2.6k
GitHub Stars
3
Bundled Files
2 months ago
Catalog Refreshed
3 months ago
First Indexed
Readme & install
Copy the install command, review bundled files from the catalogue, and read any extended description pulled from the listing source.
Installation
Preview and clipboard use veilstrat where the catalogue uses aiagentskills.
npx veilstrat add skill openclaw/skills --skill sigil-security- _meta.json1.5 KB
- package.json1.1 KB
- SKILL.md8.4 KB
Overview
This skill integrates Sigil Protocol to secure AI agent wallets and evaluate ERC-4337 UserOps across six EVM chains. Every submitted transaction passes a three-layer Guardian (rules, simulation, AI risk scoring) before co-signing and on-chain submission. The agent signs UserOps locally so private keys never leave the agent environment.
How this skill works
The agent builds and locally signs an ERC-4337 UserOp with a dedicated agent EOA, then calls Sigil’s API to evaluate or execute it. Sigil’s Guardian runs rule checks, performs an on-chain simulation, and computes an AI risk score; if approved, Sigil co-signs and submits the UserOp to the EntryPoint. Dry-run evaluation endpoint returns verdict and layer breakdown without spending gas.
When to use it
- When an AI agent must perform on-chain actions without exposing owner keys
- To enforce policy, whitelists, and transaction limits for automated agents
- For pre-flight simulation and AI-based risk scoring before spending gas
- When deploying agent wallets on Ethereum, Polygon, Avalanche, Base, Arbitrum, or 0G
- When you need auditability and owner-controlled recovery or freezes
Best practices
- Generate a fresh agent keypair for each agent and keep the private key local; fund it with minimal gas only
- Start with conservative policy limits and explicit whitelists on the dashboard, then expand after testing
- Use /v1/evaluate for dry runs to debug calldata, approvals, and simulation failures before execute
- Handle Guardian rejections programmatically: surface guidance to owners for whitelisting or limit adjustments
- Rotate agent keys via the dashboard if compromise is suspected; owner-only actions remain protected
Example use cases
- Approve an ERC-20 allowance via a signed UserOp and have the Guardian enforce function whitelist
- Automate routine token transfers or swaps while maintaining daily and per-tx caps
- Dry-run complex multicall transactions to verify simulation success and risk score before execution
- Submit native token top-ups or wrap/unwrap operations across supported chains through the EntryPoint
- Collect transaction history and policy state for audits using Sigil account endpoints
FAQ
No. The agent signs UserOps locally; Sigil requires the signature but never receives or stores the private key.
What happens if a transaction is rejected?
The response includes a rejection reason and guidance. Common fixes are whitelisting the target/function or reducing amounts per policy limits.