
Security News
PolinRider: North Korea-Linked Supply Chain Campaign Expands Across Open Source Ecosystems
PolinRider expands across npm, Packagist, Go modules, and Chrome extensions, using hidden loaders to target developer environments.
clanker-wallet
Advanced tools
Human-approved blockchain transactions for AI agents. Agent proposes a tx, human reviews and signs it from the [web app](https://clanker-wallet.xyz). All communication is end-to-end encrypted.
Human-approved blockchain transactions for AI agents. Agent proposes a tx, human reviews and signs it from the web app. All communication is end-to-end encrypted.
npm install -g clanker-wallet
Or run without installing:
npx clanker-wallet
bunx clanker-wallet
# 1. Human goes to https://clanker-wallet.xyz, connects wallet, copies pairing JSON
# 2. Pair (one-time)
clanker-wallet pair '{"version":1,"pubkey":"ab12...","relay":"wss://...","wallet":"0x..."}'
# 3. Send a transaction (blocks until human approves or rejects)
clanker-wallet tx --chain 1 --to 0xRecipient --value 1000000000000000000 --reason "swap ETH for USDC"
# 4. Check status anytime
clanker-wallet status
pairPair with a human's web app. Run once — identity and pairing are saved to ~/.clanker-wallet/.
clanker-wallet pair '<pairing JSON from web app>'
# → {"agent_id":"agent_abc123","status":"paired","wallet":"0x...","relay":"wss://..."}
txSend a transaction request. Blocks until the human approves or rejects.
clanker-wallet tx \
--chain 1 \
--to 0xRecipient \
--value 1000000000000000000 \
--data 0x \
--reason "swap ETH for USDC" \
--urgency medium \
--timeout 120000
# approved → {"tx_hash":"0x...","status":"approved"}
# rejected → {"status":"rejected","error":"..."} (exit code 1)
# timeout → {"status":"timeout","error":"..."} (exit code 2)
Flags:
| Flag | Required | Default | Description |
|---|---|---|---|
--chain <id> | yes | — | Chain ID (1=Ethereum, 137=Polygon, 8453=Base) |
--to <address> | yes | — | Recipient address |
--value <wei> | no | 0 | Value in wei (1 ETH = 1000000000000000000) |
--data <hex> | no | 0x | Calldata hex |
--reason <text> | no | — | Shown to human |
--urgency <level> | no | — | low, medium, or high |
--expected-outcome <text> | no | — | What will happen |
--timeout <ms> | no | 3600000 | How long to wait |
statusCheck current pairing status.
clanker-wallet status
# → {"agent_id":"agent_abc123","paired":true,"wallet":"0x...","relay":"wss://..."}
whoamiShow agent identity.
clanker-wallet whoami
# → {"agent_id":"agent_abc123","public_key":"ab12cd..."}
| Code | Meaning |
|---|---|
| 0 | Success |
| 1 | Rejected by human |
| 2 | Timeout |
| 3 | Connection/relay error |
| 4 | Not paired |
| 5 | Invalid arguments |
Identity and pairing are persisted in ~/.clanker-wallet/:
~/.clanker-wallet/
identity.json # agent keypair (auto-generated on first use)
pairing.json # human's public key + relay URL
| Chain | ID |
|---|---|
| Ethereum | 1 |
| Polygon | 137 |
| Arbitrum | 42161 |
| Base | 8453 |
| Optimism | 10 |
| Sepolia (testnet) | 11155111 |
The CLI wraps a TypeScript library. For programmatic use:
npm install clanker-wallet
import { ClankerWallet } from 'clanker-wallet'
const wallet = new ClankerWallet({ agentName: 'my-bot' })
wallet.pair(pairingJson)
const txHash = await wallet.requestTx({
chain_id: 1,
transaction: { to: '0x...', value: '1000000000000000000', data: '0x' },
context: { reason: 'Buy tokens', urgency: 'medium' },
})
See full API: src/
pip install clanker-wallet
from clanker_wallet import ClankerWallet, Transaction, RequestTxOptions, TxContext
agent = ClankerWallet()
agent.pair(pairing_json)
tx_hash = await agent.request_tx(RequestTxOptions(
chain_id=1,
transaction=Transaction(to="0x...", value="1000000000000000000", data="0x"),
context=TxContext(reason="Buy tokens"),
))
clanker-wallet pair — establishes E2E encrypted channelclanker-wallet tx — encrypts tx with nacl.box, sends via WebSocket relayAll messages are encrypted end-to-end. The relay server never sees plaintext.
MIT
FAQs
Human-approved blockchain transactions for AI agents. Agent proposes a tx, human reviews and signs it from the [web app](https://clanker-wallet.xyz). All communication is end-to-end encrypted.
The npm package clanker-wallet receives a total of 8 weekly downloads. As such, clanker-wallet popularity was classified as not popular.
We found that clanker-wallet demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?

Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.

Security News
PolinRider expands across npm, Packagist, Go modules, and Chrome extensions, using hidden loaders to target developer environments.

Security News
Open source attacks are accelerating as AI coding agents pull in dependencies faster, with less human review.

Research
/Security News
Malicious Chrome and Firefox extensions posed as free VPNs while stealing clipboard data through later extension updates.