bankrbot/agent-wormhole
agent-wormhole/SKILL.md
Use Agent Wormhole for one-time sealed handoffs between autonomous agents, including encrypted mission briefs, scoped secrets, temporary artifacts, receipts, config drops, CLI/API usage, ECHO holder access, and Bankr x402 paid opens.
$ install --global
skillsauthnpx skillsauth add bankrbot/openclaw-skills agent-wormholeInstall this skill globally with one command. Works with Claude Code, Cursor, and Windsurf.
Security Scan Results
3 of 9 scanners reported clean
Some scanners were skipped, did not run, or reported a non-clean status. Review each row below.
3
Scanners Passed
9
Scanners in report
Clean
TrivyContainer and dependency vulnerability scanner
95%
Clean
SemgrepStatic code analysis for vulnerabilities
95%
Clean
mcp-scan (Snyk)Model Context Protocol security validation
95%
Skipped
Snyk (dep)Open source security scanning
50%
Skipped
Socket.devSupply chain security analysis
50%
Skipped
VirusTotalMulti-engine malware detection
50%
Skipped
CrowdStrikeAdvanced threat intelligence
50%
Skipped
OSV-ScannerOpen Source Vulnerability database check
50%
Skipped
OWASP Dep-Check
50%
Last scanned: Jun 1, 2026, 3:32 AM136.6s1 file scanned
SKILL.md
- name:
- agent-wormhole
- description:
- Use Agent Wormhole for one-time sealed handoffs between autonomous agents, including encrypted mission briefs, scoped secrets, temporary artifacts, receipts, config drops, CLI/API usage, ECHO holder access, and Bankr x402 paid opens.
- emoji:
- 🕳️
- tags:
- [agents, handoff, encrypted, x402, base, echo]
- visibility:
- public
Agent Wormhole
Agent Wormhole opens a temporary encrypted passage for agent handoffs. The payload can be claimed once, then the channel collapses.
Before First Use
This skill executes the @builtbyecho/agent-wormhole npm package. Before running any agent-wormhole or npx @builtbyecho/agent-wormhole command for the first time in a session, tell the user:
About to install/run
@builtbyecho/agent-wormhole(v0.1.2) from npm. It is an encrypted one-time-handoff CLI that writes payloads to a local.agent-wormholes/directory and (for holder/paid opens) callsstorage.builtbyecho.xyzand the Bankr x402 endpoint. It does NOT sign transactions or access private keys.Proceed? (y/n)
Wait for explicit confirmation before the first invocation. Subsequent calls in the same session do not need to re-prompt.
Pin the version when invoking via npx:
npx -p @builtbyecho/[email protected] agent-wormhole <args>
Links
- Website:
https://www.builtbyecho.xyz - Product page:
https://www.builtbyecho.xyz/agent-wormhole.html - Source:
https://github.com/BuiltByEcho/agent-wormhole - Package:
https://www.npmjs.com/package/@builtbyecho/agent-wormhole - Hosted skill file:
https://www.builtbyecho.xyz/skills/agent-wormhole/SKILL.md
Use this skill when a task involves:
- sending or receiving one-time agent handoffs
- passing mission briefs, configs, receipts, files, or scoped secrets
- using the
agent-wormholeCLI or HTTP API - checking ECHO holder sponsored access
- checking Bankr x402 paid open status
- deploying or operating the VPS service
Quick Commands
From a project that has the package installed:
agent-wormhole send --text "mission brief" --ttl 10m
agent-wormhole send --file ./artifact.tgz --note "handoff bundle"
agent-wormhole inspect <code>
agent-wormhole receive <code> --out ./received
agent-wormhole cleanup --delete-claimed-older-than 15m
For one-off use without installing globally:
npx -p @builtbyecho/[email protected] agent-wormhole send --text "mission brief"
Mental Model
- Codes are
id.secret. idlocates stored metadata.secretderives the AES-256-GCM decrypt key and is not stored.- Default TTL is 10 minutes.
- Max TTL is 24 hours unless explicitly configured lower.
- Default max payload is 5 MB.
- Receipts are written for opens and claims.
Access Paths
- Local CLI/library opens record
access.path = local. - Direct API holder opens require an EIP-191 signature from a wallet holding at least
50,000,000 ECHOon Base and recordaccess.path = echo_holder. - Bankr x402 paid opens are handled by
agent-wormhole-openand recordaccess.path = x402_paid. - Claiming is free.
Live Endpoints
- Direct holder/API route:
https://storage.builtbyecho.xyz/agent-wormhole - Bankr x402 paid open:
https://x402.bankr.bot/0x2a16625fad3b0d840ac02c7c59edea3781e340ae/agent-wormhole-open - Self-hosted local service default:
http://127.0.0.1:8791
Verification
From the package root:
npm test
node --check src/cli.js
node --check src/index.js
node --check src/server.js
npm pack --json --dry-run
For live health:
curl -sS https://storage.builtbyecho.xyz/agent-wormhole/health
For Bankr status, check both registry and execution:
bankr --config "$BANKR_OWNER_CONFIG" x402 list
bankr x402 schema https://x402.bankr.bot/0x2a16625fad3b0d840ac02c7c59edea3781e340ae/agent-wormhole-open
bankr --config "$BANKR_PAYER_CONFIG" x402 call -X POST -d '{"payload":"dGVzdA=="}' --max-payment 0.01 -y --raw https://x402.bankr.bot/0x2a16625fad3b0d840ac02c7c59edea3781e340ae/agent-wormhole-open
Set BANKR_OWNER_CONFIG to the endpoint owner/operator config and BANKR_PAYER_CONFIG to a separate payer config. Do not treat registry active status alone as proof that paid x402 execution works. A real paid call from a non-owner wallet is the proof.
Safety
- Do not paste wormhole codes into public channels unless the user explicitly wants the payload claimable by anyone there.
- Do not log plaintext secrets or payloads.
- Prefer short TTLs for secrets.
- Use local cleanup commands for received artifacts when they are no longer needed.
- Do not test Bankr paid endpoints with the same wallet that owns/deployed the endpoint.
Related Skills
bankrbot/hunch
data-ai
VerifiedTrustedCommunity
Discover, bet on, track, and settle Hunch prediction markets in natural language. Trigger when a user wants to bet, take a position, or get odds on a crypto outcome — token market-cap milestones and flips, launchpad races (Bankr vs pump.fun volume / #1-days / launches over a cap), token head-to-head outperformance, mcap strike-ladders, and up/down price rounds. Also trigger on "what can I bet on about $TOKEN", "odds on …", "take YES/NO on …", "show my Hunch bets", "did my market resolve". Settles in USDC on Base via x402 (≤ $10 / bet); every bet returns an on-chain proof.
1,145SKILL.mdUpdated Jun 6, 2026
bankrbot/1claw
tools
VerifiedTrustedCommunity
HSM-backed secret management for AI agents. Store API keys (including Bankr `bk_` keys), passwords, and credentials in an encrypted vault; retrieve them at runtime via MCP without keeping secrets in chat context. Bankr Dynamic Key Vending issues short-lived scoped `bk_usr_` keys from a partner key (`bk_ptr_`) without manual rotation. Policy-based access control, secret rotation, sharing, EVM transaction intents (sign/simulate/broadcast), multi-chain signing keys, treasury multisig proposals, OIDC federation for external service auth, built-in prompt injection detection, and optional Shroud TEE LLM proxy. Use when the agent needs secure credential storage, just-in-time secret access, guarded on-chain signing, or security scanning — not for Bankr trading prompts, portfolio checks, or x402 calls (use the bankr skill instead).
1,145SKILL.mdUpdated Jun 5, 2026
bankrbot/signa
development
VerifiedTrustedCommunity
Give your Bankr agent its own brain and a wallet-signed line to every other agent — on any framework, with no API key. SIGNA is the keyless agent layer on Base: resolve any identity to a messageable wallet, send and read wallet-signed DMs, invoke capabilities on the network, and run a brain that reasons on decentralized inference and acts through those capabilities. The Bankr wallet is the only credential. Triggers: "message that agent", "DM this wallet/handle", "reach the agent behind @x", "what is the base market", "resolve @handle to a wallet", "ask the network", "let my agent think and report".
1,144SKILL.mdUpdated Jun 10, 2026
bankrbot/bankr
development
VerifiedTrustedCommunity
AI-powered crypto trading agent, wallet API, and LLM gateway via natural language. Use when the user wants to trade crypto, check portfolio balances (with PnL and NFTs), view token prices, search tokens, transfer crypto, manage NFTs, use leverage (Hyperliquid or Avantis), bet on Polymarket, deploy tokens, set up automated trading, sign and submit raw transactions, call or deploy x402 paid API endpoints, browse the web, or access LLM models through the Bankr LLM gateway funded by your Bankr wallet. Supports Base, Ethereum, Polygon, Solana, Unichain, World Chain, Arbitrum, and BNB Chain.
1,144SKILL.mdUpdated Apr 20, 2026