ahmetenesdur/authenticate-wallet
skills/authenticate-wallet/SKILL.md
Authenticate the fibx CLI wallet via email OTP (Privy) or private key import. Required before any wallet operation (balance, send, trade, aave). Private keys are encrypted at rest with AES-256-GCM.
tools
Updated Apr 28, 2026
$ install --global
skillsauthnpx skillsauth add ahmetenesdur/fibx-agentic-wallet-skills authenticate-walletInstall this skill globally with one command. Works with Claude Code, Cursor, and Windsurf.
Security Scan Results
3 of 9 scanners reported clean
Some scanners were skipped, did not run, or reported a non-clean status. Review each row below.
3
Scanners Passed
9
Scanners in report
Clean
TrivyContainer and dependency vulnerability scanner
95%
Clean
SemgrepStatic code analysis for vulnerabilities
95%
Clean
mcp-scan (Snyk)Model Context Protocol security validation
95%
Skipped
Snyk (dep)Open source security scanning
50%
Skipped
Socket.devSupply chain security analysis
50%
Skipped
VirusTotalMulti-engine malware detection
50%
Skipped
CrowdStrikeAdvanced threat intelligence
50%
Skipped
OSV-ScannerOpen Source Vulnerability database check
50%
Skipped
OWASP Dep-Check
50%
Last scanned: Apr 28, 2026, 5:52 AM156.5s1 file scanned
SKILL.md
- name:
- authenticate-wallet
- description:
- Authenticate the fibx CLI wallet via email OTP (Privy) or private key import. Required before any wallet operation (balance, send, trade, aave). Private keys are encrypted at rest with AES-256-GCM.
- license:
- MIT
- compatibility:
- Requires Node.js 18+ and npx. Uses `npx fibx@latest`.
- version:
- 0.7.0
- author:
- ahmetenesdur
- category:
- auth
Wallet Authentication
Manage the authentication session for the fibx CLI. Supports two methods: email OTP (via Privy server wallets) and private key import (local wallet).
Prerequisites
- No active session required — this skill creates one
Rules
- For email login, NEVER ask the user for a private key.
- For private key import, warn the user: "Your private key will be encrypted with AES-256-GCM and stored locally. The encryption key is auto-generated per machine. Shall I proceed?"
- You MUST complete
auth loginbeforeauth verify. They are sequential steps. - After successful
auth verifyorauth import, ALWAYS runnpx fibx@latest statusto confirm the session is active. - NEVER store or log private keys, OTP codes, or session tokens in conversation history.
Commands
Email OTP Login (2-step)
# Step 1: Send OTP to email
npx fibx@latest auth login <email>
# Step 2: Verify OTP code
npx fibx@latest auth verify <email> <code>
Private Key Import
npx fibx@latest auth import
INTERACTIVE COMMAND: This opens a prompt for the user to paste their private key. The agent CANNOT pass the key as a CLI argument. Instruct the user to enter it in the terminal prompt, or run it via the agent's terminal tool and let the user type the key.
Session Management
# Check current session status
npx fibx@latest status
# End session
npx fibx@latest auth logout
Parameters
| Parameter | Type | Description | Required |
| --------- | ------ | ------------------------------------ | ----------------- |
| email | string | User's email address | Yes (email OTP) |
| code | string | One-time password received via email | Yes (verify step) |
Session Details
- Privy sessions: JWT-based, 7-day expiry. After expiry, the user must re-authenticate via
auth login. - Private key sessions: No expiry. Session persists until
auth logout. - Storage: Sessions are stored in an OS-dependent config directory (e.g.
~/.config/fibx-nodejs/session.jsonon Linux,~/Library/Preferences/fibx-nodejs/session.jsonon macOS). - Encryption: Private keys are encrypted at rest using AES-256-GCM. The encryption key is auto-generated per machine in the OS config directory (e.g.
~/.config/fibx-nodejs/encryption-keyon Linux). Legacy plaintext keys are auto-migrated on first load. - CI/Docker: Set
FIBX_SESSION_SECRETenvironment variable (64-char hex) to use a custom encryption key instead of the auto-generated one.
Examples
User: "Log me in with [email protected]"
npx fibx@latest auth login [email protected]
# Wait for user to provide the OTP code (e.g. "123456")
npx fibx@latest auth verify [email protected] 123456
npx fibx@latest status
User: "Import my private key"
# Warn user first, then:
npx fibx@latest auth import
npx fibx@latest status
User: "Log me out"
npx fibx@latest auth logout
Error Handling
| Error | Action |
| ------------------- | ------------------------------------------------------ |
| Invalid code | Ask the user to check their email and retry verify. |
| Rate limit | Wait 60 seconds before retrying. |
| Session expired | Privy JWT expired (7 days). Restart from auth login. |
| Not authenticated | Run the full login flow before other skills. |
Related Skills
- Use
statusto verify your session is active before any operation. - Run
balanceafter authentication to see available funds. - Run
portfolioafter authentication to see a full cross-chain overview with USD values.
Related Skills
ahmetenesdur/quote
testing
VerifiedTrustedCommunity
Get a swap price quote without authentication. Check exchange rates, output amounts, and route info for any token pair on Base, Citrea, HyperEVM, or Monad. No wallet or session required.
SKILL.mdUpdated Apr 28, 2026
ahmetenesdur/tx-status
testing
VerifiedTrustedCommunity
Check the on-chain status of a transaction and get the block explorer link. Supports Base, Citrea, HyperEVM, and Monad.
SKILL.mdUpdated Mar 30, 2026
ahmetenesdur/trade
testing
VerifiedTrustedCommunity
Swap tokens using Fibrous aggregation on Base, Citrea, HyperEVM, or Monad. Finds optimal route, simulates before execution. Supports --simulate for gas-only estimation without sending.
SKILL.mdUpdated Mar 30, 2026
ahmetenesdur/send
testing
VerifiedTrustedCommunity
Send native tokens (ETH, cBTC, HYPE, MON) or ERC-20 tokens to an address on Base, Citrea, HyperEVM, or Monad. Simulates before sending. Supports --simulate for gas-only estimation.
SKILL.mdUpdated Mar 30, 2026