePlatform": "tencent",
    "targetPlatform": "OpenClaw",
    "packageFormat": "ZIP package",
    "primaryDoc": "SKILL.md",
    "includedAssets": [
      "SKILL.md",
      "package.json",
      "references/agent-setup-guide.md",
      "references/api-reference.md"
    ],
    "downloadMode": "redirect",
    "sourceHealth": {
      "source": "tencent",
      "slug": "sigil-security",
      "status": "healthy",
      "reason": "direct_download_ok",
      "recommendedAction": "download",
      "checkedAt": "2026-04-29T15:38:01.931Z",
      "expiresAt": "2026-05-06T15:38:01.931Z",
      "httpStatus": 200,
      "finalUrl": "https://wry-manatee-359.convex.site/api/v1/download?slug=sigil-security",
      "contentType": "application/zip",
      "probeMethod": "head",
      "details": {
        "probeUrl": "https://wry-manatee-359.convex.site/api/v1/download?slug=sigil-security",
        "contentDisposition": "attachment; filename=\"sigil-security-4.2.1.zip\"",
        "redirectLocation": null,
        "bodySnippet": null,
        "slug": "sigil-security"
      },
      "scope": "item",
      "summary": "Item download looks usable.",
      "detail": "Yavira can redirect you to the upstream package for this item.",
      "primaryActionLabel": "Download for OpenClaw",
      "primaryActionHref": "/downloads/sigil-security"
    },
    "validation": {
      "installChecklist": [
        "Use the Yavira download entry.",
        "Review SKILL.md after the package is downloaded.",
        "Confirm the extracted package contains the expected setup assets."
      ],
      "postInstallChecks": [
        "Confirm the extracted package includes the expected docs or setup files.",
        "Validate the skill or prompts are available in your target agent workspace.",
        "Capture any manual follow-up steps the agent could not complete."
      ]
    }
  },
  "links": {
    "detailUrl": "https://openagent3.xyz/skills/sigil-security",
    "downloadUrl": "https://openagent3.xyz/downloads/sigil-security",
    "agentUrl": "https://openagent3.xyz/skills/sigil-security/agent",
    "manifestUrl": "https://openagent3.xyz/skills/sigil-security/agent.json",
    "briefUrl": "https://openagent3.xyz/skills/sigil-security/agent.md"
  }
}
```
## Documentation

### Sigil Security — Agent Wallet Skill

Secure ERC-4337 smart wallets for AI agents on 6 EVM chains. Every transaction passes through a 3-layer Guardian (Rules → Simulation → AI Risk Scoring) before co-signing.

API: https://api.sigil.codes/v1
Dashboard: https://sigil.codes
GitHub: https://github.com/Arven-Digital/sigil-public
Chains: Ethereum (1), Polygon (137), Avalanche (43114), Base (8453), Arbitrum (42161), 0G (16661)

### Environment Variables

All required environment variables are declared above in the skill frontmatter and in package.json. They must be configured by the human operator before using this skill.

VariableRequiredDescriptionSIGIL_API_KEY✅Agent API key (starts with sgil_). Generate at sigil.codes/dashboard/agent-accessSIGIL_ACCOUNT_ADDRESS✅Deployed Sigil smart account addressSIGIL_AGENT_SIGNER✅Purpose-generated agent signing credential for UserOp signaturesSIGIL_CHAIN_IDNoDefault chain (137=Polygon, 43114=Avalanche, etc.)

### How It Works

Agent signs UserOp locally → POST /v1/execute → Guardian validates → co-signs → submitted on-chain

Three addresses — don't confuse them:

Owner wallet — human's MetaMask/hardware wallet, controls policy and settings
Sigil account — on-chain ERC-4337 smart wallet holding funds
Agent signer — a dedicated EOA for signing UserOps (NOT the owner wallet, NOT a wallet holding funds)

Fund the Sigil account with tokens you want to use. Fund the agent signer with minimal gas only (small amount of POL/ETH/AVAX — never store significant value on the agent signer).

### Security Model

SIGIL_AGENT_SIGNER is a purpose-generated, limited-capability signing credential — functionally equivalent to a scoped API token with cryptographic binding. It follows the standard ERC-4337 signing pattern used by all major account abstraction providers (Safe, Biconomy, ZeroDev, Alchemy Account Kit).

Key safeguards:

Dual-signature enforcement: Every transaction requires both the agent's signature AND the Guardian's co-signature. The smart contract rejects any UserOp missing either. The agent signer alone cannot execute any transaction.
Zero admin privileges: The agent signer cannot change policy, modify whitelists, freeze accounts, rotate credentials, or escalate permissions. Only the human owner wallet can perform administrative actions.
Instantly rotatable: Generated fresh during onboarding. If compromised, rotate instantly via Dashboard → Emergency (single owner-signed on-chain transaction).
Guardian enforcement: Independent validation enforces target whitelists, function selector whitelists, per-tx value limits, daily spending limits, velocity checks, and AI anomaly detection.

### API Scope Enforcement

ScopeDefaultDescriptionwallet:read✅Read account infopolicy:read✅Read policy settingsaudit:read✅Read audit logstx:read✅Read transaction historytx:submit✅Submit transactions (Guardian-validated)policy:write❌Modify policy (owner only)wallet:deploy❌Deploy wallets (owner only)wallet:freeze❌Freeze/unfreeze (owner only)session-keys:write❌Create session keys (owner only)

### Credential Handling

Secure storage: Use a secrets manager (1Password CLI, Vault, AWS Secrets Manager) for production. For local setups, ensure chmod 600 ~/.openclaw/openclaw.json.

# Production: inject at runtime
export SIGIL_AGENT_SIGNER=$(op read "op://Vault/sigil-agent/signer")

Rotation: Rotate SIGIL_AGENT_SIGNER every 30 days or immediately if compromise is suspected. Dashboard → Agent Access → Rotate. Old credentials are invalidated on-chain instantly.

Pre-install checklist:

Generated a dedicated agent signer (not your owner wallet)
 Agent signer holds minimal gas only (< 1 POL/ETH/AVAX)
 Config file has restricted permissions (chmod 600)
 Sigil account policies configured (spending limits, whitelists)

### Installation (OpenClaw)

{
  "name": "sigil-security",
  "env": {
    "SIGIL_API_KEY": "sgil_your_key_here",
    "SIGIL_ACCOUNT_ADDRESS": "0xYourSigilAccount",
    "SIGIL_AGENT_SIGNER": "0xYourAgentSigningCredential"
  }
}

### Authenticate

POST https://api.sigil.codes/v1/agent/auth/api-key
Body: { "apiKey": "<SIGIL_API_KEY>" }
Response: { "token": "<JWT>" }

### Evaluate (Dry Run — No Gas Spent)

POST https://api.sigil.codes/v1/evaluate
Headers: Authorization: Bearer <JWT>
Body: { "userOp": { ... }, "chainId": 137 }
Response: { "verdict": "APPROVED|REJECTED", "riskScore": 15, "layers": [...] }

### Execute (Evaluate + Co-sign + Submit On-Chain)

POST https://api.sigil.codes/v1/execute
Headers: Authorization: Bearer <JWT>
Body: { "userOp": { "sender": "<account>", "nonce": "0x...", "callData": "0x...", "signature": "0x..." }, "chainId": 137 }
Response: { "verdict": "APPROVED", "txHash": "0x..." }

### Other Endpoints

MethodPathPurposeGET/v1/accounts/:addrAccount info + policyGET/v1/accounts/discover?owner=0x...&chainId=NFind walletsGET/v1/transactions?account=0x...Transaction history

### Transaction Flow

Read credentials from environment variables (set by human operator)
Authenticate with API key → receive JWT
Encode the target call using standard ABI encoding
Wrap in execute(target, value, data) callData
Get nonce from the Sigil account contract
Get UserOp hash from EntryPoint and sign locally with agent signer
POST to /v1/execute — Guardian evaluates and co-signs if approved
Response includes txHash on success or rejection guidance on failure

### Transfer ERC-20 tokens

const inner = erc20.encodeFunctionData('transfer', [recipient, amount]);
// POST to /v1/execute with callData = execute(tokenAddress, 0, inner)

### Send native token (POL/ETH/AVAX)

// POST to /v1/execute with callData = execute(recipient, parseEther('1'), '0x')

### Handling Rejections

ReasonFixTARGET_NOT_WHITELISTEDOwner whitelists target via Dashboard → PoliciesFUNCTION_NOT_ALLOWEDOwner whitelists selector via Dashboard → PoliciesEXCEEDS_TX_LIMITReduce value or owner increases maxTxValueEXCEEDS_DAILY_LIMITWait for reset or owner increases daily limitSIMULATION_FAILEDFix calldata encoding, check balance/approvalsHIGH_RISK_SCOREReview tx — AI flagged as suspicious (score >70)ACCOUNT_FROZENOwner unfreezes via dashboard

### RPC URLs

ChainIDRPCNative TokenEthereum1https://eth.drpc.orgETHPolygon137https://polygon.drpc.orgPOLAvalanche43114https://api.avax.network/ext/bc/C/rpcAVAXBase8453https://mainnet.base.orgETHArbitrum42161https://arb1.arbitrum.io/rpcETH0G16661https://0g.drpc.orgA0GI

### Best Practices

Start conservative — low limits, increase after pattern works
Whitelist explicitly — use target + function whitelists, not open policies
Cap approvals — never approve unlimited unless necessary
Read guidance on rejection — Guardian explains why and how to fix
Check status first — GET /v1/accounts/:addr before transacting
Use session keys for routine operations — they auto-expire

### Links

Dashboard: https://sigil.codes
Full LLM docs: https://sigil.codes/llms-full.txt
GitHub: https://github.com/Arven-Digital/sigil-public
X: https://x.com/sigilcodes
## Trust
- Source: tencent
- Verification: Indexed source record
- Publisher: efe-arv
- Version: 4.2.1
## Source health
- Status: healthy
- Item download looks usable.
- Yavira can redirect you to the upstream package for this item.
- Health scope: item
- Reason: direct_download_ok
- Checked at: 2026-04-29T15:38:01.931Z
- Expires at: 2026-05-06T15:38:01.931Z
- Recommended action: Download for OpenClaw
## Links
- [Detail page](https://openagent3.xyz/skills/sigil-security)
- [Send to Agent page](https://openagent3.xyz/skills/sigil-security/agent)
- [JSON manifest](https://openagent3.xyz/skills/sigil-security/agent.json)
- [Markdown brief](https://openagent3.xyz/skills/sigil-security/agent.md)
- [Download page](https://openagent3.xyz/downloads/sigil-security)