npm package discovery and stats viewer.

Discover Tips

  • General search

    [free text search, go nuts!]

  • Package details

    pkg:[package-name]

  • User packages

    @[username]

Sponsor

Optimize Toolset

I’ve always been into building performant and accessible sites, but lately I’ve been taking it extremely seriously. So much so that I’ve been building a tool to help me optimize and monitor the sites that I build to make sure that I’m making an attempt to offer the best experience to those who visit them. If you’re into performant, accessible and SEO friendly sites, you might like it too! You can check it out at Optimize Toolset.

About

Hi, 👋, I’m Ryan Hefner  and I built this site for me, and you! The goal of this site was to provide an easy way for me to check the stats on my npm packages, both for prioritizing issues and updates, and to give me a little kick in the pants to keep up on stuff.

As I was building it, I realized that I was actually using the tool to build the tool, and figured I might as well put this out there and hopefully others will find it to be a fast and useful way to search and browse npm packages as I have.

If you’re interested in other things I’m working on, follow me on Twitter or check out the open source projects I’ve been publishing on GitHub.

I am also working on a Twitter bot for this site to tweet the most popular, newest, random packages from npm. Please follow that account now and it will start sending out packages soon–ish.

Open Software & Tools

This site wouldn’t be possible without the immense generosity and tireless efforts from the people who make contributions to the world and share their work via open source initiatives. Thank you 🙏

© 2026 – Pkg Stats / Ryan Hefner

@1claw/agentkit

v0.1.1

Published

Secure AgentKit wallet for autonomous AI agents on Base — TEE-backed signing, programmatic guardrails, and zero secrets on disk via 1Claw

Vulnerabilities

Powered byPowered by Snyk
  • 0High
  • 0Medium
  • 0Low

Links

Git

Maintainers

oneclawoneclaw

Keywords

basemcpsecurity1clawsecretswalletagentaicoinbaseagentkit

Readme

@1claw/agentkit

Secure AgentKit wallet for autonomous AI agents on Base.

A hardened MCP server built on Coinbase AgentKit that lets autonomous agents operate on Base with TEE-backed signing, programmatic guardrails, and zero secrets on disk.

Your agent gets the full onchain toolkit. 1Claw makes sure it never actually holds the keys.

Which Should I Use?

| | mcp.base.org | @1claw/agentkit | |--|--|--| | Use case | Interactive (human in the loop) | Autonomous (no human per-tx) | | Signing | OAuth via Base Account, you approve each tx | TEE-backed Intents API, guardrails approve | | Setup | Connect remote MCP, sign in once | One agent key, programmatic config | | Keys | None needed (Base Account manages them) | Stored in 1Claw Vault (HSM + MPC) | | Best for | Claude Desktop, ChatGPT, Cursor chat | Cron jobs, multi-agent systems, background workers, trading bots | | Limits | Human reviews every action | Programmable: per-tx caps, daily limits, address allowlists |

TL;DR: If a human approves every transaction, use mcp.base.org. If your agent runs unattended, use this.

The Problem

AgentKit gives agents powerful onchain tools — transfers, contract calls, DeFi interactions. But running AgentKit autonomously means storing seed phrases or API keys somewhere, and trusting the agent (or whatever prompts it) not to drain the wallet.

Without guardrails:

  • A prompt injection through a poisoned input can trigger unlimited transfers
  • Seed phrases sit in .env files or config JSON in plaintext
  • No per-transaction or daily spend limits
  • No audit trail of what the agent did or why
  • No way to instantly revoke access

The Solution

Agent ─► Shroud TEE ─► LLM ─► 1claw-agentkit (AgentKit + Vault) ─► Intents API ─► Base

| Surface | What it does | How | |---------|-------------|-----| | Vault | Eliminates secrets on disk | Credentials resolved from HSM-encrypted vault at boot. Never touch disk. MPC optional. | | Intents API | Replaces local signing | All signing happens in a TEE with per-agent guardrails enforced server-side. | | Shroud | Blocks prompt injection | 11-layer inspection pipeline scores and blocks attacks before the model acts. | | Policy Engine | Fine-grained access | Agents only see secrets they're explicitly granted by a human. |

Quick Start

Option A: One-Command Setup (Recommended)

git clone https://github.com/1clawAI/1claw-agentkit.git
cd 1claw-agentkit
npm install
npm run setup

The setup wizard asks for your 1Claw human API key (1ck_...) and automatically creates:

  • A vault for your agent's secrets
  • An agent with Intents API + Shroud + Base guardrails
  • A signing key on Base chain
  • An access policy granting the agent read on agentkit/*

It outputs a ready-to-paste MCP config with both 1claw-agentkit and the 1claw MCP server paired together.

Get your API key at 1claw.xyz → Settings → API Keys

Option B: Manual Setup

1. Install

npm install @1claw/agentkit

2. Store your secrets in 1Claw

npm install -g @1claw/cli
1claw login
1claw vault create --name "base-agent-keys"
1claw secret put agentkit/seed-phrase --value "your seed phrase"
1claw secret put agentkit/coinbase-api-private-key --value "-----BEGIN EC..."
1claw secret put agentkit/alchemy-api-key --value "your_key"

3. Create a secured agent

npx @1claw/cli agent create \
  --name "my-base-agent" \
  --intents-api \
  --shroud \
  --tx-allowed-chains "base" \
  --tx-max-value "0.1" \
  --tx-daily-limit "1.0"

4. Update your MCP config

The setup script outputs this for you, but here's the config manually. Both MCPs share the same agent key — they compose into one unified toolset:

{
  "mcpServers": {
    "1claw-agentkit": {
      "command": "npx",
      "args": ["@1claw/agentkit"],
      "env": {
        "ONECLAW_AGENT_API_KEY": "ocv_your_key_here"
      }
    },
    "1claw": {
      "command": "npx",
      "args": ["@1claw/mcp"],
      "env": {
        "ONECLAW_AGENT_API_KEY": "ocv_your_key_here"
      }
    }
  }
}

That's it. One env var. Zero secrets on disk. Two MCPs, one agent.

Why Both MCPs?

The 1claw-agentkit and 1claw MCP servers use the same agent credentials and complement each other:

| MCP Server | What it provides | |-----------|-----------------| | 1claw-agentkit | All AgentKit onchain tools (transfers, contract calls, ERC-20, Morpho, NFTs, Farcaster) — but TEE-signed and guardrail-enforced | | 1claw | 27+ vault management tools (put_secret, get_secret, rotate_and_store, simulate_transaction, sign_message, sign_typed_data, grant_access, share_secret, platform tools, etc.) |

Together they enable flows like:

  • "Store my new Alchemy key in the vault, then check my Base wallet balance" — uses both MCPs in one conversation
  • "Rotate my Coinbase API key and update it in the vault" — 1claw MCP handles the rotation
  • "Simulate this Morpho deposit, then execute it if profitable" — simulate via 1claw, execute via 1claw-agentkit
  • "Share read access to my neynar key with my teammate's agent" — 1claw MCP handles sharing

How It Works

Boot sequence

  1. MCP server starts
  2. Authenticates to 1Claw with a short-lived JWT (from the ocv_ API key)
  3. Resolves SEED_PHRASE, COINBASE_API_PRIVATE_KEY, ALCHEMY_API_KEY, etc. from the vault
  4. Injects credentials into process memory (never written to disk)
  5. Starts the AgentKit MCP server with the Intents wallet provider active

Transaction flow

  1. LLM emits a tool call (transfer, swap, contract interaction)
  2. Shroud inspects the request (injection scoring, PII detection, exfil blocking)
  3. OneclawIntentsWalletProvider converts it to an Intents API call
  4. Server-side guardrails enforce: chain allowlist, address allowlist, value cap, daily limit
  5. Tenderly simulation runs (optional, default: on)
  6. Transaction is signed in the TEE and broadcast to Base
  7. Full audit trail recorded with hash-chain integrity

What the agent CAN'T do (even if prompt-injected)

  • Transfer to unlisted addresses (blocked by tx_to_allowlist)
  • Exceed daily spend (blocked by tx_daily_limit_eth)
  • Move to another chain (blocked by tx_allowed_chains)
  • Read the seed phrase (blocked by Intents API private key gating)
  • Replay a transaction (blocked by idempotency keys)

Configuration

Environment Variables

| Variable | Required | Description | |----------|----------|-------------| | ONECLAW_AGENT_API_KEY | Yes | Agent API key (ocv_ prefix) | | ONECLAW_AGENT_ID | No | Explicit agent ID (auto-resolved from key if omitted) | | ONECLAW_API_URL | No | API URL (default: https://api.1claw.xyz) | | ONECLAW_VAULT_ID | No | Explicit vault ID (auto-resolved if omitted) | | ONECLAW_SECRET_PREFIX | No | Vault path prefix (default: agentkit/) | | ONECLAW_CHAIN_ID | No | Chain ID — 84532 for Base Sepolia (default: 8453 Base mainnet) |

Vault Secret Paths

Store secrets under agentkit/ (configurable via ONECLAW_SECRET_PREFIX):

agentkit/seed-phrase
agentkit/coinbase-api-key-name
agentkit/coinbase-api-private-key
agentkit/alchemy-api-key
agentkit/openrouter-api-key
agentkit/neynar-api-key

Use as a Library

import {
  bootstrapSecrets,
  OneclawIntentsWalletProvider,
  createBaseMainnetProvider,
} from "@1claw/agentkit";

// Resolve secrets from vault
const secrets = await bootstrapSecrets({
  agentApiKey: "ocv_...",
});

// Create a wallet provider backed by Intents API
const wallet = createBaseMainnetProvider({
  agentApiKey: "ocv_...",
  agentId: "your-agent-id",
});

// Send a transaction (TEE-signed, guardrail-enforced)
const result = await wallet.sendTransaction({
  to: "0xRecipient",
  value: "0.001", // ETH
});

console.log(`TX: ${result.txHash} (${result.status})`);

// Sign a message (EIP-191, key never leaves TEE)
const sig = await wallet.signMessage("Hello from my agent");
console.log(`Signature: ${sig.signature}`);

// Sign without broadcasting (agent submits to its own RPC)
const signedTx = await wallet.signTransaction({
  to: "0xContract",
  value: "0",
  data: "0xabcdef...",
});

Examples

Docs

Security Comparison

| Threat Vector | Unguarded AgentKit | @1claw/agentkit | |--------------|----------|-----------------| | Seed phrase on disk | .env / config JSON | Never touches disk (Vault + MPC) | | Prompt injection → drain | Unguarded | Shroud blocks + guardrails cap | | Unlimited transfers | No limits | Per-tx and daily caps | | Cross-chain pivot | Possible | tx_allowed_chains enforced | | Replay attacks | No protection | Idempotency keys | | Credential exfil via tool result | Possible | Shroud redaction + output policy | | Audit trail | None | Hash-chained, tamper-evident | | Access revocation | Delete files | Instant (policy delete / JWT revoke) | | Key rotation | Manual seed replacement | One CLI command |

Relationship to mcp.base.org

The new Base MCP at mcp.base.org is a hosted remote server designed for interactive use. It uses OAuth and Base Account wallets — a human approves every transaction. It's the right choice for conversational use in Claude, ChatGPT, or Cursor.

This package serves a different need: agents that run autonomously without human-in-the-loop approval. Think trading bots, automated treasury management, multi-agent workflows, CI/CD pipelines. The guardrails are programmatic (value caps, allowlists, daily limits, simulation) rather than requiring a human to click "approve" each time.

They are alternatives, not companions — both expose the same AgentKit tools (transfers, Morpho, NFTs, Farcaster) but with different trust models. Pick one based on whether a human is present to approve actions.

x402 Integration

This package works with 1Claw's x402 micropayment system. The agent pays per-request in USDC on Base via the Coinbase CDP facilitator. The whole loop is circular and on-chain:

Agent uses AgentKit to act onchain
  → pays 1Claw per-request in USDC on Base
  → signs via Intents API on Base
  → everything is on Base

Contributing

PRs welcome. See CONTRIBUTING.md for guidelines.

License

MIT — see LICENSE.

Built by 1Claw — AI Agent Secrets Management.