🪙 AgentWallet
Open Source CLI Tool

One command.
Multi-chain wallets.
Securely stored.

Create Ethereum, Solana, and all EVM chain wallets on your VPS or local machine. Private keys encrypted and stored locally — never exposed to AI models or third parties.

$ npm i -g @phlegonlabs/agentwallet

Works on Linux, macOS, and Windows. Requires Node.js 18+.

Getting started

From install to agent-ready in 5 steps. Your master password stays with you — your agent only gets a temporary token.

1

Install

Install AgentWallet globally via npm.

$ npm install -g @phlegonlabs/agentwallet

No global permissions? Use: npm install @phlegonlabs/agentwallet && alias agentwallet='npx agentwallet'

2

Initialize vault

Set your master password. This encrypts all private keys. You'll receive a recovery key — save it securely.

$ agentwallet init

Set your master password: ********

Confirm master password: ********

✓ Vault initialized at ~/.agentwallet/

Recovery key: rk_a8f3...x92k

Save this key securely — it is not stored on disk.

3

Create wallets

Create wallets on any supported chain, or all 12 at once.

$ agentwallet create --chain all

✓ 12 wallets created:

Ethereum 0x1a2b...9f3e

Polygon 0x1a2b...9f3e

Solana 7xKq...mN2v

...

4

Unlock & get token

Unlock the vault with your master password. You get a temporary session token (expires in 1 hour) — give this to your AI agent.

$ agentwallet unlock --json

Enter master password: ********

{

"token": "awlt_a8f3...x92k",

"expiresAt": "2026-03-15T11:30:00Z"

}

5

Agent is ready

Your agent can now use the token to manage wallets, sign transactions, and make payments. No password needed.

$ AGENTWALLET_TOKEN=awlt_a8f3...x92k agentwallet list --json

[{"address":"0x1a2b...","chainName":"Ethereum"}, ...]

Your keys, your control

Agents can create wallets and sign transactions with the session token, but exporting private keys or viewing your mnemonic requires your master password, a real terminal, and TOTP code if enabled. No agent can access them — this is enforced at the code level.

Supports 12 chains and growing

Ethereum
Ethereum
XLayer
XLayer
BSC
BSC
Solana
Solana
Base
Base
Arbitrum
Arbitrum
Polygon
Polygon
Optimism
Optimism
Avalanche
Avalanche
Fantom
Fantom
TON
TON
Scroll
Scroll

60 seconds to your first wallet

Three commands. That's all it takes.

terminal
$ agentwallet init

Set your master password: ********

✓ Vault initialized at ~/.agentwallet/

$ agentwallet create

? Select chain:

> Ethereum

  Polygon

  BSC

  Solana

  All chains (EVM + Solana)

✓ Ethereum wallet created:

  Address: 0x1a2b...9f3e

  Private key encrypted → ~/.agentwallet/vault/

$ agentwallet list

Found 1 wallet(s):

Ethereum     0x1a2b...9f3e  (3/15/2026)

Everything you need. Nothing you don't.

Built for people who want wallets on their VPS without the complexity.

Multi-chain support

One mnemonic, all chains. Create wallets for Ethereum, Solana, and all major EVM networks from a single seed phrase.

Encrypted storage

Private keys encrypted with Argon2id + XSalsa20-Poly1305. Files locked to chmod 400. Military-grade protection on your own machine.

Transfer guards

Set per-transaction and daily transfer limits. Rate limiting prevents runaway transfers. Optional address whitelist with 24h cooldown.

TOTP two-factor auth

Gate sensitive operations like export, mnemonic, and delete behind an authenticator code. One toggle to enable.

Recovery key flow

Init returns a recovery key — no plaintext master password stored on disk. Secure by default for agent deployments.

LLM isolation

Private keys never enter AI model context. Agent signing runs locally. Your keys stay between you and your machine.

Secure export

Export keys with password verification + TOTP if enabled. Terminal auto-clears after 10 seconds. No accidental exposure.

Backup & restore

Export encrypted backups. Restore on any machine. Your vault travels with you, safely.

Interactive CLI

Choose your chain from an interactive menu or use flags for automation. Batch create multiple wallets with --count.

Built for AI Agents

AgentWallet is an OpenClaw Skill. Any AI agent can install it and manage crypto wallets through a standard protocol.

User Request

"Send 0.1 ETH to Alice"

via Telegram, Slack, or any chat

AI Agent

Invokes agentwallet skill

via OpenClaw protocol

Wallet Action

Signs & broadcasts transaction

keys never leave the vault

install
$ npx @anthropic-ai/claw install @phlegonlabs/agentwallet

✓ Skill installed: @phlegonlabs/agentwallet

Agent can now manage wallets across 12 chains.

x402 Payment Protocol

When an API returns HTTP 402, your agent automatically signs and pays. No manual intervention needed.

How it works

1

HTTP 402 received

API responds with payment requirements

2

Agent signs payment

Calls x402-sign with token, amount, and recipient

3

Payment completed

Signed payload sent back, API access granted

Supported tokens

Native

ETH, MATIC, SOL...

USDC

Circle stablecoin

USDT

Tether stablecoin

x402-enabled chains

EthereumBasePolygonOptimismArbitrumAvalancheXLayerSolana
x402-sign

# Sign a USDC payment on Base

$ echo '{ "network": "base", "token": "USDC", "amount": "1000000", "recipient": "0xAPI..." }' | agentwallet x402-sign \ --wallet 0x1a2b...9f3e \ --token awlt_... \ --json

# Response

{

"signature": "0x3f8a...",

"payload": {

"network": "base",

"token": "USDC",

"amount": "1000000"

}

}

Operation Audit Log

Every wallet operation is recorded with timestamps and severity levels. Your agent can query the log and alert you when it matters.

Three severity levels

info

Balance checks, wallet listings, session unlocks

warn

Transfers, transaction signing, x402 payments

critical

Key exports, wallet deletions, backup restores

Built-in capabilities

  • All operations logged automatically
  • Filter by severity and time range
  • JSON output for agent integration
  • Auto-prune old entries (>90 days)
audit-log
$ agentwallet audit-log --days 1 --json
{

"total": 3,

"period": "last 1 day(s)",

"entries": [

{

"timestamp": "2026-03-15T10:23:01Z",

"event": "wallet.transfer",

"severity": "warn",

"status": "success",

"data": {

"chain": "ethereum",

"amount": "0.1"

}

},

...

]

}

# View only critical events

$ agentwallet audit-log --severity critical --json

Security by design, not by promise

Seven layers of protection for your private keys.

1

Encryption

Argon2id key derivation + XSalsa20-Poly1305 authenticated encryption

2

File permissions

chmod 400 on key files, chmod 700 on vault directory

3

Memory safety

Private keys zeroed after use with sodium_memzero. mlock prevents swap leaks.

4

LLM isolation

Keys never enter model context. Agent signing runs as a local-only process.

5

Transfer guards

Per-tx limits, daily limits, and rate limiting prevent runaway transfers.

6

Address whitelist

Optional whitelist with 24h cooldown for newly added addresses.

7

TOTP 2FA

Export, mnemonic, and delete gated by authenticator code when enabled.

Agent permission model

Agents get a temporary session token for daily operations. Sensitive actions require your master password, a real terminal, and TOTP verification — no agent can access them.

Create wallets
Agent
Transfer tokens
Agent
Sign transactions
Agent
x402 payments
Agent
Guard management
Agent
Export private key
You only
View mnemonic
You only
TOTP management
You only

How it works: You unlock the vault with your master password and get a session token (expires in 1 hour). The agent uses this token for daily operations. Exporting keys requires your password, a real terminal (TTY), and TOTP code if enabled — agents are automatically blocked.

Ready to secure your wallets?

Install in seconds. Create your first wallet in under a minute.

$ npm i -g @phlegonlabs/agentwallet
Free & open source MIT licensed Self-custodial