From 0c3b6f756c5b5650f4bc55480d370818bae378d4 Mon Sep 17 00:00:00 2001 From: Brett Cleary <27568879+BrettCleary@users.noreply.github.com> Date: Mon, 9 Mar 2026 14:05:59 -0700 Subject: [PATCH 1/4] update coinfello skill --- coinfello/SKILL.md | 14 +++++++------- 1 file changed, 7 insertions(+), 7 deletions(-) diff --git a/coinfello/SKILL.md b/coinfello/SKILL.md index add1b8f..60e163d 100644 --- a/coinfello/SKILL.md +++ b/coinfello/SKILL.md @@ -35,7 +35,7 @@ The CLI is available via `npx @coinfello/agent-cli`. No manual build step is req This skill performs the following sensitive operations: -- **Private key generation and storage**: Running `create_account` generates a new private key and stores it **in plaintext** at `~/.clawdbot/skills/coinfello/config.json`. Protect this file accordingly. +- **Key generation and storage**: By default, `create_account` generates a hardware-backed P256 key in the **macOS Secure Enclave** (or TPM 2.0 where available). The private key never leaves the hardware and cannot be exported — only public key coordinates and a key tag are saved to `~/.clawdbot/skills/coinfello/config.json`. If hardware key support is not available, the CLI warns and falls back to a software private key. You can also explicitly opt into a plaintext software key by passing `--use-unsafe-private-key`, which stores a raw private key in the config file — **this is intended only for development and testing**. - **Session token storage**: Running `sign_in` stores a SIWE session token in the same config file. - **Delegation signing**: Running `send_prompt` may automatically create and sign blockchain delegations based on server-requested scopes, then submit them to the CoinFello API. @@ -44,7 +44,7 @@ Users should ensure they trust the CoinFello API endpoint configured via `COINFE ## Quick Start ```bash -# 1. Create a smart account on a chain (generates a new private key automatically) +# 1. Create a smart account on a chain (uses Secure Enclave by default) npx @coinfello/agent-cli create_account sepolia # 2. Sign in to CoinFello with your smart account (SIWE) @@ -61,15 +61,15 @@ npx @coinfello/agent-cli get_transaction_status ### create_account -Creates a MetaMask Hybrid smart account with an auto-generated private key and saves it to local config. +Creates a MetaMask Hybrid smart account. By default, the signing key is generated in the **macOS Secure Enclave** (hardware-backed, non-exportable). If Secure Enclave is unavailable, the CLI warns and falls back to a software key. Pass `--use-unsafe-private-key` to explicitly use a plaintext software key (development/testing only). ```bash -npx @coinfello/agent-cli create_account +npx @coinfello/agent-cli create_account [--use-unsafe-private-key] ``` - `` — A viem chain name: `sepolia`, `mainnet`, `polygon`, `arbitrum`, `optimism`, `base`, etc. -- Generates a new private key automatically -- Saves `private_key`, `smart_account_address`, and `chain` to `~/.clawdbot/skills/coinfello/config.json` +- **Default (Secure Enclave)**: Generates a P256 key in hardware; saves `key_tag`, `public_key_x`, `public_key_y`, `key_id`, `smart_account_address`, and `chain` to `~/.clawdbot/skills/coinfello/config.json`. The private key never leaves the Secure Enclave. +- **`--use-unsafe-private-key`**: Generates a random secp256k1 private key and stores it **in plaintext** in the config file. Use only for development and testing. - Must be run before `send_prompt` ### get_account @@ -142,7 +142,7 @@ npx @coinfello/agent-cli get_transaction_status ### Basic: Send a Prompt (Server-Driven Delegation) ```bash -# Create account if not already done +# Create account if not already done (uses Secure Enclave by default) npx @coinfello/agent-cli create_account sepolia # Sign in (required for delegation flows) From ef20d840970bb4b8d9563a27bc93ccd0ee161739 Mon Sep 17 00:00:00 2001 From: Brett Cleary <27568879+BrettCleary@users.noreply.github.com> Date: Mon, 9 Mar 2026 14:06:22 -0700 Subject: [PATCH 2/4] update 0.1.6 --- package.json | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/package.json b/package.json index 5655d51..9eecfb4 100644 --- a/package.json +++ b/package.json @@ -1,6 +1,6 @@ { "name": "@coinfello/agent-cli", - "version": "0.1.5", + "version": "0.1.6", "description": "", "type": "module", "main": "dist/index.js", From 4cdb1b003464cf0ed7f26349609e2d88894e43f8 Mon Sep 17 00:00:00 2001 From: Brett Cleary <27568879+BrettCleary@users.noreply.github.com> Date: Mon, 9 Mar 2026 14:12:21 -0700 Subject: [PATCH 3/4] add gas cost esimate to skill file --- coinfello/SKILL.md | 10 ++++++++++ 1 file changed, 10 insertions(+) diff --git a/coinfello/SKILL.md b/coinfello/SKILL.md index 60e163d..f7a11fb 100644 --- a/coinfello/SKILL.md +++ b/coinfello/SKILL.md @@ -163,6 +163,16 @@ Some prompts don't require a transaction. The CLI detects this automatically and npx @coinfello/agent-cli send_prompt "what is the chain ID for Base?" ``` +## Gas Cost Estimates + +Actual on-chain gas costs vary by network. Do **not** assume mainnet Ethereum gas prices for L2 chains. + +| Network | Swap / Transfer Gas Cost | +| -------- | ------------------------ | +| Base | $0.0003 – $0.0006 | + +These are approximate ranges under normal network conditions. L2s like Base are significantly cheaper than Ethereum mainnet. + ## Edge Cases - **No smart account**: Run `create_account` before `send_prompt`. The CLI checks for a saved private key and address in config. From cd40cd546b2fb4e30da4313d4fc7833f9f0a551b Mon Sep 17 00:00:00 2001 From: Brett Cleary <27568879+BrettCleary@users.noreply.github.com> Date: Mon, 9 Mar 2026 14:13:13 -0700 Subject: [PATCH 4/4] pretty --- coinfello/SKILL.md | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/coinfello/SKILL.md b/coinfello/SKILL.md index f7a11fb..a4dc2e3 100644 --- a/coinfello/SKILL.md +++ b/coinfello/SKILL.md @@ -167,9 +167,9 @@ npx @coinfello/agent-cli send_prompt "what is the chain ID for Base?" Actual on-chain gas costs vary by network. Do **not** assume mainnet Ethereum gas prices for L2 chains. -| Network | Swap / Transfer Gas Cost | -| -------- | ------------------------ | -| Base | $0.0003 – $0.0006 | +| Network | Swap / Transfer Gas Cost | +| ------- | ------------------------ | +| Base | $0.0003 – $0.0006 | These are approximate ranges under normal network conditions. L2s like Base are significantly cheaper than Ethereum mainnet.