From 91a56ff5528af68f9b5cfb0ccfda7c28638fe1bd Mon Sep 17 00:00:00 2001
From: Minho Yoo <minho.yoo@Minhoui-noteubug.local>
Date: Tue, 17 Mar 2026 00:55:29 +0900
Subject: [PATCH 1/3] =?UTF-8?q?feat(skills):=20add=20waiaas=20=E2=80=94=20?=
 =?UTF-8?q?self-hosted=20crypto=20wallet=20for=20AI=20agents?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Add WAIaaS skill that provides self-hosted wallet daemon integration
via MCP. WAIaaS separates key custody into an isolated local daemon
with a policy engine (default-deny, spending limits, human approval).

Features:
- EVM + Solana unified API (59+ MCP tools)
- DeFi: swap, lend, stake, bridge, perp, prediction markets
- NFT: list, metadata, transfer (ERC-721/1155/Metaplex)
- x402 automatic HTTP 402 payments
- ERC-4337 Account Abstraction
- Kill switch for instant wallet freeze

Unlike cloud wallet services, WAIaaS runs entirely on the user's
machine with no third-party API keys or custodial risk.

Website: https://waiaas.ai
GitHub: https://github.com/minhoyoo-iotrust/WAIaaS
ClawHub: https://clawhub.ai/minhoyoo-iotrust/waiaas-wallet
---
 skills/waiaas/SKILL.md | 107 +++++++++++++++++++++++++++++++++++++++++
 1 file changed, 107 insertions(+)
 create mode 100644 skills/waiaas/SKILL.md

diff --git a/skills/waiaas/SKILL.md b/skills/waiaas/SKILL.md
new file mode 100644
index 00000000000..85c599f2048
--- /dev/null
+++ b/skills/waiaas/SKILL.md
@@ -0,0 +1,107 @@
+---
+name: waiaas
+description: "Self-hosted crypto wallet daemon for AI agents. Manage wallets, send transactions, interact with DeFi protocols — without exposing private keys. EVM + Solana unified API via MCP. Use when: user asks to send crypto, check wallet balance, swap tokens, interact with DeFi, or manage on-chain assets. NOT for: fiat payments, bank transfers, or centralized exchange trading."
+homepage: https://waiaas.ai
+metadata: { "openclaw": { "emoji": "🔐", "homepage": "https://waiaas.ai", "requires": { "bins": ["waiaas"], "env": ["WAIAAS_SESSION_TOKEN"] }, "install": [{ "id": "waiaas-cli", "kind": "node", "package": "@waiaas/cli", "bins": ["waiaas"], "label": "Install WAIaaS CLI (source: https://github.com/minhoyoo-iotrust/WAIaaS)" }] } }
+---
+
+# WAIaaS — Self-Hosted Crypto Wallet for AI Agents
+
+> **Your private keys should never live inside your agent process.** WAIaaS is a local daemon that holds keys in an isolated process, enforces spending policies, and requires human approval for high-value transactions. If your agent is compromised, the attacker cannot drain the wallet.
+
+## When to Use
+
+**USE this skill when:**
+
+- "What's my wallet balance?"
+- "Send 100 USDC to 0xAlice"
+- "Swap 500 USDC for ETH on Base"
+- "Supply 1 ETH to Aave on Arbitrum"
+- "Show my DeFi positions"
+- "What NFTs do I own?"
+
+**NOT for:**
+
+- Fiat payments or bank transfers
+- Centralized exchange trading (Binance, Coinbase, etc.)
+- Creating or deploying smart contracts from scratch
+
+## Setup
+
+The **daemon operator** (human) must set up WAIaaS before agents can use it:
+
+```bash
+npm install -g @waiaas/cli
+waiaas init
+waiaas start
+waiaas quickset --mode mainnet
+```
+
+`quickset` creates Solana + EVM wallets, issues MCP session tokens, and prints a ready-to-use MCP config.
+
+**Configure spending policies** via Admin UI at `http://127.0.0.1:3100/admin` before connecting agents. WAIaaS uses default-deny — agents cannot transact until policies are configured.
+
+Connect the MCP server (pass token via environment variable):
+
+```bash
+export WAIAAS_SESSION_TOKEN="<session-token-from-quickset>"
+openclaw config set mcpServers.waiaas.command "npx"
+openclaw config set mcpServers.waiaas.args '["@waiaas/mcp"]'
+openclaw config set mcpServers.waiaas.env.WAIAAS_SESSION_TOKEN "\${WAIAAS_SESSION_TOKEN}"
+```
+
+Or auto-register all wallets: `waiaas mcp setup --all`
+
+> **Security:** Store session tokens in environment variables or a secrets manager, not in plaintext config files. Tokens are time-limited JWTs and can be revoked from Admin UI.
+
+## How to Use
+
+**Always call `connect_info` first.** It returns your accessible wallets, active policies, capabilities, and available DeFi actions.
+
+### Core operations
+
+- Check balance: `get_balance` or `get_assets` (includes tokens)
+- Send crypto: `send_token` with `to`, `amount`, optionally `token` and `network`
+- Simulate first: `simulate_transaction` to preview fees, policy tier, and balance changes before executing
+- Sign messages: `sign_message` for personal_sign or EIP-712 typed data
+- Transaction history: `list_transactions`, `list_incoming_transactions`
+
+### DeFi
+
+DeFi tools are registered as action providers. Call `connect_info` to see which are available.
+
+- **Swap**: Jupiter (Solana), 0x (EVM), DCent Aggregator
+- **Bridge**: LI.FI cross-chain, Across Protocol
+- **Lending**: Aave V3 (EVM), Kamino (Solana) — supply, borrow, repay, withdraw
+- **Staking**: Lido (ETH), Jito (SOL)
+- **Yield**: Pendle yield trading
+- **Perp**: Drift (Solana), Hyperliquid (positions, orders, markets, funding rates)
+- **Prediction**: Polymarket (markets, orders, positions, P&L)
+
+### NFT
+
+- `list_nfts` — ERC-721, ERC-1155, Metaplex
+- `get_nft_metadata` — Name, image, attributes
+- `transfer_nft` — Requires APPROVAL tier by default
+
+### Advanced
+
+- `x402_fetch` — Auto-pay HTTP 402 responses with crypto
+- `wc_connect` — WalletConnect pairing for owner approval via mobile wallet
+- `build_userop` / `sign_userop` — ERC-4337 Account Abstraction
+- `get_rpc_proxy_url` — RPC proxy URL for Forge/Hardhat (all tx go through policy engine)
+- `encode_calldata` — Encode EVM function calls to hex for `call_contract`
+
+## Security Model
+
+- **Session tokens**: Agents use time-limited JWTs. Never the master password.
+- **Default-deny policy**: Token whitelist, contract whitelist, spending limits, rate limits.
+- **4 transaction tiers**: AUTO_SIGN → TIME_DELAY → APPROVAL → BLOCKED.
+- **Kill switch**: Instantly freeze any wallet from Admin UI (`http://localhost:3100/admin`).
+
+## Links
+
+- Website: https://waiaas.ai
+- GitHub: https://github.com/minhoyoo-iotrust/WAIaaS
+- npm: `@waiaas/cli` · `@waiaas/sdk` · `@waiaas/mcp`
+- ClawHub: https://clawhub.ai/minhoyoo-iotrust/waiaas-wallet

From 661f145fd7624f87cbccc1bfaa6d4db07e8ab23e Mon Sep 17 00:00:00 2001
From: Minho Yoo <minho.yoo@Minhoui-noteubug.local>
Date: Tue, 17 Mar 2026 01:12:09 +0900
Subject: [PATCH 2/3] fix: recommend testnet first, unify Admin UI URL

- Change quickset default to --mode testnet for safety
- Add explicit warning about mainnet requiring policy setup first
- Unify Admin UI URL to http://localhost:3100/admin
---
 skills/waiaas/SKILL.md | 8 +++++---
 1 file changed, 5 insertions(+), 3 deletions(-)

diff --git a/skills/waiaas/SKILL.md b/skills/waiaas/SKILL.md
index 85c599f2048..2d56087cf47 100644
--- a/skills/waiaas/SKILL.md
+++ b/skills/waiaas/SKILL.md
@@ -34,12 +34,14 @@ The **daemon operator** (human) must set up WAIaaS before agents can use it:
 npm install -g @waiaas/cli
 waiaas init
 waiaas start
-waiaas quickset --mode mainnet
+waiaas quickset --mode testnet     # Start with testnet (Solana Devnet + EVM Sepolia)
 ```
 
-`quickset` creates Solana + EVM wallets, issues MCP session tokens, and prints a ready-to-use MCP config.
+`quickset` creates wallets, issues MCP session tokens, and prints a ready-to-use MCP config. Start with `--mode testnet` to verify the setup safely. Switch to `--mode mainnet` only after configuring spending policies.
 
-**Configure spending policies** via Admin UI at `http://127.0.0.1:3100/admin` before connecting agents. WAIaaS uses default-deny — agents cannot transact until policies are configured.
+**Configure spending policies** via Admin UI at `http://localhost:3100/admin` before connecting agents. WAIaaS uses default-deny — agents cannot transact until policies are configured.
+
+> **Warning:** Do not use `--mode mainnet` until you have configured spending limits, token whitelists, and owner approval policies. Mainnet wallets handle real funds.
 
 Connect the MCP server (pass token via environment variable):
 

From 1df4fc0ff4125fad401feb94168959af33e24ef6 Mon Sep 17 00:00:00 2001
From: Minho Yoo <minho.yoo@Minhoui-noteubug.local>
Date: Tue, 17 Mar 2026 01:15:31 +0900
Subject: [PATCH 3/3] fix: add -y flag to npx args for non-interactive MCP
 startup

npx prompts before installing missing packages in non-interactive
environments. Adding -y ensures @waiaas/mcp installs automatically
on first run without blocking OpenClaw's MCP subprocess startup.
---
 skills/waiaas/SKILL.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/skills/waiaas/SKILL.md b/skills/waiaas/SKILL.md
index 2d56087cf47..092a1cec716 100644
--- a/skills/waiaas/SKILL.md
+++ b/skills/waiaas/SKILL.md
@@ -48,7 +48,7 @@ Connect the MCP server (pass token via environment variable):
 ```bash
 export WAIAAS_SESSION_TOKEN="<session-token-from-quickset>"
 openclaw config set mcpServers.waiaas.command "npx"
-openclaw config set mcpServers.waiaas.args '["@waiaas/mcp"]'
+openclaw config set mcpServers.waiaas.args '["-y", "@waiaas/mcp"]'
 openclaw config set mcpServers.waiaas.env.WAIAAS_SESSION_TOKEN "\${WAIAAS_SESSION_TOKEN}"
 ```