WalletConnect Requester

Zero custody. Maximum security. User always in control.

Why This Skill?

Unlike walletconnect-agent which holds private keys and auto-signs, this skill takes a fundamentally different approach:

	walletconnect-agent	walletconnect-requester (this skill)
Private Keys	⚠️ Stored in agent	✅ Never touches agent
Signing

⚠️ Auto-signs everything | ✅ User approves each tx |
| Security Model | Custodial (agent has full control) | Non-custodial (user has full control) |
| If Agent is Compromised | ⚠️ Funds can be stolen | ✅ Funds are safe - no keys to steal |

This is the safest way for AI agents to interact with Web3.

What This Does

• - Connect to user wallets via WalletConnect v2
• Request transactions - user approves in their wallet
• Request signatures - user signs in their wallet
• Zero private key exposure - keys never leave the user's wallet

Security Guarantees

CODEBLOCK0

Installation

Step 1: Install Dependencies

This skill requires Node.js dependencies. Install them globally or locally:

CODEBLOCK1

Step 2: Get WalletConnect Project ID

1. 1. Go to WalletConnect Cloud
2. Create a new project
3. Copy your Project ID

Step 3: Set Environment Variable

CODEBLOCK2

Step 4: Run the Skill

CODEBLOCK3

---

Quick Start

Step 1: Create a Session

CODEBLOCK4

Output:
CODEBLOCK5

Step 2: Request a Transaction

CODEBLOCK6

User sees in wallet:
CODEBLOCK7

Step 3: Request a Signature

CODEBLOCK8

Commands

connect - Create WalletConnect Session

CODEBLOCK9

request-tx - Request Transaction

CODEBLOCK10

request-sign - Request Signature

CODEBLOCK11

sessions - List Active Sessions

CODEBLOCK12

disconnect - End Session

CODEBLOCK13

Security Model

What Agent CAN Do

• - ✅ Request transactions (user must approve)
• ✅ Request signatures (user must approve)
• ✅ View connected wallet address
• ✅ View session metadata

What Agent CANNOT Do

• - ❌ Hold private keys
• ❌ Auto-sign anything
• ❌ Execute transactions without approval
• ❌ Access funds directly

If Agent is Compromised

• - ✅ Attacker cannot steal funds (no keys)
• ✅ Attacker cannot auto-sign transactions
• ✅ User can reject any suspicious request
• ✅ User can disconnect session anytime

Local Data Persistence

This skill writes files to ~/.walletconnect-requester/:

File	Purpose	Sensitivity
INLINECODE7	Active WalletConnect sessions	⚠️ Contains session topics
INLINECODE8

Transaction audit log | ⚠️ Contains masked tx hashes |

Security recommendations:

• - Review audit.log before sharing
• Delete sessions.json when no longer needed
• Set appropriate file permissions: INLINECODE11

Sensitive Data Handling

Data Type	How It's Handled
WalletConnect URI	Contains symKey - displayed once during connection, not logged
Session tokens

Stored locally in sessions.json, not transmitted externally | | Transaction hashes | Logged in audit.log with masked addresses | | Private keys | ❌ Never handled by this skill |

Privacy Considerations

• - WalletConnect URI (with symKey) is printed to stdout for QR code generation
• Audit logs mask full addresses (e.g., 0x8335... instead of full address)
• No data is sent to external servers except WalletConnect relay network

Configuration

Environment Variables

Variable	Required	Description
INLINECODE17	Yes	WalletConnect Cloud Project ID
INLINECODE18

No | DApp name shown in wallet | | WC_METADATA_URL | No | DApp URL | | WC_METADATA_ICONS | No | DApp icon URL |

Namespaces Configuration

The skill requests minimal permissions by default:

CODEBLOCK14

Example Workflows

Connect and Request Payment

CODEBLOCK15

Verify Wallet Ownership

CODEBLOCK16

Comparison with Other Solutions

Feature	This Skill	walletconnect-agent	MetaMask SDK
Private Key Storage	❌ Never	⚠️ In Agent	❌ Never
Auto-sign

❌ Never | ✅ Yes | ❌ No | | User Approval Required | ✅ Always | ❌ No | ✅ Always | | Multi-wallet Support | ✅ Any WC wallet | ✅ Any WC wallet | ❌ MetaMask only | | Security Level | Highest | Medium | High | | Best For | User-controlled tx | Automated trading | MetaMask users |

Supported Wallets

Any wallet that supports WalletConnect v2:

• - MetaMask Mobile
• Rainbow
• Trust Wallet
• Coinbase Wallet
• Ledger Live
• And 500+ more...

Troubleshooting

"No active session"

Run connect first to create a session.

"User rejected request"

User declined in their wallet. Ask if they want to retry.

"Session expired"

Sessions last 7 days by default. Reconnect to create a new session.

"Unsupported chain"

User's wallet doesn't support the requested chain. Ask them to switch networks.

Audit Log

All requests are logged (without sensitive data):

CODEBLOCK17

When to Use This vs walletconnect-agent

Use This Skill When	Use walletconnect-agent When
User must approve every tx	Fully automated trading
Maximum security required

You trust the agent completely | | One-time or occasional tx | 24/7 unattended operation | | User wants full control | User wants set-and-forget | | Agent runs in untrusted env | Agent runs in secure env |

When in doubt, use this skill. It's always safer.

---

License

MIT — Built with security as the #1 priority.

---

Maintainer: Web3 Investor Team
Registry: https://clawhub.com/skills/walletconnect-requester