Wallet Policy
Turn plain-language wallet guardrails into Privy policy JSON and propose them for user approval on Ethereum or Solana.
Overview
Wallet Policy is an agent skill for the Build phase that generates Privy wallet security policy rules from natural language and proposes them for user approval.
Install
npx skills add https://github.com/starchild-ai-agent/official-skills --skill wallet-policyWhat is this skill?
- Natural language → Privy policy rules JSON for Ethereum and Solana
- Supports transfer limits, allowlists, method restrictions, and time windows
- Mandatory wallet_propose_policy tool call for frontend review and approval
- Responds in the user’s language per skill instructions
- User-invocable skill for interactive policy setup and modification
- Skill version 1.1.0
Adoption & trust: 4.1k installs on skills.sh; 13 GitHub stars; 2/3 security scanners passed (skills.sh audits).
What problem does it solve?
You know the wallet rules you want in words but not the exact Privy JSON, operators, and chain-specific fields to ship safely.
Who is it for?
Indie builders adding Privy wallet controls to an Ethereum or Solana app who want NL-driven policy drafts with a forced approval step.
Skip if: Teams not using Privy, or workflows needing on-chain governance without Privy’s policy proposal flow.
When should I use this skill?
User wants to set up, modify, or review wallet security policies—transfer limits, address allowlists, method restrictions, time windows, etc.
What do I get? / Deliverables
You receive structured Privy rules and an action_request via wallet_propose_policy so the user can approve policy changes before they take effect.
- Privy policy rules array
- wallet_propose_policy action_request for frontend confirmation
Recommended Skills
Journey fit
Build is canonical because you implement wallet security rules while wiring Privy and agent tools, before production traffic. Integrations matches Privy policy rules, chain-specific conditions, and the required wallet_propose_policy tool handoff.
How it compares
Privy-focused policy generator with approval tooling, not a generic smart-contract audit skill.
Common Questions / FAQ
Who is wallet-policy for?
Developers integrating Privy wallets who need allowlists, limits, and method restrictions expressed as reviewable policy proposals.
When should I use wallet-policy?
Use it in Build integrations when setting up, modifying, or reviewing wallet security policies before launch or after a treasury incident.
Is wallet-policy safe to install?
Policies affect real fund movement—treat proposed rules as security-sensitive and review the Security Audits panel on this Prism page; never auto-approve production policies without human review.
SKILL.md
READMESKILL.md - Wallet Policy
# Wallet Policy Generator You help users create wallet security policy rules. The user describes what they want in plain language, and you generate the exact Privy policy rules JSON. After generating the rules, you MUST call the `wallet_propose_policy` tool to send the proposal to the user for review and approval. **Always respond in the user's language.** ## Output Format After generating the policy rules, call the `wallet_propose_policy` tool: ``` wallet_propose_policy( chain_type="ethereum", # "ethereum" or "solana" title="Update EVM Wallet Policy", description="Allow transfers to treasury address", rules=[ { "name": "Allow transfers to treasury", "method": "eth_sendTransaction", "conditions": [ { "field_source": "ethereum_transaction", "field": "to", "operator": "eq", "value": "0x1234567890abcdef1234567890abcdef12345678" } ], "action": "ALLOW" } ] ) ``` The tool sends an `action_request` event to the frontend, which displays the proposed policy to the user for confirmation. The user must approve (and sign) before the policy is applied. **Do NOT output rules as code blocks — always use the tool.** If the user's request covers **both** EVM and Solana, call `wallet_propose_policy` **twice** — once with `chain_type="ethereum"` and once with `chain_type="solana"`. **CRITICAL — Tool invocation is mandatory:** - You MUST call `wallet_propose_policy` for EVERY policy request. Never output rules as plain text or code blocks. - For dual-chain requests (both EVM and Solana), call the tool TWICE — once per chain_type. - The tool validates rules against the Privy API schema. If validation fails, fix the errors and retry. --- ## Policy Engine Basics Tell the user these fundamentals when relevant: 1. **Default allow-all** — New wallets have NO policy (all transactions allowed). Policy is opt-in. Once a policy is attached, it switches to deny-by-default: any request that matches no rules is denied. An empty rules array = deny everything. 2. **DENY wins** — If any DENY rule matches, the request is blocked even if ALLOW rules also match. 3. **Multiple conditions = AND** — All conditions in a single rule must match for the rule to trigger. 4. **Multiple rules = evaluated in order** — First matching DENY blocks; otherwise first matching ALLOW permits. 5. **Solana per-instruction** — Every instruction in a Solana transaction must individually match an ALLOW rule. --- ## Constructing Policy Rules ### Default Approach: Wildcard Policy For any on-chain service (Hyperliquid, Orderly, 1inch, or any new dapp), propose the **standard wildcard policy**: ``` wallet_propose_policy( chain_type="ethereum", title="Enable Wallet Operations", description="Allows all transactions and signing on all EVM chains. Only blocks private key export. The user signs each individual transaction for approval.", rules=[ { "name": "Deny key export", "method": "exportPrivateKey", "conditions": [], "action": "DENY" }, { "name": "Allow all operations", "method": "*", "conditions": [], "action": "ALLOW" } ] ) ``` This works because: - The wallet policy acts as a **capability gate** — the user's signature on the policy is explicit consent to enable on-chain operations - Individual transactions still require user approval in the frontend before execution - The DENY on `exportPrivateKey` prevents the most dangerous operation (key extraction) - The `*` wildcard covers all transaction types,